www.MegaLab.it

[nerchiola]

il secondo log di tdsskiller (2a parte)

15:59:54.0391 4036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:59:54.0391 4036 secdrv - ok
15:59:54.0406 4036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:59:54.0406 4036 seclogon - ok
15:59:54.0422 4036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:59:54.0422 4036 SENS - ok
15:59:54.0438 4036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:59:54.0438 4036 SensrSvc - ok
15:59:54.0453 4036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:59:54.0453 4036 Serenum - ok
15:59:54.0469 4036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:59:54.0469 4036 Serial - ok
15:59:54.0484 4036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:59:54.0484 4036 sermouse - ok
15:59:54.0562 4036 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:59:54.0562 4036 ServiceLayer - ok
15:59:54.0594 4036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:59:54.0594 4036 SessionEnv - ok
15:59:54.0609 4036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:59:54.0609 4036 sffdisk - ok
15:59:54.0609 4036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:59:54.0609 4036 sffp_mmc - ok
15:59:54.0625 4036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:59:54.0625 4036 sffp_sd - ok
15:59:54.0640 4036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:59:54.0640 4036 sfloppy - ok
15:59:54.0672 4036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:59:54.0672 4036 SharedAccess - ok
15:59:54.0687 4036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:59:54.0703 4036 ShellHWDetection - ok
15:59:54.0718 4036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:59:54.0734 4036 SiSRaid2 - ok
15:59:54.0734 4036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:59:54.0734 4036 SiSRaid4 - ok
15:59:54.0765 4036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:59:54.0765 4036 Smb - ok
15:59:54.0781 4036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:59:54.0781 4036 SNMPTRAP - ok
15:59:54.0796 4036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:59:54.0796 4036 spldr - ok
15:59:54.0843 4036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:59:54.0843 4036 Spooler - ok
15:59:55.0077 4036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:59:55.0140 4036 sppsvc - ok
15:59:55.0155 4036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:59:55.0155 4036 sppuinotify - ok
15:59:55.0218 4036 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
15:59:55.0218 4036 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:59:55.0218 4036 sptd ( LockedFile.Multi.Generic ) - warning
15:59:55.0218 4036 sptd - detected LockedFile.Multi.Generic (1)
15:59:55.0264 4036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:59:55.0264 4036 srv - ok
15:59:55.0280 4036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:59:55.0280 4036 srv2 - ok
15:59:55.0327 4036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:59:55.0327 4036 srvnet - ok
15:59:55.0405 4036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:59:55.0405 4036 SSDPSRV - ok
15:59:55.0420 4036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:59:55.0420 4036 SstpSvc - ok
15:59:55.0483 4036 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:59:55.0483 4036 Stereo Service - ok
15:59:55.0498 4036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:59:55.0498 4036 stexstor - ok
15:59:55.0561 4036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:59:55.0561 4036 stisvc - ok
15:59:55.0654 4036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:59:55.0654 4036 swenum - ok
15:59:55.0795 4036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:59:55.0826 4036 swprv - ok
15:59:55.0951 4036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:59:55.0951 4036 SysMain - ok
15:59:55.0998 4036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:59:55.0998 4036 TabletInputService - ok
15:59:56.0013 4036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:59:56.0013 4036 TapiSrv - ok
15:59:56.0029 4036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:59:56.0029 4036 TBS - ok
15:59:56.0185 4036 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:59:56.0232 4036 Tcpip - ok
15:59:56.0278 4036 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:59:56.0278 4036 TCPIP6 - ok
15:59:56.0325 4036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:59:56.0325 4036 tcpipreg - ok
15:59:56.0341 4036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:59:56.0341 4036 TDPIPE - ok
15:59:56.0372 4036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:59:56.0403 4036 TDTCP - ok
15:59:56.0466 4036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:59:56.0466 4036 tdx - ok
15:59:56.0497 4036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:59:56.0512 4036 TermDD - ok
15:59:56.0528 4036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:59:56.0528 4036 TermService - ok
15:59:56.0544 4036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:59:56.0544 4036 Themes - ok
