www.MegaLab.it

da **nerchiola** » lun apr 01, 2013 4:51 pm

Buonasera,
Sono nuovo del forum e mi sono iscritto per scrivermi del mio problema ed eventualmente (difficile!) risolverlo... Da circa 4 giorni il mio pc ha subito un attacco e milliaia di file (principalmente jpg ma anche doc e excel) sono stati criptati e ora si chiamano "esempio.jpg.html" (chiaro che al posto di "esempio" c'è il nome del file). Non si tratta di uno sdoppiamento file, ma di una sostituzione vera e propria. Prendendo un file che avevo salvato su altro pc e confrontandolo con quello che adesso è stato modificato, la differenza è di pochi Kb. Ho ovviamente provato a rinominare i file togliendo l'estensione html ma niente da fare. Con Kaspersky ho fatto una verifica, sembra avermi ripulito da virus ma il problema rimane. Aggiungo che, i primi giorni, cercando di aprire uno dei suddetti file con Internet explorer (ma anche Mozilla o Chrome) mi si apriva una pagina in cui mi si chiedeva una cifra di 100 euro per risolvere il problema. Da un paio di giorni quella pagina web non si apre più (penso che qualcuno gli abbia mandato i soldi e abbiano preferito chiudere la pagina). Ho visto che di questi trojan, in passato, ce ne sono stati tanti... Non so più dove sbattere la testa... Ho provato col software di Drweb (quella stringa -k 85) ma non riesce a decriptare niente di niente... Aiutatemi! Sandro.

da **crazy.cat** » lun apr 01, 2013 5:37 pm

le stringhe variano sempre, a seconda della criptazione, ti consiglierei di spedire uno dei file criptati a drweb http://www.MegaLab.it/8276/3/come-rimuo ... i-criptati perché ti scoprano la giusta chiave per decriptarli.

da **nerchiola** » mar apr 02, 2013 11:10 am

AIuto... Drweb mi risponde rapidamente ma mi viene chiesto di specificare un trojan... Che devo fare??? Gli ho mandato un print screen del report di Kaspersky, ma mi rispondono che quello non è un trojan...

da **hashcat** » mar apr 02, 2013 12:04 pm

Posta il messaggio per esteso di Dr.Web.

da **nerchiola** » mar apr 02, 2013 12:36 pm

Mi scuso se sarò noioso ma riporto pari pari la mia chiacchierata con Drweb...

Io ho mandato un file criptato tramite il loro sito e la prima risposta è stata:

DRWEB: I need a trojan, which encrypted your files.

IO: Hi, I send you a word file with my last scan with Karspersky. I hope it's ok for your search.
(ho inviato un print screen del report di Kaspersky, dove c'è la lista dei trojan rilevati).

DRWEB: It's not OK because it's not a trojan.

IO: I don't know how can I help you! Please give me more informations about your request

DRWEB: I need a trojan, which encrypted your files. If you don't know where it
is I
can't help you because I don't know too.

IO: I read many
HEUR.exploited.java.CVE-2013
and
HEUR.exploited.java.CVE-2012
Karspersky say me that those are trojan programs.

DRWEB: These exploits, if they are explits, wasn't able to decrypt data.

Aiuto....

da **hashcat** » mar apr 02, 2013 3:28 pm

I ricercatori di Dr.Web ti dicono che non gli basta avere il nome della minaccia ma gli serve il file fisico (malware) che ha cifrato i tuo file, per cercare di individuarlo, posta un log di OTL:

Istruzioni di OTL:

Scarica OTL da qui
Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
Rinomina OTL con un nome fantasioso
Avviare OTL mediante doppio click
Quando apparirà la schermata di OTL regolare le impostazioni come segue:
Cliccare su Run Scan per avviare la scansione
Non utilizzare il computer durante l'esecuzione di OTL
Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
Salva il log OTL come OTL.txt sul Desktop ed includilo nel tuo prossimo messaggio
Salva il log Extra come Extra.txt sul Desktop ed includilo nel tuo prossimo messaggio
Se i log dovessero eccedere il numero massimo di caratteri consentiti per messaggio caricali su Ubuntu Pastebin

da **nerchiola** » mar apr 02, 2013 4:21 pm

Ok Ushcat, ho fatto come mi hai suggerito... Poco fa ho inviato i due file txt a Dr Web, vediamo cosa mi rispondono (quando mi dicevi di inserire i file nel prossimo messaggio, parlavi della conversazione tra me e Dr web, non in questo forum, giusto?)

da **hashcat** » mar apr 02, 2013 4:53 pm

Intendevo nel tuo prossimo messaggio su questo forum; ciò non rappresenta comunque un problema (i due log potrebbero tornare utili anche a loro), postali anche qui.

[Grazie]

da **nerchiola** » mar apr 02, 2013 6:38 pm

Come faccio a inserire gli allegati???

da **hashcat** » mar apr 02, 2013 7:14 pm

Non é necessario allegarli, basta incollarli nel messaggio (utilizzando il TAG MEMO).

[^]

da **nerchiola** » mar apr 02, 2013 9:42 pm

OTL logfile created on: 02/04/2013 17:09:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nerchiola\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 3,86 Gb Available Physical Memory | 64,40% Memory free
12,00 Gb Paging File | 9,51 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,45 Gb Total Space | 132,22 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 342,09 Gb Total Space | 341,86 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive F: | 21,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NERCHIOLA-PC | User Name: Nerchiola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 17:01:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\Sandro.exe
PRC - [2013/03/06 23:20:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
PRC - [2013/01/15 23:10:06 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/17 22:38:34 | 000,200,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtbws.exe
PRC - [2012/08/17 22:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2010/07/05 11:55:30 | 007,697,816 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\UIMain.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2008/12/08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/29 15:28:32 | 000,170,840 | ---- | M] () -- C:\Programmi\Web Assistant\Extension32.dll
MOD - [2012/08/17 22:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010/07/05 11:55:30 | 007,697,816 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\UIMain.exe
MOD - [2010/07/05 11:55:16 | 001,034,664 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\DLL_NETCARD_R.DLL
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/11 16:52:28 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\WAITINGFORM.DLL

========== Services (SafeList) ==========

SRV - [2013/03/06 23:20:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/02/04 01:01:14 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2013/01/25 18:04:46 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Nerchiola\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (LiveUpSC)
SRV - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/07/21 12:24:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/26 08:24:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008/12/08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 23:20:48 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/03/06 23:20:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/03/06 23:20:46 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/03/06 23:20:46 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/13 17:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/21 12:26:27 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 12:26:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 15:09:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/13 14:54:18 | 000,080,384 | ---- | M] (ONDA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\onda_mx83xup_dc_enum.sys -- (onda_mx83xup_dc_enum)
DRV:64bit: - [2010/05/13 14:54:18 | 000,080,384 | ---- | M] (ONDA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\onda_mx83xup_cdc_acm.sys -- (onda_mx83xup_cdc_acm)
DRV:64bit: - [2010/05/13 14:54:18 | 000,013,824 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_mx83xup_cpo.sys -- (onda_mx83xup_cpo)
DRV:64bit: - [2010/02/26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849853

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_it
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849853
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEywz5N7&i=26
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: " http://search.findeer.com"
FF - prefs.js..extensions.enabledItems: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}:3.2.5.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}:2.0.0.573
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/03/21 20:18:15 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/03/21 20:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/03/21 20:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/03/21 20:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/03/29 17:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/03/29 17:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/03/29 17:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/03/29 17:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/03/29 17:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 23:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/24 17:37:03 | 000,000,000 | ---D | M]

[2009/11/12 16:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Extensions
[2009/11/12 16:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/03/30 13:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Firefox\Profiles\c2qa81pg.default\extensions
[2010/12/10 00:20:14 | 000,000,000 | ---D | M] (BittorrentBar_IT Community Toolbar) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Firefox\Profiles\c2qa81pg.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
[2010/12/21 15:15:30 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Firefox\Profiles\c2qa81pg.default\extensions\DTToolbar@toolbarnet.com
[2010/12/10 00:20:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Firefox\Profiles\c2qa81pg.default\extensions\engine@conduit.com
[2012/06/10 22:02:53 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nerchiola\AppData\Roaming\mozilla\Firefox\Profiles\c2qa81pg.default\extensions\ffxtlbr@incredibar.com
[2010/12/10 00:20:16 | 000,000,935 | ---- | M] () -- C:\Users\Nerchiola\AppData\Roaming\mozilla\firefox\profiles\c2qa81pg.default\searchplugins\conduit.xml
[2010/12/21 15:15:27 | 000,002,059 | ---- | M] () -- C:\Users\Nerchiola\AppData\Roaming\mozilla\firefox\profiles\c2qa81pg.default\searchplugins\daemon-search.xml
[2012/06/10 22:02:43 | 000,002,203 | ---- | M] () -- C:\Users\Nerchiola\AppData\Roaming\mozilla\firefox\profiles\c2qa81pg.default\searchplugins\MyStart Search.xml
[2012/06/07 23:55:05 | 000,001,210 | ---- | M] () -- C:\Users\Nerchiola\AppData\Roaming\mozilla\firefox\profiles\c2qa81pg.default\searchplugins\search.xml
[2013/03/30 13:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/05/03 21:56:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/08 17:01:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 12:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 21:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/04 11:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/06/26 22:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/08 22:40:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/18 12:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/18 11:50:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/03/21 20:18:15 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2010/05/03 21:56:04 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2010/05/03 21:56:04 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2010/05/03 21:56:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2013/02/15 20:58:12 | 000,106,088 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/12/20 23:10:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/12/20 23:10:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/12/20 23:10:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/12/20 23:10:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/12/20 23:10:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/12/20 23:10:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/12/20 23:10:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/11/03 04:26:39 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/11/03 04:26:39 | 000,001,412 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\demauro.xml
[2009/11/03 04:26:39 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2009/11/03 04:26:39 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/11/03 04:26:39 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/11/03 04:26:39 | 000,000,649 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6OyEywz5N7&i=26
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00C2\u2122 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Ricerca Google = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Controllo URL Kaspersky = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Web Assistant = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\
CHR - Extension: Safe Money = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Blocco contenuto = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Tastiera Virtuale = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Gmail = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

da **nerchiola** » mar apr 02, 2013 9:43 pm

,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\Web Assistant\Extension32.dll ()
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Guida per l'accesso a Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programmi\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000..\Run: [PDrotect] C:\Program Files (x86)\DProtect 2013©\DProtect 2013\DProtect.exe (DProtect 2013©)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe File not found
O9 - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} http://ww2.photocity.it/WebResource.axd ... 1880000000 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/16 19:49:38 | 000,000,034 | R--- | M] () - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/03/17 18:26:53 | 000,000,117 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/04/02 17:01:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\Sandro.exe
[2013/03/30 14:04:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/30 14:03:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/29 19:34:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/29 19:34:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/29 18:55:18 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Nerchiola\Desktop\ComboFix.exe
[2013/03/29 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Malwarebytes
[2013/03/29 18:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/29 18:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/29 18:43:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/29 18:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\SoftwareUpdater
[2013/03/29 18:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPcCleaner
[2013/03/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPcCleaner
[2013/03/29 17:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/03/29 17:35:13 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/03/29 17:34:22 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/03/29 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/03/29 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/03/29 17:34:08 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/03/29 17:34:08 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/03/29 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\Avg2013
[2013/03/29 17:19:27 | 000,269,080 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Nerchiola\Desktop\te94decrypt.exe
[2013/03/28 19:05:35 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DProtect 2013 1.26.0.1
[2013/03/28 19:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DProtect 2013©
[2013/03/28 18:42:46 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\TuneUp Software
[2013/03/28 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\MFAData
[2013/03/28 18:26:08 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Doctor Web
[2013/03/28 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\IrfanView
[2013/03/28 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Anvisoft
[2013/03/28 17:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/28 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/28 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\GetRightToGo
[2013/03/28 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\VS Revo Group
[2013/03/28 17:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/28 17:16:18 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\Programs
[2013/03/28 17:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/27 00:38:00 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\NeoSmart Technologies
[2013/03/21 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Desktop\Mai dire Gol[96-97]
[2013/03/17 19:58:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013/03/17 11:30:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/17 11:30:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/13 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Desktop\Valencia
[2013/03/13 20:38:45 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 20:38:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 20:38:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 20:38:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 20:38:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 20:38:41 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 20:38:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/06 23:20:46 | 000,054,104 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/03/06 23:20:46 | 000,029,528 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013/03/06 23:20:46 | 000,029,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013/02/28 23:01:55 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\AlawarEntertainment
[2013/02/18 11:50:15 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013/02/18 11:50:15 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/02/18 11:50:15 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013/02/13 19:40:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 19:40:53 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 19:40:52 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 19:40:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 19:40:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 19:40:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 19:40:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 19:40:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 19:40:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 19:39:52 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/07 20:26:56 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\{FE27E195-6326-4B58-ABB5-AC6575F81EEC}
[2013/02/07 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\{CA42F92F-4668-49BA-B015-F1ED5A2D5CAC}
[2013/02/04 01:09:35 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\NVIDIA
[2013/02/04 01:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/02/04 00:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013/02/04 00:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2009/08/15 10:09:28 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 60 Days ==========

[2013/04/02 17:01:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\Sandro.exe
[2013/04/02 17:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/04/02 16:14:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 12:00:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 12:00:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 12:00:12 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/02 12:00:12 | 000,698,554 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/04/02 12:00:12 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/02 12:00:12 | 000,127,780 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/04/02 12:00:12 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 11:53:18 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 11:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 11:53:07 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/30 14:04:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/30 13:32:45 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Nerchiola\Desktop\ComboFix.exe
[2013/03/29 20:07:07 | 114,445,912 | ---- | M] () -- C:\Users\Nerchiola\Desktop\cureit.exe
[2013/03/29 19:54:43 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/29 18:43:05 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/29 17:19:29 | 000,269,080 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Nerchiola\Desktop\te94decrypt.exe
[2013/03/28 11:56:52 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/03/27 01:03:22 | 006,115,242 | ---- | M] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG.html
[2013/03/06 23:20:48 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/03/06 23:20:46 | 000,064,856 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/03/06 23:20:46 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/03/06 23:20:46 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013/03/06 23:20:46 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013/03/04 11:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013/03/04 10:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/03/04 10:07:22 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013/03/04 10:07:22 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013/02/28 23:01:39 | 000,002,537 | ---- | M] () -- C:\Users\Nerchiola\Desktop\Lake House Children of Silence Collectors.lnk
[2013/02/28 15:57:18 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/28 15:57:09 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/28 15:57:09 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/28 15:57:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/28 15:37:20 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/28 15:37:08 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/28 15:37:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 12:25:14 | 000,524,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/02/12 06:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/02/04 01:00:41 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - Italiano.lnk

========== Files Created - No Company Name ==========

[2013/03/29 20:54:41 | 006,115,242 | ---- | C] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG.html
[2013/03/29 20:54:17 | 006,115,022 | ---- | C] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG
[2013/03/29 20:07:07 | 114,445,912 | ---- | C] () -- C:\Users\Nerchiola\Desktop\cureit.exe
[2013/03/29 19:34:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/29 19:34:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/29 19:34:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/29 19:34:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/29 19:34:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/29 18:43:05 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/29 18:39:57 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/02/28 23:01:39 | 000,002,537 | ---- | C] () -- C:\Users\Nerchiola\Desktop\Lake House Children of Silence Collectors.lnk
[2013/02/04 01:00:41 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2011 - Italiano.lnk
[2012/02/14 22:57:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/20 23:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Patch Names
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Drivers
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mallets
[2011/12/20 23:11:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/20 23:11:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/20 23:11:20 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Devices
[2011/12/20 23:11:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail
[2011/12/20 23:11:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/07/21 12:56:01 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{E12EFDEE-E69D-4B20-98DF-3B3F4C360B10}
[2011/07/20 13:21:58 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{9AD2035E-3D46-425B-942E-D76124407B93}
[2011/07/20 13:19:54 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{427DC1E0-C13B-4D05-BFE5-918B3138A7A1}
[2011/06/20 11:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{A687D062-7EB1-4068-A0F0-1BDDF07D07E2}
[2011/06/20 11:45:38 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{79D8E7F8-792F-44E3-B92F-FF73A1EB05D3}

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/28 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\AlawarEntertainment
[2012/04/30 11:45:51 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Amifude
[2013/03/28 18:16:45 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Anvisoft
[2013/02/04 01:09:47 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Autodesk
[2010/11/14 00:06:24 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\AVG10
[2013/03/28 12:25:02 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\BitTorrent
[2013/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\bwin-Piccadilly
[2009/12/02 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Capcom
[2010/12/21 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\DAEMON Tools Lite
[2012/11/11 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Friday's games
[2013/03/28 17:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\GetRightToGo
[2012/10/16 13:02:36 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\HdO Adventure
[2013/03/28 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\IrfanView
[2012/01/01 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\LucasArts
[2011/12/20 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Nikon
[2010/11/19 01:08:35 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Nokia
[2013/01/03 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Old Castle
[2009/11/12 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Opera
[2010/11/19 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\PC Suite
[2013/01/23 16:16:30 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Picturenaut
[2012/05/05 11:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Qio
[2011/11/27 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Registry Mechanic
[2011/11/11 16:20:27 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Rovio
[2011/11/10 01:57:18 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Sports Interactive
[2012/11/18 12:14:37 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\TOMI3
[2013/03/28 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\TuneUp Software
[2012/10/22 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\UseNeXT
[2010/10/30 23:55:49 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Windows Live Writer
[2012/11/05 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\YoudaGames