15:59:56.0575 4036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:59:56.0575 4036 THREADORDER - ok
15:59:56.0590 4036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:59:56.0590 4036 TrkWks - ok
15:59:56.0700 4036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:59:56.0700 4036 TrustedInstaller - ok
15:59:56.0746 4036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:56.0746 4036 tssecsrv - ok
15:59:56.0778 4036 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:59:56.0778 4036 TsUsbFlt - ok
15:59:56.0824 4036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:59:56.0824 4036 tunnel - ok
15:59:56.0840 4036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:59:56.0840 4036 uagp35 - ok
15:59:56.0871 4036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:59:56.0887 4036 udfs - ok
15:59:56.0902 4036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:59:56.0902 4036 UI0Detect - ok
15:59:56.0918 4036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:59:56.0918 4036 uliagpkx - ok
15:59:56.0934 4036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:59:56.0934 4036 umbus - ok
15:59:56.0949 4036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:59:56.0949 4036 UmPass - ok
15:59:57.0027 4036 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
15:59:57.0027 4036 Updater Service - ok
15:59:57.0043 4036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:59:57.0058 4036 upnphost - ok
15:59:57.0090 4036 [ BCD611D240604CEEE7F90805361FAB50 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:59:57.0090 4036 upperdev - ok
15:59:57.0136 4036 [ 9E58997A211C8C9AC9E6CFFA53614A73 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:59:57.0136 4036 USBAAPL64 - ok
15:59:57.0152 4036 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:57.0152 4036 usbccgp - ok
15:59:57.0183 4036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:59:57.0183 4036 usbcir - ok
15:59:57.0199 4036 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:59:57.0214 4036 usbehci - ok
15:59:57.0230 4036 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:59:57.0230 4036 usbhub - ok
15:59:57.0246 4036 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:59:57.0246 4036 usbohci - ok
15:59:57.0261 4036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:59:57.0261 4036 usbprint - ok
15:59:57.0308 4036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:59:57.0339 4036 usbscan - ok
15:59:57.0370 4036 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
15:59:57.0370 4036 usbser - ok
15:59:57.0402 4036 [ D91BE2644B18B4E3C69982FE0E1E97D6 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
15:59:57.0402 4036 UsbserFilt - ok
15:59:57.0433 4036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:57.0433 4036 USBSTOR - ok
15:59:57.0448 4036 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:57.0448 4036 usbuhci - ok
15:59:57.0495 4036 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
15:59:57.0511 4036 usb_rndisx - ok
15:59:57.0511 4036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:59:57.0511 4036 UxSms - ok
15:59:57.0526 4036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:59:57.0526 4036 VaultSvc - ok
15:59:57.0542 4036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:59:57.0542 4036 vdrvroot - ok
15:59:57.0589 4036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:59:57.0604 4036 vds - ok
15:59:57.0620 4036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:57.0620 4036 vga - ok
15:59:57.0636 4036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:59:57.0636 4036 VgaSave - ok
15:59:57.0651 4036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:59:57.0651 4036 vhdmp - ok
15:59:57.0667 4036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:59:57.0682 4036 viaide - ok
15:59:57.0698 4036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:59:57.0698 4036 volmgr - ok
15:59:57.0745 4036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:59:57.0745 4036 volmgrx - ok
15:59:57.0760 4036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:59:57.0760 4036 volsnap - ok
15:59:57.0792 4036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:59:57.0792 4036 vsmraid - ok
15:59:57.0870 4036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:59:57.0901 4036 VSS - ok
15:59:57.0916 4036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:59:57.0916 4036 vwifibus - ok
15:59:57.0932 4036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:59:57.0932 4036 W32Time - ok
15:59:57.0948 4036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:59:57.0963 4036 WacomPen - ok
15:59:57.0994 4036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:59:57.0994 4036 WANARP - ok
15:59:57.0994 4036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:59:57.0994 4036 Wanarpv6 - ok
15:59:58.0072 4036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:59:58.0104 4036 WatAdminSvc - ok
15:59:58.0306 4036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:59:58.0338 4036 wbengine - ok
15:59:58.0353 4036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:59:58.0353 4036 WbioSrvc - ok