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:95079543
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

da **nerchiola** » mar apr 02, 2013 9:44 pm

OTL Extras logfile created on: 02/04/2013 17:09:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nerchiola\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 3,86 Gb Available Physical Memory | 64,40% Memory free
12,00 Gb Paging File | 9,51 Gb Available in Paging File | 79,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,45 Gb Total Space | 132,22 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive D: | 342,09 Gb Total Space | 341,86 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive F: | 21,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NERCHIOLA-PC | User Name: Nerchiola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CC322DC-AD78-4E96-9213-40B4B2B5BAD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4519B65B-C811-4B5A-A9DB-9E4585B2507B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F5F2E12-441E-4FD3-965D-6BE47C10D1BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E4F7CB80-4155-41E6-AF7E-B4CDF60D376B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FE805C74-A956-4E4B-8BEF-ABC341609EDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294B968-7AA8-4432-998D-77A96AFA8BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08115FEA-B795-4748-B5B7-3E7CAC99BAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010 demo\fm.exe |
"{0AC8DC33-0543-44A5-AA60-CDE59F36DE6D}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"{0E16BA90-EF90-4218-BC8D-DD8DA27DD253}" = protocol=6 | dir=in | app=c:\program files (x86)\halto\halto.exe |
"{19F63918-93DF-4CAF-B327-8CB3483122DA}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{204E6AD5-A48B-42D2-8C10-1B6ECAEAA02E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{20548650-3046-46CE-86EB-95748F20FC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4040C12A-AB27-406E-BB78-B0B2AD22107B}" = protocol=6 | dir=in | app=c:\users\nerchiola\appdata\roaming\bittorrent\bittorrent.exe |
"{4CB7EFD0-14A0-4E9B-B248-D4AE85AAF52B}" = protocol=17 | dir=in | app=c:\users\nerchiola\appdata\roaming\bittorrent\bittorrent.exe |
"{53666896-D109-4E58-971E-DCAD9882D43D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{566BADBC-7C78-45FD-9AF9-CE9A8C605517}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{59C1DE01-3E07-431E-8335-77814C878C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\motogp 08 demo\motogp 08\launcher.exe |
"{65A136D4-018A-448D-A372-E64ED5791512}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{763FD064-539E-41D6-B17C-2A3E00D0B3EA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{79489F02-4941-49DF-B822-6A8F82EDA1DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7F068429-5120-49D0-8ED8-C77B11FBB1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{80D03ECE-7039-4F61-ACAA-EA158864A71F}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{887EC3BE-7A51-4E08-BB1F-072AAD710EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{897126E8-77A5-49A7-882C-6B48BE1F7AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\motogp 08 demo\motogp 08\launcher.exe |
"{90A73702-13AD-4D1E-97ED-C23DE8DC80C0}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{915DE142-CF40-4F8B-8FB7-C7C76817FAB5}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{94E70677-D457-41BD-B858-9F73EFF029FA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{99E82B33-B227-4F45-B89E-12ABDE2CB168}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{9FD81AB1-CFC2-480A-A783-D59A78F6B115}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"{B61DD337-0996-4FDA-AAF3-3419ACAD1B7B}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010 demo\fm.exe |
"{B6C8F68E-B83E-4991-B7F6-2E7FA4A6169E}" = protocol=17 | dir=in | app=c:\program files (x86)\halto\halto.exe |
"{BB93E037-6EB8-4759-94F8-B9B32FDD958C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{BE099A54-BC04-4987-A91B-FAB650BC1C79}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C4687674-ADE2-40A8-A271-BC6911D5E03E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D34096B4-297D-4E35-8EC1-3EA969437745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D5490EDA-4D7D-4E14-ACAA-112A713751F5}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D8E6256A-2B1D-4C33-A429-DD0F7A7DA230}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E016C576-C0CB-4665-BBA8-7AD92D300EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E6202140-06EA-4A7F-8615-6676416B06AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E673DC62-206F-4F52-8474-2503B18C7A7C}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{EA3E70F3-AC72-441B-9C03-FB2377648470}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F2C68DF2-8570-48D7-AC04-50B5C9B0AEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8C2A91B-431F-4183-AEFF-2D74EAF0175B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{FC6280D7-0EC2-4AFA-ACF4-5D27F6599290}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{0B5D5359-2606-4BAB-9E92-23F3506BB7E9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{4BF68932-678F-4A68-86B6-28C306840546}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{716B2D02-F01B-497B-B281-BB99EDAD1B09}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{87F4EC56-50CF-49ED-88B0-6D61358A1BBE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B126A7F2-EFEC-442C-A341-EC20460162C7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B3148A7C-834E-4544-B393-DD91E3DA5C43}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{DB63B4D3-15D1-45BD-A2AB-C6BD60C2D37E}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=6 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |
"TCP Query User{F9C589EA-6B8F-4BFE-ADCB-C9BD6EEA7350}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{0EB45F41-5299-4D57-84A7-94DAE59485E0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{30D1169F-CE24-46D7-A517-A86C962F7F06}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{3C031FDA-7134-4FBF-AE0C-E602AC5D616A}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{8DE48BCD-834E-4F7A-AB7F-F0FF4CF0B698}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{B252C7B6-D3B9-4199-AAF3-57F5A16EE85D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{CC540565-B4C0-4C07-9326-46FCAC393D9A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F9630DC9-DE94-46F9-A004-7176480B30D1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{FAC45588-5382-4811-865A-FAAF7A955944}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=17 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3032E99D-56F8-4084-8273-FBFA2F608B4A}" = Studio per il miglioramento del prodotto HP Photosmart 5510 series
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5783F2D7-9001-0410-0102-0060B0CE6BBA}" = AutoCAD 2011 - Italiano
"{5783F2D7-9001-0410-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Italiano
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E2E84C76-2AAC-4DA4-A27B-AD96F79D0FE0}" = Software di base della periferica HP Photosmart 5510 series
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacchetto driver Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Pacchetto driver Windows - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AutoCAD 2011 - Italiano" = AutoCAD 2011 - Italiano
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WNLT" = IB Updater Service
"Zune" = Zune

da **nerchiola** » mar apr 02, 2013 9:44 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.3)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1" = Packard Bell GameZone Console
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT833UP
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9A3689DE-4FA6-4D5F-9524-2860229BD265}" = Default
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series ?
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{fd79ac04-05d2-49e2-a108-bcea3559374a}" = Nero 9 Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BitTorrent" = BitTorrent
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DProtect 2013 1.26.0.1" = DProtect 2013 1.26.0.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Halto_is1" = Halto 4.4.7
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Lake House Children of Silence Collectors Edition 1.00" = Lake House Children of Silence Collectors Edition 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"Metaboli" = Metaboli
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winga Casino" = Winga Casino

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/03/2013 14:23:37 | Computer Name = NERCHIOLA-PC | Source = Avira AntiVir | ID = 4122
Description =

Error - 30/03/2013 07:18:00 | Computer Name = NERCHIOLA-PC | Source = Avira AntiVir | ID = 4122
Description =

Error - 30/03/2013 07:36:24 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 30/03/2013 08:04:12 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 30/03/2013 10:29:29 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 30/03/2013 11:43:48 | Computer Name = Nerchiola-pc | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 30/03/2013 17:50:34 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 01/04/2013 11:28:28 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 02/04/2013 05:53:18 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 02/04/2013 08:13:46 | Computer Name = Nerchiola-pc | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

[ Media Center Events ]
Error - 17/01/2010 18:15:04 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:15:04 - Errore di connessione a Internet. 23:15:04 - Impossibile
contattare il server..

Error - 17/01/2010 18:15:12 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:15:09 - Errore di connessione a Internet. 23:15:09 - Impossibile
contattare il server..

Error - 20/01/2010 20:10:21 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:10:21 - Errore di connessione a Internet. 01:10:21 - Impossibile
contattare il server..

Error - 20/01/2010 20:10:30 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:10:26 - Errore di connessione a Internet. 01:10:26 - Impossibile
contattare il server..

Error - 27/01/2010 18:54:11 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:54:11 - Errore di connessione a Internet. 23:54:11 - Impossibile
contattare il server..

Error - 27/01/2010 18:54:43 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:54:40 - Errore di connessione a Internet. 23:54:40 - Impossibile
contattare il server..

Error - 27/01/2010 19:55:12 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 00:55:12 - Errore di connessione a Internet. 00:55:12 - Impossibile
contattare il server..

Error - 27/01/2010 19:55:42 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 00:55:41 - Errore di connessione a Internet. 00:55:41 - Impossibile
contattare il server..

Error - 29/01/2010 20:18:16 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:18:15 - Errore di connessione a Internet. 01:18:15 - Impossibile
contattare il server..

Error - 29/01/2010 20:18:24 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:18:21 - Errore di connessione a Internet. 01:18:21 - Impossibile
contattare il server..

[ System Events ]
Error - 29/03/2013 13:37:41 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
presenza in rete che non è stato avviato per il seguente errore: %%1068

Error - 29/03/2013 13:37:41 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
presenza in rete che non è stato avviato per il seguente errore: %%1068

Error - 29/03/2013 13:37:41 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
presenza in rete che non è stato avviato per il seguente errore: %%1068

Error - 29/03/2013 13:37:41 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
presenza in rete che non è stato avviato per il seguente errore: %%1068

Error - 29/03/2013 13:38:44 | Computer Name = Nerchiola-pc | Source = DCOM | ID = 10005
Description =

Error - 29/03/2013 13:44:09 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 29/03/2013 13:45:36 | Computer Name = Nerchiola-pc | Source = Application Popup | ID = 1060
Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa
di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software
per richiedere una versione compatibile del driver.

Error - 29/03/2013 13:46:27 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 30/03/2013 08:00:29 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 30/03/2013 08:03:28 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

< End of report >

da **hashcat** » mar apr 02, 2013 9:45 pm

Ottimo, domani gli darò un'occhiata e ti farò sapere.

[;)]

da **nerchiola** » mar apr 02, 2013 9:46 pm

Ho fatto un po' di confusione... E diviso i due file txt in 4 parti... La prima e seconda sono "otl.txt", la terza e quarta sono "extrs.txt". Grazie mille per la pazienza.

da **hashcat** » mer apr 03, 2013 1:56 pm

Posta una foto del contenuto della quarantena di Kaspersky ed (eventualmente) di Avira.

Possiedi più prodotti di sicurezza installati ed attivi contemporaneamente (Avira, Kaspersky e vedo tracce di AVG)?

Disinstalla Java, Flash Player, Adobe Reader e Quicktime.

Sul computer sono presenti un po' di schifezze che rendono difficile l'analisi del log, effettua un po' di pulizia con Adwcleaner:
Utilizza lo strumento in modalità "Delete" e posta il relativo log.