15:59:58.0384 4036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:59:58.0384 4036 wcncsvc - ok
15:59:58.0400 4036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:59:58.0400 4036 WcsPlugInService - ok
15:59:58.0416 4036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:59:58.0416 4036 Wd - ok
15:59:58.0478 4036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:59:58.0478 4036 Wdf01000 - ok
15:59:58.0494 4036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:59:58.0494 4036 WdiServiceHost - ok
15:59:58.0494 4036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:59:58.0509 4036 WdiSystemHost - ok
15:59:58.0603 4036 [ D75398987C968DCBABC411E08029E387 ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
15:59:58.0603 4036 Web Assistant - ok
15:59:58.0650 4036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:59:58.0650 4036 WebClient - ok
15:59:58.0665 4036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:59:58.0665 4036 Wecsvc - ok
15:59:58.0696 4036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:59:58.0696 4036 wercplsupport - ok
15:59:58.0728 4036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:59:58.0728 4036 WerSvc - ok
15:59:58.0743 4036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:58.0743 4036 WfpLwf - ok
15:59:58.0774 4036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:59:58.0774 4036 WIMMount - ok
15:59:58.0806 4036 WinDefend - ok
15:59:58.0806 4036 WinHttpAutoProxySvc - ok
15:59:58.0852 4036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:59:58.0852 4036 Winmgmt - ok
15:59:58.0915 4036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:59:58.0962 4036 WinRM - ok
15:59:59.0024 4036 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:59.0024 4036 WinUsb - ok
15:59:59.0040 4036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:59:59.0040 4036 Wlansvc - ok
15:59:59.0164 4036 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:59:59.0180 4036 wlidsvc - ok
15:59:59.0211 4036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:59:59.0211 4036 WmiAcpi - ok
15:59:59.0227 4036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:59:59.0227 4036 wmiApSrv - ok
15:59:59.0242 4036 WMPNetworkSvc - ok
15:59:59.0336 4036 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
15:59:59.0352 4036 WMZuneComm - ok
15:59:59.0383 4036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:59:59.0383 4036 WPCSvc - ok
15:59:59.0414 4036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:59:59.0414 4036 WPDBusEnum - ok
15:59:59.0445 4036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:59:59.0445 4036 ws2ifsl - ok
15:59:59.0492 4036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:59:59.0492 4036 wscsvc - ok
15:59:59.0508 4036 WSearch - ok
15:59:59.0586 4036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:59:59.0617 4036 wuauserv - ok
15:59:59.0664 4036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:59:59.0664 4036 WudfPf - ok
15:59:59.0664 4036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:59.0664 4036 WUDFRd - ok
15:59:59.0710 4036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:59:59.0710 4036 wudfsvc - ok
15:59:59.0726 4036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:59:59.0726 4036 WwanSvc - ok
16:00:00.0178 4036 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
16:00:00.0334 4036 ZuneNetworkSvc - ok
16:00:00.0381 4036 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:00:00.0397 4036 ZuneWlanCfgSvc - ok
16:00:00.0412 4036 ================ Scan global ===============================
16:00:00.0444 4036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:00:00.0475 4036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:00:00.0475 4036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:00:00.0537 4036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:00:00.0568 4036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:00:00.0568 4036 [Global] - ok
16:00:00.0568 4036 ================ Scan MBR ==================================
16:00:00.0584 4036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:00:02.0503 4036 \Device\Harddisk0\DR0 - ok
16:00:02.0503 4036 ================ Scan VBR ==================================
16:00:02.0503 4036 [ 802E5DA19DA6185B95F40FBB08587E5F ] \Device\Harddisk0\DR0\Partition1
16:00:02.0503 4036 \Device\Harddisk0\DR0\Partition1 - ok
16:00:02.0518 4036 [ 6D71F407D307F81D9D4506CEF3CD6C50 ] \Device\Harddisk0\DR0\Partition2
16:00:02.0518 4036 \Device\Harddisk0\DR0\Partition2 - ok
16:00:02.0534 4036 [ EB519861BF2F4448AC6DCBD7B73B6861 ] \Device\Harddisk0\DR0\Partition3
16:00:02.0534 4036 \Device\Harddisk0\DR0\Partition3 - ok
16:00:02.0534 4036 ================ Scan active images ========================
16:00:02.0534 4036 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
16:00:02.0534 4036 C:\Windows\System32\drivers\crashdmp.sys - ok
16:00:02.0550 4036 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] C:\Windows\System32\drivers\iaStor.sys
16:00:02.0550 4036 C:\Windows\System32\drivers\iaStor.sys - ok