Posta un log di TDSSKiller:

Scarica TDSSKiller da qui
Estrailo dall'archivio ZIP compresso
Rinominalo in modo casuale
Esegui TDSSKiller e clicca su "Change Parameters"
Seleziona tutte le caselle
Riavvia come richiesto lo strumento
Effettua una scansione cliccando su Start Scan
Al termine della scansione verrà mostrata una schermata con i rilevamenti
Seleziona l'opzione "Cure" per i rilevamenti "malicious" e l'opzione "Skip" per quelli "Suspicious"
Clicca su Next/Continue per applicare le azioni
Per portare a termine la disinfezione TDSSKiller potrebbe richiedere un riavvio del computer
Al termine della procedura posta il log di TDSSKiller che si trova in C:\

Ed infine uno di HitmanPro:

Scarica HitmanPro da QUI ed eseguilo
Avvia una scansione completa
Se al termine della stessa vengono rilevate minacce, non le rimuovere
Salva il log e postalo sul forum

P.S.: Queste due eccezioni del firewall sono altamente sospette:

Codice: Seleziona tutto: "TCP Query User{DB63B4D3-15D1-45BD-A2AB-C6BD60C2D37E}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=6 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |

Codice: Seleziona tutto: "UDP Query User{FAC45588-5382-4811-865A-FAAF7A955944}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=17 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |

P.S.: Hai ricevuto risposte dal team di Dr.Web?

da **nerchiola** » mer apr 03, 2013 3:22 pm

QUesto il log di Adwcleaner

# AdwCleaner v2.200 - Logfile creato il 03/04/2013 alle 15:52:58
# Aggiornamento 02/04/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Nerchiola - NERCHIOLA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Nerchiola\Desktop\adwcleaner.exe
# Opzioni [Elimina]

***** [Servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\DAEMON Tools Toolbar
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\ProgramData\Trymedia
Cartella Eliminato : C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Cartella Eliminato : C:\Users\Nerchiola\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Nerchiola\AppData\LocalLow\incredibar.com
Cartella Eliminato : C:\Users\Nerchiola\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\Conduit
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\ConduitEngine
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\CT2849853
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions\DTToolbar@toolbarnet.com
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions\engine@conduit.com
Cartella Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions\ffxtlbr@incredibar.com
Cartella Eliminato : C:\Windows\SysWOW64\WNLT
Eliminato al riavvio : C:\Program Files\Web Assistant
File Eliminato : C:\user.js
File Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\searchplugins\Conduit.xml
File Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\searchplugins\daemon-search.xml
File Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\searchplugins\MyStart Search.xml
File Eliminato : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\searchplugins\search.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\IM
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\ImInstaller
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\WNLT
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminata : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chiave Eliminata : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Chiave Eliminata : HKLM\Software\Web Assistant
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Chiave Eliminata : HKLM\SOFTWARE\Web Assistant
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registro Pulito.

-\\ Mozilla Firefox v3.5.6 (it)

File : C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\prefs.js

C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\user.js ... Eliminato !

Eliminata : user_pref("CT2849853..clientLogIsEnabled", true);
Eliminata : user_pref("CT2849853..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Eliminata : user_pref("CT2849853..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Eliminata : user_pref("CT2849853.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Eliminata : user_pref("CT2849853.CTID", "CT2849853");
Eliminata : user_pref("CT2849853.CurrentServerDate", "30-3-2013");
Eliminata : user_pref("CT2849853.DialogsAlignMode", "LTR");
Eliminata : user_pref("CT2849853.DownloadReferralCookieData", "");
Eliminata : user_pref("CT2849853.EMailNotifierPollDate", "Sat Mar 30 2013 12:21:16 GMT+0100 (ora solare Europa o[...]
Eliminata : user_pref("CT2849853.FeedLastCount129349796225594318", 484);
Eliminata : user_pref("CT2849853.FeedPollDate129313974171006416", "Sat Mar 30 2013 12:21:17 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313975698350231", "Sat Mar 30 2013 12:21:17 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313976370850190", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313976648818968", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313977444757117", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313980389131455", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313980655381977", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313980886163259", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313981234756535", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313983226631720", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedPollDate129313983607725691", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare[...]
Eliminata : user_pref("CT2849853.FeedTTL129313974171006416", 10);
Eliminata : user_pref("CT2849853.FeedTTL129313975698350231", 5);
Eliminata : user_pref("CT2849853.FeedTTL129313977444757117", 15);
Eliminata : user_pref("CT2849853.FeedTTL129313980655381977", 5);
Eliminata : user_pref("CT2849853.FeedTTL129313981234756535", 5);
Eliminata : user_pref("CT2849853.FirstServerDate", "1-3-2011");
Eliminata : user_pref("CT2849853.FirstTime", true);
Eliminata : user_pref("CT2849853.FirstTimeFF3", true);
Eliminata : user_pref("CT2849853.FixPageNotFoundErrors", false);
Eliminata : user_pref("CT2849853.GroupingServerCheckInterval", 1440);
Eliminata : user_pref("CT2849853.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Eliminata : user_pref("CT2849853.HasUserGlobalKeys", true);
Eliminata : user_pref("CT2849853.Initialize", true);
Eliminata : user_pref("CT2849853.InitializeCommonPrefs", true);
Eliminata : user_pref("CT2849853.InstallationAndCookieDataSentCount", 3);
Eliminata : user_pref("CT2849853.InstallationType", "UnknownIntegration");
Eliminata : user_pref("CT2849853.InstalledDate", "Mon Feb 28 2011 23:54:05 GMT+0100 (ora solare Europa occidenta[...]
Eliminata : user_pref("CT2849853.IsGrouping", false);
Eliminata : user_pref("CT2849853.IsMulticommunity", false);
Eliminata : user_pref("CT2849853.IsOpenThankYouPage", true);
Eliminata : user_pref("CT2849853.IsOpenUninstallPage", false);
Eliminata : user_pref("CT2849853.LanguagePackLastCheckTime", "Sat Mar 30 2013 12:21:20 GMT+0100 (ora solare Euro[...]
Eliminata : user_pref("CT2849853.LanguagePackReloadIntervalMM", 1440);
Eliminata : user_pref("CT2849853.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Eliminata : user_pref("CT2849853.LastLogin_3.2.5.2", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solare Europa occid[...]
Eliminata : user_pref("CT2849853.LatestVersion", "3.18.0.7");
Eliminata : user_pref("CT2849853.Locale", "it");
Eliminata : user_pref("CT2849853.MCDetectTooltipHeight", "83");
Eliminata : user_pref("CT2849853.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Eliminata : user_pref("CT2849853.MCDetectTooltipWidth", "295");
Eliminata : user_pref("CT2849853.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Eliminata : user_pref("CT2849853.SearchFromAddressBarIsInit", true);
Eliminata : user_pref("CT2849853.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Eliminata : user_pref("CT2849853.SearchInNewTabEnabled", true);
Eliminata : user_pref("CT2849853.SearchInNewTabIntervalMM", 1440);
Eliminata : user_pref("CT2849853.SearchInNewTabLastCheckTime", "Sat Mar 30 2013 12:21:16 GMT+0100 (ora solare Eu[...]
Eliminata : user_pref("CT2849853.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Eliminata : user_pref("CT2849853.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Eliminata : user_pref("CT2849853.ServiceMapLastCheckTime", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solare Europa[...]
Eliminata : user_pref("CT2849853.SettingsLastCheckTime", "Sat Mar 30 2013 12:21:15 GMT+0100 (ora solare Europa o[...]
Eliminata : user_pref("CT2849853.SettingsLastUpdate", "1364627861");
Eliminata : user_pref("CT2849853.ThirdPartyComponentsInterval", 504);
Eliminata : user_pref("CT2849853.ThirdPartyComponentsLastCheck", "Thu Mar 28 2013 18:02:04 GMT+0100 (ora solare [...]

Eliminata : user_pref("CT2849853.ThirdPartyComponentsLastUpdate", "1331806005");
Eliminata : user_pref("CT2849853.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Eliminata : user_pref("CT2849853.UserID", "UN97753274701843520");
Eliminata : user_pref("CT2849853.WeatherNetwork", "");
Eliminata : user_pref("CT2849853.WeatherPollDate", "Sat Mar 30 2013 12:21:18 GMT+0100 (ora solare Europa occiden[...]
Eliminata : user_pref("CT2849853.WeatherUnit", "C");
Eliminata : user_pref("CT2849853.alertChannelId", "1241894");
Eliminata : user_pref("CT2849853.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Eliminata : user_pref("CT2849853.backendstorage.cbcountry_000", "4954");
Eliminata : user_pref("CT2849853.backendstorage.cbcountry_001", "4954");
Eliminata : user_pref("CT2849853.backendstorage.cbfirsttime", "4D6F6E2041707220303220323031322032323A30373A35382[...]
Eliminata : user_pref("CT2849853.backendstorage.cbopenmamsettings", "30");
Eliminata : user_pref("CT2849853.backendstorage.enableinj", "");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_appsdefaultenabled", "74727565");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_couponbuddy_appstate", "6F6E");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_currentversion", "312E342E302E34");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_first_time", "31");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_pricegong_appstate", "6F6E");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_settings1.4.0.4", "7B22537461747573223A227375636365656465[...]
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_showclosebutton", "74727565");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Eliminata : user_pref("CT2849853.backendstorage.mam_gk_userid", "66343031623766322D653262362D346166332D396137302[...]
Eliminata : user_pref("CT2849853.backendstorage.pg_enable", "74727565");
Eliminata : user_pref("CT2849853.backendstorage.url_history0001", "68747470733A2F2F7777772E6277696E2E69742F73706[...]
Eliminata : user_pref("CT2849853.myStuffEnabled", true);
Eliminata : user_pref("CT2849853.myStuffPublihserMinWidth", 400);
Eliminata : user_pref("CT2849853.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Eliminata : user_pref("CT2849853.myStuffServiceIntervalMM", 1440);
Eliminata : user_pref("CT2849853.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Eliminata : user_pref("CT2849853.testingCtid", "");
Eliminata : user_pref("CT2849853.toolbarAppMetaDataLastCheckTime", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2849853.toolbarContextMenuLastCheckTime", "Mon Feb 28 2011 23:54:05 GMT+0100 (ora solar[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit. ... /CT2849853[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1237567/IT", "\"0\"[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/IT", "\"0\"")[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2849853", [...]

Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"f37920d9b1c986[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "63[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=2/22/20[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=3/13/20[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2849853[...]
Eliminata : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=it", "\"0c4[...]
Eliminata : user_pref("CommunityToolbar.EngineOwner", "CT2849853");
Eliminata : user_pref("CommunityToolbar.EngineOwnerGuid", "{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}");
Eliminata : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_it");
Eliminata : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Eliminata : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849853");
Eliminata : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}");
Eliminata : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_it");
Eliminata : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Eliminata : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2849853");
Eliminata : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2849853");
Eliminata : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Eliminata : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 30 2013 12:21:15 GMT+0100 (ora s[...]
Eliminata : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Eliminata : user_pref("CommunityToolbar.alert.locale", "en");
Eliminata : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Eliminata : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 30 2013 12:21:15 GMT+0100 (ora solar[...]
Eliminata : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Eliminata : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Eliminata : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Eliminata : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Eliminata : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Eliminata : user_pref("CommunityToolbar.alert.userId", "595dfcbb-d6eb-4bd7-8844-951e248ded13");
Eliminata : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 28 2012 23:21:08 GMT+0200 (ora[...]
Eliminata : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849853");
Eliminata : user_pref("ConduitEngine.CTID", "ConduitEngine");
Eliminata : user_pref("ConduitEngine.FirstServerDate", "03/01/2011 01");
Eliminata : user_pref("ConduitEngine.FirstTime", true);
Eliminata : user_pref("ConduitEngine.FirstTimeFF3", true);
Eliminata : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Eliminata : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Eliminata : user_pref("ConduitEngine.Initialize", true);
Eliminata : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Eliminata : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Eliminata : user_pref("ConduitEngine.InstalledDate", "Mon Feb 28 2011 23:54:05 GMT+0100 (ora solare Europa occid[...]
Eliminata : user_pref("ConduitEngine.IsMulticommunity", false);
Eliminata : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Eliminata : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Eliminata : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solare [...]

Eliminata : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solare Europa o[...]
Eliminata : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Eliminata : user_pref("ConduitEngine.SavedHomepage", "hxxp://www.daemon-search.com/startpage");
Eliminata : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Eliminata : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Eliminata : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 30 2013 12:21:19 GMT+0100 (ora solare Euro[...]
Eliminata : user_pref("ConduitEngine.UserID", "UN22799569837232614");
Eliminata : user_pref("ConduitEngine.engineLocale", "it");
Eliminata : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 30 2013 12:21:20 GMT+0100 (ora s[...]
Eliminata : user_pref("ConduitEngine.initDone", true);
Eliminata : user_pref("browser.search.defaultenginename", "MyStart Search");
Eliminata : user_pref("browser.search.defaultthis.engineName", "BittorrentBar_IT Customized Web Search");
Eliminata : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&Sea[...]
Eliminata : user_pref("browser.search.selectedEngine", "MyStart Search");
Eliminata : user_pref("extensions.incredibar.admin", false);
Eliminata : user_pref("extensions.incredibar.aflt", "orgnl");
Eliminata : user_pref("extensions.incredibar.cntry", "IT");
Eliminata : user_pref("extensions.incredibar.dfltLng", "");
Eliminata : user_pref("extensions.incredibar.dfltSrch", false);
Eliminata : user_pref("extensions.incredibar.did", "10665");
Eliminata : user_pref("extensions.incredibar.envrmnt", "production");
Eliminata : user_pref("extensions.incredibar.excTlbr", false);
Eliminata : user_pref("extensions.incredibar.hdrMd5", "AA64016A165BDF3827616C4177FD2816");
Eliminata : user_pref("extensions.incredibar.hmpg", false);
Eliminata : user_pref("extensions.incredibar.id", "c25a9aaf000000000000000000000000");
Eliminata : user_pref("extensions.incredibar.installerproductid", "26");
Eliminata : user_pref("extensions.incredibar.instlDay", "15501");
Eliminata : user_pref("extensions.incredibar.instlRef", "");
Eliminata : user_pref("extensions.incredibar.isDcmntCmplt", false);
Eliminata : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:02:53");
Eliminata : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Eliminata : user_pref("extensions.incredibar.newTab", false);
Eliminata : user_pref("extensions.incredibar.noFFXTlbr", false);
Eliminata : user_pref("extensions.incredibar.ppd", "");
Eliminata : user_pref("extensions.incredibar.prdct", "incredibar");
Eliminata : user_pref("extensions.incredibar.productid", "26");
Eliminata : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Eliminata : user_pref("extensions.incredibar.sg", "none");
Eliminata : user_pref("extensions.incredibar.smplGrp", "none");
Eliminata : user_pref("extensions.incredibar.tlbrId", "base");
Eliminata : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEywz5N7&loc=IB_T[...]
Eliminata : user_pref("extensions.incredibar.upn2", "6OyEywz5N7");
Eliminata : user_pref("extensions.incredibar.upn2n", "92261563092583329");
Eliminata : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Eliminata : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:02:53");
Eliminata : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Eliminata : user_pref("extensions.incredibar_i.aflt", "orgnl");
Eliminata : user_pref("extensions.incredibar_i.dfltLng", "");
Eliminata : user_pref("extensions.incredibar_i.did", "10665");
Eliminata : user_pref("extensions.incredibar_i.excTlbr", false);
Eliminata : user_pref("extensions.incredibar_i.id", "c25a9aaf000000000000000000000000");
Eliminata : user_pref("extensions.incredibar_i.installerproductid", "26");
Eliminata : user_pref("extensions.incredibar_i.instlDay", "15501");
Eliminata : user_pref("extensions.incredibar_i.instlRef", "");
Eliminata : user_pref("extensions.incredibar_i.ms_url_id", "");
Eliminata : user_pref("extensions.incredibar_i.newTab", false);
Eliminata : user_pref("extensions.incredibar_i.ppd", "");
Eliminata : user_pref("extensions.incredibar_i.prdct", "incredibar");
Eliminata : user_pref("extensions.incredibar_i.productid", "26");
Eliminata : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Eliminata : user_pref("extensions.incredibar_i.smplGrp", "none");
Eliminata : user_pref("extensions.incredibar_i.tlbrId", "base");
Eliminata : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEywz5N7&loc=IB[...]
Eliminata : user_pref("extensions.incredibar_i.upn2", "6OyEywz5N7");
Eliminata : user_pref("extensions.incredibar_i.upn2n", "92261563092583329");
Eliminata : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Eliminata : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:02:53");
Eliminata : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Eliminata : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Eliminata : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Eliminata : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.24] : icon_url = "hxxp://mystart.incredibar.com/mb165/favicon.ico",
Eliminata [l.27] : keyword = "mystart.incredibar.com/mb165",
Eliminata [l.30] : search_url = "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6OyEywz5N[...]

-\\ Opera v10.1.1844.0

File : C:\Users\Nerchiola\AppData\Roaming\Opera\Opera\operaprefs.ini

Eliminata : URL=hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search=%s&a=6OyEywz5N7&i=26

*************************

AdwCleaner[S1].txt - [358 octets] - [03/04/2013 15:39:36]
AdwCleaner[S2].txt - [36269 octets] - [03/04/2013 15:52:58]

########## EOF - C:\AdwCleaner[S2].txt - [36330 octets] ##########

da **nerchiola** » mer apr 03, 2013 3:23 pm

Questo il primo log di tdsskiller

15:57:20.0884 1380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:57:20.0899 1380 ============================================================
15:57:20.0899 1380 Current date / time: 2013/04/03 15:57:20.0899
15:57:20.0899 1380 SystemInfo:
15:57:20.0899 1380
15:57:20.0899 1380 OS Version: 6.1.7601 ServicePack: 1.0
15:57:20.0899 1380 Product type: Workstation
15:57:20.0899 1380 ComputerName: NERCHIOLA-PC
15:57:20.0899 1380 UserName: Nerchiola
15:57:20.0899 1380 Windows directory: C:\Windows
15:57:20.0899 1380 System windows directory: C:\Windows
15:57:20.0899 1380 Running under WOW64
15:57:20.0899 1380 Processor architecture: Intel x64
15:57:20.0899 1380 Number of processors: 4
15:57:20.0899 1380 Page size: 0x1000
15:57:20.0899 1380 Boot type: Normal boot
15:57:20.0899 1380 ============================================================
15:57:23.0489 1380 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:23.0505 1380 ============================================================
15:57:23.0505 1380 \Device\Harddisk0\DR0:
15:57:23.0505 1380 MBR partitions:
15:57:23.0505 1380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:57:23.0505 1380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x2AAE7000
15:57:23.0505 1380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2C919800, BlocksNum 0x2AC2C000
15:57:23.0505 1380 ============================================================
15:57:23.0536 1380 C: <-> \Device\Harddisk0\DR0\Partition2
15:57:23.0567 1380 D: <-> \Device\Harddisk0\DR0\Partition3
15:57:23.0567 1380 ============================================================
15:57:23.0567 1380 Initialize success
15:57:23.0567 1380 ============================================================
15:58:00.0945 3632 Deinitialize success

da **nerchiola** » mer apr 03, 2013 3:30 pm

il secondo log di tddsskiller (1a parte)