16:00:02.0550 4036 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
16:00:02.0550 4036 C:\Windows\System32\drivers\dumpfve.sys - ok
16:00:02.0550 4036 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
16:00:02.0550 4036 C:\Windows\System32\drivers\cdrom.sys - ok
16:00:02.0565 4036 [ 2744EB4FEEF8760B908E9EABBBD5A6A7 ] C:\Windows\System32\drivers\klflt.sys
16:00:02.0565 4036 C:\Windows\System32\drivers\klflt.sys - ok
16:00:02.0565 4036 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] C:\Windows\System32\drivers\klif.sys
16:00:02.0565 4036 C:\Windows\System32\drivers\klif.sys - ok
16:00:02.0565 4036 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
16:00:02.0565 4036 C:\Windows\System32\drivers\null.sys - ok
16:00:02.0581 4036 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
16:00:02.0581 4036 C:\Windows\System32\drivers\beep.sys - ok
16:00:02.0581 4036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
16:00:02.0581 4036 C:\Windows\System32\drivers\RDPCDD.sys - ok
16:00:02.0581 4036 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
16:00:02.0581 4036 C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:00:02.0596 4036 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
16:00:02.0596 4036 C:\Windows\System32\drivers\RDPREFMP.sys - ok
16:00:02.0596 4036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
16:00:02.0596 4036 C:\Windows\System32\drivers\vga.sys - ok
16:00:02.0596 4036 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
16:00:02.0596 4036 C:\Windows\System32\drivers\videoprt.sys - ok
16:00:02.0596 4036 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
16:00:02.0596 4036 C:\Windows\System32\drivers\watchdog.sys - ok
16:00:02.0612 4036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
16:00:02.0612 4036 C:\Windows\System32\drivers\msfs.sys - ok
16:00:02.0612 4036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
16:00:02.0612 4036 C:\Windows\System32\drivers\npfs.sys - ok
16:00:02.0612 4036 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
16:00:02.0612 4036 C:\Windows\System32\drivers\tdi.sys - ok
16:00:02.0628 4036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
16:00:02.0628 4036 C:\Windows\System32\drivers\tdx.sys - ok
16:00:02.0628 4036 [ A8081ED8D48FA611D11DB97F49A5343D ] C:\Windows\System32\drivers\kltdi.sys
16:00:02.0628 4036 C:\Windows\System32\drivers\kltdi.sys - ok
16:00:02.0628 4036 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
16:00:02.0628 4036 C:\Windows\System32\drivers\netbt.sys - ok
16:00:02.0643 4036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
16:00:02.0643 4036 C:\Windows\System32\drivers\afd.sys - ok
16:00:02.0643 4036 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] C:\Windows\System32\drivers\klim6.sys
16:00:02.0643 4036 C:\Windows\System32\drivers\klim6.sys - ok
16:00:02.0643 4036 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
16:00:02.0643 4036 C:\Windows\System32\drivers\pacer.sys - ok
16:00:02.0659 4036 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
16:00:02.0659 4036 C:\Windows\System32\drivers\wfplwf.sys - ok
16:00:02.0659 4036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
16:00:02.0659 4036 C:\Windows\System32\drivers\ws2ifsl.sys - ok
16:00:02.0659 4036 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
16:00:02.0659 4036 C:\Windows\System32\drivers\netbios.sys - ok
16:00:02.0659 4036 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
16:00:02.0659 4036 C:\Windows\System32\drivers\rdbss.sys - ok
16:00:02.0674 4036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
16:00:02.0674 4036 C:\Windows\System32\drivers\termdd.sys - ok
16:00:02.0674 4036 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
16:00:02.0674 4036 C:\Windows\System32\drivers\wanarp.sys - ok
16:00:02.0674 4036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
16:00:02.0674 4036 C:\Windows\System32\drivers\discache.sys - ok
16:00:02.0690 4036 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] C:\Windows\System32\drivers\kneps.sys
16:00:02.0690 4036 C:\Windows\System32\drivers\kneps.sys - ok
16:00:02.0690 4036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
16:00:02.0690 4036 C:\Windows\System32\drivers\mssmbios.sys - ok
16:00:02.0690 4036 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
16:00:02.0690 4036 C:\Windows\System32\drivers\nsiproxy.sys - ok
16:00:02.0706 4036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
16:00:02.0706 4036 C:\Windows\System32\drivers\blbdrive.sys - ok
16:00:02.0706 4036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
16:00:02.0706 4036 C:\Windows\System32\drivers\dfsc.sys - ok
16:00:02.0706 4036 [ ED45F12CFA62B83765C9C1496758CC87 ] C:\Windows\System32\drivers\avipbb.sys
16:00:02.0706 4036 C:\Windows\System32\drivers\avipbb.sys - ok
16:00:02.0721 4036 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
16:00:02.0721 4036 C:\Windows\System32\drivers\intelppm.sys - ok
16:00:02.0721 4036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
16:00:02.0721 4036 C:\Windows\System32\drivers\tunnel.sys - ok