15:59:12.0949 2476 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:59:13.0043 2476 ============================================================
15:59:13.0043 2476 Current date / time: 2013/04/03 15:59:13.0043
15:59:13.0043 2476 SystemInfo:
15:59:13.0043 2476
15:59:13.0043 2476 OS Version: 6.1.7601 ServicePack: 1.0
15:59:13.0043 2476 Product type: Workstation
15:59:13.0043 2476 ComputerName: NERCHIOLA-PC
15:59:13.0043 2476 UserName: Nerchiola
15:59:13.0043 2476 Windows directory: C:\Windows
15:59:13.0043 2476 System windows directory: C:\Windows
15:59:13.0043 2476 Running under WOW64
15:59:13.0043 2476 Processor architecture: Intel x64
15:59:13.0043 2476 Number of processors: 4
15:59:13.0043 2476 Page size: 0x1000
15:59:13.0043 2476 Boot type: Normal boot
15:59:13.0043 2476 ============================================================
15:59:14.0634 2476 BG loaded
15:59:19.0206 2476 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:59:19.0276 2476 ============================================================
15:59:19.0276 2476 \Device\Harddisk0\DR0:
15:59:19.0276 2476 MBR partitions:
15:59:19.0276 2476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:59:19.0276 2476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x2AAE7000
15:59:19.0276 2476 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2C919800, BlocksNum 0x2AC2C000
15:59:19.0276 2476 ============================================================
15:59:19.0356 2476 C: <-> \Device\Harddisk0\DR0\Partition2
15:59:20.0180 2476 D: <-> \Device\Harddisk0\DR0\Partition3
15:59:20.0180 2476 ============================================================
15:59:20.0180 2476 Initialize success
15:59:20.0180 2476 ============================================================
15:59:39.0867 4036 ============================================================
15:59:39.0867 4036 Scan started
15:59:39.0867 4036 Mode: Manual;
15:59:39.0867 4036 ============================================================
15:59:40.0632 4036 ================ Scan system memory ========================
15:59:40.0632 4036 System memory - ok
15:59:40.0632 4036 ================ Scan services =============================
15:59:40.0788 4036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:59:40.0788 4036 1394ohci - ok
15:59:40.0834 4036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:59:40.0850 4036 ACPI - ok
15:59:40.0897 4036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:59:40.0897 4036 AcpiPmi - ok
15:59:40.0928 4036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:59:40.0928 4036 adp94xx - ok
15:59:40.0959 4036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:59:40.0975 4036 adpahci - ok
15:59:40.0990 4036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:59:40.0990 4036 adpu320 - ok
15:59:41.0006 4036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:59:41.0006 4036 AeLookupSvc - ok
15:59:41.0068 4036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:59:41.0068 4036 AFD - ok
15:59:41.0100 4036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:59:41.0100 4036 agp440 - ok
15:59:41.0131 4036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:59:41.0131 4036 ALG - ok
15:59:41.0162 4036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:59:41.0162 4036 aliide - ok
15:59:41.0178 4036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:59:41.0178 4036 amdide - ok
15:59:41.0209 4036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:59:41.0209 4036 AmdK8 - ok
15:59:41.0224 4036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:59:41.0224 4036 AmdPPM - ok
15:59:41.0380 4036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:59:41.0396 4036 amdsata - ok
15:59:41.0427 4036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:59:41.0427 4036 amdsbs - ok
15:59:41.0443 4036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:59:41.0443 4036 amdxata - ok
15:59:41.0505 4036 [ 445C1A3F7A5A8D0454C8944115E69F18 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:59:41.0521 4036 AntiVirService - ok
15:59:41.0552 4036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:59:41.0552 4036 AppID - ok
15:59:41.0568 4036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:59:41.0568 4036 AppIDSvc - ok
15:59:41.0646 4036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:59:41.0646 4036 Appinfo - ok
15:59:41.0755 4036 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:59:41.0755 4036 Apple Mobile Device - ok
15:59:41.0802 4036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:59:41.0802 4036 arc - ok
15:59:41.0833 4036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:59:41.0833 4036 arcsas - ok
15:59:41.0848 4036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:41.0848 4036 AsyncMac - ok
15:59:41.0864 4036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:59:41.0864 4036 atapi - ok
15:59:41.0958 4036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:59:41.0958 4036 AudioEndpointBuilder - ok
15:59:42.0004 4036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:59:42.0020 4036 AudioSrv - ok
15:59:42.0051 4036 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:59:42.0051 4036 avgntflt - ok
15:59:42.0067 4036 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:59:42.0067 4036 avipbb - ok
15:59:42.0145 4036 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
15:59:42.0145 4036 AVP - ok
15:59:42.0192 4036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:59:42.0192 4036 AxInstSV - ok
15:59:42.0223 4036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:59:42.0223 4036 b06bdrv - ok
15:59:42.0238 4036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:42.0254 4036 b57nd60a - ok
15:59:42.0285 4036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:59:42.0285 4036 BDESVC - ok
15:59:42.0301 4036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:59:42.0301 4036 Beep - ok
15:59:42.0379 4036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:59:42.0379 4036 BFE - ok
15:59:42.0410 4036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:59:42.0426 4036 BITS - ok
15:59:42.0457 4036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:59:42.0457 4036 blbdrive - ok
15:59:42.0488 4036 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:59:42.0488 4036 Bonjour Service - ok
15:59:42.0519 4036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:59:42.0519 4036 bowser - ok
15:59:42.0535 4036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:59:42.0535 4036 BrFiltLo - ok
15:59:42.0550 4036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:59:42.0550 4036 BrFiltUp - ok
15:59:42.0566 4036 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:59:42.0582 4036 BridgeMP - ok
15:59:42.0628 4036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:59:42.0628 4036 Browser - ok
15:59:42.0660 4036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:59:42.0675 4036 Brserid - ok
15:59:42.0691 4036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:42.0691 4036 BrSerWdm - ok
15:59:42.0722 4036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:42.0722 4036 BrUsbMdm - ok
15:59:42.0738 4036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:42.0738 4036 BrUsbSer - ok
15:59:42.0816 4036 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:59:42.0816 4036 BthEnum - ok
15:59:42.0831 4036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:59:42.0847 4036 BTHMODEM - ok
15:59:42.0925 4036 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:59:42.0925 4036 BthPan - ok
15:59:43.0034 4036 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:59:43.0050 4036 BTHPORT - ok
15:59:43.0081 4036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:59:43.0096 4036 bthserv - ok
15:59:43.0237 4036 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:59:43.0237 4036 BTHUSB - ok
15:59:43.0252 4036 catchme - ok
15:59:43.0268 4036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:59:43.0268 4036 cdfs - ok
15:59:43.0315 4036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:59:43.0315 4036 cdrom - ok
15:59:43.0393 4036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:59:43.0408 4036 CertPropSvc - ok
15:59:43.0440 4036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:59:43.0440 4036 circlass - ok
15:59:43.0486 4036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:59:43.0502 4036 CLFS - ok
15:59:43.0611 4036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:43.0627 4036 clr_optimization_v2.0.50727_32 - ok
15:59:43.0658 4036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:43.0689 4036 clr_optimization_v2.0.50727_64 - ok
15:59:43.0798 4036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:43.0892 4036 clr_optimization_v4.0.30319_32 - ok
15:59:43.0923 4036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:43.0939 4036 clr_optimization_v4.0.30319_64 - ok
15:59:43.0954 4036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:43.0954 4036 CmBatt - ok
15:59:43.0970 4036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:59:43.0970 4036 cmdide - ok
15:59:44.0032 4036 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:59:44.0048 4036 CNG - ok
15:59:44.0064 4036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:59:44.0064 4036 Compbatt - ok
15:59:44.0079 4036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:59:44.0079 4036 CompositeBus - ok
15:59:44.0095 4036 COMSysApp - ok
15:59:44.0095 4036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:59:44.0110 4036 crcdisk - ok
15:59:44.0142 4036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:59:44.0142 4036 CryptSvc - ok
15:59:44.0220 4036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:59:44.0220 4036 DcomLaunch - ok
15:59:44.0251 4036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:59:44.0251 4036 defragsvc - ok
15:59:44.0298 4036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:59:44.0298 4036 DfsC - ok
15:59:44.0313 4036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:59:44.0313 4036 Dhcp - ok
15:59:44.0329 4036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:59:44.0329 4036 discache - ok
15:59:44.0360 4036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:59:44.0360 4036 Disk - ok
15:59:44.0407 4036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:59:44.0407 4036 Dnscache - ok
15:59:44.0438 4036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:59:44.0438 4036 dot3svc - ok
15:59:44.0469 4036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:59:44.0485 4036 DPS - ok
15:59:44.0500 4036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:59:44.0500 4036 drmkaud - ok
15:59:44.0516 4036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:59:44.0532 4036 DXGKrnl - ok
15:59:44.0532 4036 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
15:59:44.0547 4036 e1yexpress - ok
15:59:44.0563 4036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:59:44.0578 4036 EapHost - ok
15:59:44.0750 4036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:59:44.0812 4036 ebdrv - ok
15:59:44.0859 4036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:59:44.0859 4036 EFS - ok
15:59:44.0984 4036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:59:45.0000 4036 ehRecvr - ok
15:59:45.0015 4036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:59:45.0015 4036 ehSched - ok
15:59:45.0046 4036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:59:45.0062 4036 elxstor - ok
15:59:45.0062 4036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:59:45.0062 4036 ErrDev - ok
15:59:45.0093 4036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:59:45.0093 4036 EventSystem - ok
15:59:45.0140 4036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:59:45.0156 4036 exfat - ok
15:59:45.0171 4036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:59:45.0187 4036 fastfat - ok
15:59:45.0234 4036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:59:45.0234 4036 Fax - ok
15:59:45.0249 4036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:59:45.0249 4036 fdc - ok
15:59:45.0265 4036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:59:45.0265 4036 fdPHost - ok
15:59:45.0265 4036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:59:45.0265 4036 FDResPub - ok
15:59:45.0280 4036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:59:45.0280 4036 FileInfo - ok
15:59:45.0312 4036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:59:45.0312 4036 Filetrace - ok
15:59:45.0421 4036 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:59:45.0436 4036 FLEXnet Licensing Service 64 - ok
15:59:45.0452 4036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:45.0452 4036 flpydisk - ok
15:59:45.0483 4036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:59:45.0499 4036 FltMgr - ok
15:59:45.0530 4036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:59:45.0561 4036 FontCache - ok
15:59:45.0608 4036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:45.0624 4036 FontCache3.0.0.0 - ok
15:59:45.0670 4036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:59:45.0670 4036 FsDepends - ok
15:59:45.0686 4036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:59:45.0702 4036 Fs_Rec - ok
15:59:45.0764 4036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:59:45.0764 4036 fvevol - ok
15:59:45.0795 4036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:59:45.0795 4036 gagp30kx - ok
15:59:45.0826 4036 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:59:45.0826 4036 GEARAspiWDM - ok
15:59:45.0904 4036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:59:45.0904 4036 gpsvc - ok
15:59:45.0967 4036 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
15:59:45.0967 4036 Greg_Service - ok
15:59:46.0060 4036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:59:46.0060 4036 gupdate - ok
15:59:46.0076 4036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:59:46.0076 4036 gupdatem - ok
15:59:46.0138 4036 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:59:46.0138 4036 gusvc - ok
15:59:46.0154 4036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:59:46.0170 4036 hcw85cir - ok
15:59:46.0326 4036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:59:46.0341 4036 HdAudAddService - ok
15:59:46.0372 4036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:59:46.0372 4036 HDAudBus - ok
15:59:46.0372 4036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:59:46.0388 4036 HidBatt - ok
15:59:46.0404 4036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:59:46.0404 4036 HidBth - ok
15:59:46.0419 4036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:59:46.0419 4036 HidIr - ok
15:59:46.0435 4036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:59:46.0450 4036 hidserv - ok
15:59:46.0466 4036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:59:46.0466 4036 HidUsb - ok
15:59:46.0497 4036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:59:46.0513 4036 hkmsvc - ok
15:59:46.0544 4036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:59:46.0544 4036 HomeGroupListener - ok
15:59:46.0560 4036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:59:46.0560 4036 HomeGroupProvider - ok
15:59:46.0575 4036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:59:46.0575 4036 HpSAMD - ok
15:59:46.0622 4036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:59:46.0622 4036 HTTP - ok
15:59:46.0653 4036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:59:46.0653 4036 hwpolicy - ok
15:59:46.0684 4036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:59:46.0684 4036 i8042prt - ok
15:59:46.0731 4036 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:59:46.0731 4036 IAANTMON - ok
15:59:46.0762 4036 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:59:46.0762 4036 iaStor - ok
15:59:46.0778 4036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:59:46.0794 4036 iaStorV - ok
15:59:46.0918 4036 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:59:46.0950 4036 IDriverT - ok
15:59:47.0012 4036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:47.0028 4036 idsvc - ok
15:59:47.0230 4036 [ 59E3E4D80CDFBBC61BF7D9B7CC3BC993 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:59:47.0839 4036 igfx - ok
15:59:47.0870 4036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:59:47.0886 4036 iirsp - ok
15:59:47.0917 4036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:59:47.0932 4036 IKEEXT - ok
15:59:47.0995 4036 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:59:47.0995 4036 IntcAzAudAddService - ok
15:59:48.0042 4036 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:59:48.0042 4036 IntcHdmiAddService - ok
15:59:48.0073 4036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:59:48.0073 4036 intelide - ok
15:59:48.0104 4036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:59:48.0104 4036 intelppm - ok
15:59:48.0120 4036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:59:48.0135 4036 IPBusEnum - ok
15:59:48.0151 4036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:48.0166 4036 IpFilterDriver - ok
15:59:48.0213 4036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:59:48.0213 4036 iphlpsvc - ok
15:59:48.0229 4036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:59:48.0229 4036 IPMIDRV - ok
15:59:48.0244 4036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:59:48.0244 4036 IPNAT - ok
15:59:48.0276 4036 [ 006597773BE583D1CCF6A913477937E0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:59:48.0276 4036 iPod Service - ok
15:59:48.0307 4036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:59:48.0307 4036 IRENUM - ok
15:59:48.0322 4036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:59:48.0322 4036 isapnp - ok
15:59:48.0338 4036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:59:48.0338 4036 iScsiPrt - ok
15:59:48.0354 4036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:59:48.0354 4036 kbdclass - ok
15:59:48.0385 4036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:59:48.0385 4036 kbdhid - ok
15:59:48.0400 4036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:59:48.0400 4036 KeyIso - ok
15:59:48.0447 4036 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
15:59:48.0463 4036 kl1 - ok
15:59:48.0525 4036 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:59:48.0525 4036 KLIF - ok
15:59:48.0556 4036 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:59:48.0556 4036 KLIM6 - ok
15:59:48.0556 4036 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
15:59:48.0556 4036 klkbdflt - ok
15:59:48.0572 4036 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:59:48.0572 4036 klmouflt - ok
15:59:48.0588 4036 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
15:59:48.0588 4036 kltdi - ok
15:59:48.0603 4036 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
15:59:48.0603 4036 kneps - ok
15:59:48.0650 4036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:59:48.0666 4036 KSecDD - ok
15:59:48.0697 4036 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:59:48.0697 4036 KSecPkg - ok
15:59:48.0712 4036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:59:48.0712 4036 ksthunk - ok
15:59:48.0728 4036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:59:48.0744 4036 KtmRm - ok
15:59:48.0775 4036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:59:48.0790 4036 LanmanServer - ok
15:59:48.0853 4036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:48.0853 4036 LanmanWorkstation - ok
15:59:48.0978 4036 [ D9DD7520A7CF139B36A6407DE0FF1191 ] LiveUpSC C:\Users\Nerchiola\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
15:59:48.0978 4036 LiveUpSC - ok
15:59:48.0993 4036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:59:48.0993 4036 lltdio - ok
15:59:49.0040 4036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:59:49.0056 4036 lltdsvc - ok
15:59:49.0071 4036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:59:49.0071 4036 lmhosts - ok
15:59:49.0102 4036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:59:49.0102 4036 LSI_FC - ok
15:59:49.0118 4036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:59:49.0118 4036 LSI_SAS - ok
15:59:49.0134 4036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:59:49.0134 4036 LSI_SAS2 - ok
15:59:49.0149 4036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:59:49.0149 4036 LSI_SCSI - ok
15:59:49.0165 4036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:59:49.0165 4036 luafv - ok
15:59:49.0196 4036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:59:49.0196 4036 Mcx2Svc - ok
15:59:49.0212 4036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:59:49.0212 4036 megasas - ok
15:59:49.0227 4036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:59:49.0243 4036 MegaSR - ok
15:59:49.0321 4036 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:59:49.0383 4036 Microsoft Office Groove Audit Service - ok
15:59:49.0399 4036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:59:49.0399 4036 MMCSS - ok
15:59:49.0414 4036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:59:49.0414 4036 Modem - ok
15:59:49.0430 4036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:59:49.0430 4036 monitor - ok
15:59:49.0461 4036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:59:49.0461 4036 mouclass - ok
15:59:49.0492 4036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:59:49.0508 4036 mouhid - ok
15:59:49.0555 4036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:59:49.0555 4036 mountmgr - ok
15:59:49.0570 4036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:59:49.0570 4036 mpio - ok
15:59:49.0602 4036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:59:49.0602 4036 mpsdrv - ok
15:59:49.0664 4036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:59:49.0664 4036 MpsSvc - ok
15:59:49.0695 4036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:59:49.0726 4036 MRxDAV - ok
15:59:49.0758 4036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:49.0758 4036 mrxsmb - ok
15:59:49.0804 4036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:49.0804 4036 mrxsmb10 - ok
15:59:49.0836 4036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:49.0836 4036 mrxsmb20 - ok
15:59:49.0851 4036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:59:49.0851 4036 msahci - ok
15:59:49.0867 4036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:59:49.0867 4036 msdsm - ok
15:59:49.0882 4036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:59:49.0882 4036 MSDTC - ok
15:59:49.0898 4036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:59:49.0898 4036 Msfs - ok
15:59:49.0914 4036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:59:49.0914 4036 mshidkmdf - ok
15:59:49.0929 4036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:59:49.0929 4036 msisadrv - ok
15:59:49.0960 4036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:59:49.0976 4036 MSiSCSI - ok
15:59:49.0976 4036 msiserver - ok
15:59:50.0007 4036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:59:50.0007 4036 MSKSSRV - ok
15:59:50.0023 4036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:50.0038 4036 MSPCLOCK - ok
15:59:50.0038 4036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:59:50.0038 4036 MSPQM - ok
15:59:50.0070 4036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:59:50.0070 4036 MsRPC - ok
15:59:50.0085 4036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:59:50.0085 4036 mssmbios - ok
15:59:50.0101 4036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:59:50.0116 4036 MSTEE - ok
15:59:50.0116 4036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:59:50.0116 4036 MTConfig - ok
15:59:50.0132 4036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:59:50.0132 4036 Mup - ok
15:59:50.0179 4036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:59:50.0194 4036 napagent - ok
15:59:50.0210 4036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:59:50.0210 4036 NativeWifiP - ok
15:59:50.0272 4036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:59:50.0304 4036 NDIS - ok
15:59:50.0304 4036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:50.0319 4036 NdisCap - ok
15:59:50.0366 4036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:50.0366 4036 NdisTapi - ok
15:59:50.0413 4036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:50.0413 4036 Ndisuio - ok
15:59:50.0444 4036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:50.0444 4036 NdisWan - ok
15:59:50.0460 4036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:59:50.0460 4036 NDProxy - ok
15:59:50.0553 4036 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:59:50.0584 4036 Nero BackItUp Scheduler 4.0 - ok
15:59:50.0600 4036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:59:50.0600 4036 NetBIOS - ok
15:59:50.0616 4036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:59:50.0616 4036 NetBT - ok
15:59:50.0631 4036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:59:50.0631 4036 Netlogon - ok
15:59:50.0662 4036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:59:50.0662 4036 Netman - ok
15:59:50.0678 4036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:59:50.0678 4036 netprofm - ok
15:59:50.0709 4036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:59:50.0709 4036 NetTcpPortSharing - ok
15:59:50.0725 4036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:59:50.0725 4036 nfrd960 - ok
15:59:50.0756 4036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:59:50.0756 4036 NlaSvc - ok
15:59:50.0787 4036 [ 2C761CC067ACF0FB4EA13930B09BFEEA ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
15:59:50.0803 4036 nmwcdcx64 - ok
15:59:50.0834 4036 [ 63051819D5CAC0FA49C425FC5E1A2B5C ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
15:59:50.0834 4036 nmwcdx64 - ok
15:59:50.0850 4036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:59:50.0850 4036 Npfs - ok
15:59:50.0865 4036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:59:50.0865 4036 nsi - ok
15:59:50.0865 4036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:59:50.0865 4036 nsiproxy - ok
15:59:50.0990 4036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:59:51.0021 4036 Ntfs - ok
15:59:51.0037 4036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:59:51.0037 4036 Null - ok
15:59:51.0068 4036 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:59:51.0068 4036 NVHDA - ok
15:59:51.0552 4036 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:51.0614 4036 nvlddmkm - ok
15:59:51.0645 4036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:59:51.0661 4036 nvraid - ok
15:59:51.0692 4036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:59:51.0692 4036 nvstor - ok
15:59:51.0864 4036 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
15:59:51.0864 4036 nvsvc - ok
15:59:52.0004 4036 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:59:52.0051 4036 nvUpdatusService - ok
15:59:52.0082 4036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:59:52.0082 4036 nv_agp - ok
15:59:52.0176 4036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:59:52.0191 4036 odserv - ok
15:59:52.0222 4036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:59:52.0238 4036 ohci1394 - ok
15:59:52.0269 4036 [ 9CCABF24F5825B3FFAAF790D232E34DC ] onda_mx83xup_cdc_acm C:\Windows\system32\DRIVERS\onda_mx83xup_cdc_acm.sys
15:59:52.0269 4036 onda_mx83xup_cdc_acm - ok
15:59:52.0347 4036 [ BE73D359A876899868483B9A7F4EB182 ] onda_mx83xup_cpo C:\Windows\system32\DRIVERS\onda_mx83xup_cpo.sys
15:59:52.0347 4036 onda_mx83xup_cpo - ok
15:59:52.0378 4036 [ 57DAD6D26B34A6BCC3E8315B65DE1D95 ] onda_mx83xup_dc_enum C:\Windows\system32\DRIVERS\onda_mx83xup_dc_enum.sys
15:59:52.0378 4036 onda_mx83xup_dc_enum - ok
15:59:52.0425 4036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:52.0441 4036 ose - ok
15:59:52.0472 4036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:59:52.0472 4036 p2pimsvc - ok
15:59:52.0503 4036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:59:52.0503 4036 p2psvc - ok
15:59:52.0534 4036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:59:52.0534 4036 Parport - ok
15:59:52.0581 4036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:59:52.0581 4036 partmgr - ok
15:59:52.0597 4036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:59:52.0597 4036 PcaSvc - ok
15:59:52.0659 4036 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:59:52.0659 4036 pccsmcfd - ok
15:59:52.0675 4036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:59:52.0675 4036 pci - ok
15:59:52.0722 4036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:59:52.0722 4036 pciide - ok
15:59:52.0753 4036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:52.0753 4036 pcmcia - ok
15:59:52.0768 4036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:59:52.0768 4036 pcw - ok
15:59:52.0800 4036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:59:52.0800 4036 PEAUTH - ok
15:59:52.0878 4036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:59:52.0878 4036 PerfHost - ok
15:59:53.0049 4036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:59:53.0096 4036 pla - ok
15:59:53.0158 4036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:59:53.0158 4036 PlugPlay - ok
15:59:53.0174 4036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:59:53.0190 4036 PNRPAutoReg - ok
15:59:53.0205 4036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:59:53.0205 4036 PNRPsvc - ok
15:59:53.0221 4036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:59:53.0236 4036 PolicyAgent - ok
15:59:53.0268 4036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:59:53.0268 4036 Power - ok
15:59:53.0330 4036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:59:53.0330 4036 PptpMiniport - ok
15:59:53.0330 4036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:59:53.0346 4036 Processor - ok
15:59:53.0377 4036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:59:53.0392 4036 ProfSvc - ok
15:59:53.0392 4036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:59:53.0408 4036 ProtectedStorage - ok
15:59:53.0439 4036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:59:53.0439 4036 Psched - ok
15:59:53.0470 4036 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:59:53.0470 4036 PxHlpa64 - ok
15:59:53.0517 4036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:59:53.0533 4036 ql2300 - ok
15:59:53.0580 4036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:59:53.0580 4036 ql40xx - ok
15:59:53.0595 4036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:59:53.0595 4036 QWAVE - ok
15:59:53.0611 4036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:59:53.0611 4036 QWAVEdrv - ok
15:59:53.0626 4036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:59:53.0626 4036 RasAcd - ok
15:59:53.0642 4036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:53.0642 4036 RasAgileVpn - ok
15:59:53.0642 4036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:59:53.0642 4036 RasAuto - ok
15:59:53.0658 4036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:53.0658 4036 Rasl2tp - ok
15:59:53.0673 4036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:59:53.0673 4036 RasMan - ok
15:59:53.0689 4036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:53.0689 4036 RasPppoe - ok
15:59:53.0704 4036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:59:53.0704 4036 RasSstp - ok
15:59:53.0736 4036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:59:53.0736 4036 rdbss - ok
15:59:53.0751 4036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:53.0751 4036 rdpbus - ok
15:59:53.0767 4036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:53.0767 4036 RDPCDD - ok
15:59:53.0798 4036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:59:53.0798 4036 RDPENCDD - ok
15:59:53.0814 4036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:59:53.0814 4036 RDPREFMP - ok
15:59:53.0845 4036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:59:53.0845 4036 RDPWD - ok
15:59:53.0907 4036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:59:53.0923 4036 rdyboost - ok
15:59:53.0970 4036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:59:53.0970 4036 RemoteAccess - ok
15:59:54.0001 4036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:59:54.0001 4036 RemoteRegistry - ok
15:59:54.0016 4036 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:59:54.0063 4036 Revoflt - ok
15:59:54.0094 4036 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:59:54.0110 4036 RFCOMM - ok
15:59:54.0126 4036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:59:54.0126 4036 RpcEptMapper - ok
15:59:54.0157 4036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:59:54.0157 4036 RpcLocator - ok
15:59:54.0172 4036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:59:54.0188 4036 RpcSs - ok
15:59:54.0188 4036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:59:54.0188 4036 rspndr - ok
15:59:54.0204 4036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:59:54.0204 4036 SamSs - ok
15:59:54.0235 4036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:59:54.0250 4036 sbp2port - ok
15:59:54.0266 4036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:59:54.0266 4036 SCardSvr - ok
15:59:54.0297 4036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:59:54.0297 4036 scfilter - ok
15:59:54.0328 4036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:59:54.0328 4036 Schedule - ok
15:59:54.0360 4036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:59:54.0360 4036 SCPolicySvc - ok
15:59:54.0375 4036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:59:54.0375 4036 SDRSVC - ok

www.MegaLab.it

File .jpg criptati

File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: R: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: R: File .jpg criptati

Re: File .jpg criptati

Re: R: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Re: File .jpg criptati

Chi c’è in linea