16:00:02.0721 4036 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
16:00:02.0721 4036 C:\Windows\System32\ntdll.dll - ok
16:00:02.0721 4036 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
16:00:02.0721 4036 C:\Windows\System32\smss.exe - ok
16:00:02.0737 4036 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
16:00:02.0737 4036 C:\Windows\System32\autochk.exe - ok
16:00:02.0737 4036 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] C:\Windows\System32\drivers\nvlddmkm.sys
16:00:02.0737 4036 C:\Windows\System32\drivers\nvlddmkm.sys - ok
16:00:02.0737 4036 [ B617642CD7B511F9996077B4C6CE781E ] C:\Windows\System32\drivers\nvBridge.kmd
16:00:02.0737 4036 C:\Windows\System32\drivers\nvBridge.kmd - ok
16:00:02.0752 4036 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
16:00:02.0752 4036 C:\Windows\System32\drivers\dxgkrnl.sys - ok
16:00:02.0752 4036 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
16:00:02.0752 4036 C:\Windows\System32\sechost.dll - ok
16:00:02.0752 4036 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
16:00:02.0752 4036 C:\Windows\System32\drivers\dxgmms1.sys - ok
16:00:02.0768 4036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
16:00:02.0768 4036 C:\Windows\System32\drivers\hdaudbus.sys - ok
16:00:02.0768 4036 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
16:00:02.0768 4036 C:\Windows\System32\clbcatq.dll - ok
16:00:02.0768 4036 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] C:\Windows\System32\drivers\e1y60x64.sys
16:00:02.0768 4036 C:\Windows\System32\drivers\e1y60x64.sys - ok
16:00:02.0784 4036 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
16:00:02.0784 4036 C:\Windows\System32\drivers\usbport.sys - ok
16:00:02.0784 4036 [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
16:00:02.0784 4036 C:\Windows\System32\drivers\1394ohci.sys - ok
16:00:02.0784 4036 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
16:00:02.0784 4036 C:\Windows\System32\drivers\usbehci.sys - ok
16:00:02.0799 4036 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
16:00:02.0799 4036 C:\Windows\System32\drivers\usbuhci.sys - ok
16:00:02.0799 4036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
16:00:02.0799 4036 C:\Windows\System32\drivers\i8042prt.sys - ok
16:00:02.0799 4036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
16:00:02.0799 4036 C:\Windows\System32\drivers\kbdclass.sys - ok
16:00:02.0815 4036 [ 2C43FD500522EF3B8C283A5846B7FC41 ] C:\Windows\System32\drivers\klkbdflt.sys
16:00:02.0815 4036 C:\Windows\System32\drivers\klkbdflt.sys - ok
16:00:02.0815 4036 [ 70A6D2E292017EC47949696F51ABE18D ] C:\Windows\System32\drivers\klmouflt.sys
16:00:02.0815 4036 C:\Windows\System32\drivers\klmouflt.sys - ok
16:00:02.0815 4036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
16:00:02.0815 4036 C:\Windows\System32\drivers\mouclass.sys - ok
16:00:02.0815 4036 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
16:00:02.0815 4036 C:\Windows\System32\normaliz.dll - ok
16:00:02.0830 4036 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
16:00:02.0830 4036 C:\Windows\System32\oleaut32.dll - ok
16:00:02.0830 4036 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
16:00:02.0830 4036 C:\Windows\System32\user32.dll - ok
16:00:02.0846 4036 [ 7EA5274E1688339A72C152438F5BBE80 ] C:\Windows\System32\wininet.dll
16:00:02.0846 4036 C:\Windows\System32\wininet.dll - ok
16:00:02.0846 4036 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
16:00:02.0846 4036 C:\Windows\System32\Wldap32.dll - ok
16:00:02.0846 4036 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
16:00:02.0846 4036 C:\Windows\System32\gdi32.dll - ok
16:00:02.0846 4036 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
16:00:02.0846 4036 C:\Windows\System32\rpcrt4.dll - ok
16:00:02.0862 4036 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
16:00:02.0862 4036 C:\Windows\System32\imm32.dll - ok
16:00:02.0862 4036 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
16:00:02.0862 4036 C:\Windows\System32\psapi.dll - ok
16:00:02.0862 4036 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
16:00:02.0862 4036 C:\Windows\System32\shell32.dll - ok
16:00:02.0877 4036 [ 3671DB654F8DD9D662F7713D1A666EC3 ] C:\Windows\System32\iertutil.dll
16:00:02.0877 4036 C:\Windows\System32\iertutil.dll - ok
16:00:02.0877 4036 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
16:00:02.0877 4036 C:\Windows\System32\ole32.dll - ok
16:00:02.0877 4036 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
16:00:02.0877 4036 C:\Windows\System32\kernel32.dll - ok
16:00:02.0893 4036 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
16:00:02.0893 4036 C:\Windows\System32\lpk.dll - ok
16:00:02.0893 4036 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
16:00:02.0893 4036 C:\Windows\System32\advapi32.dll - ok
16:00:02.0893 4036 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
16:00:02.0893 4036 C:\Windows\System32\difxapi.dll - ok
16:00:02.0908 4036 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
16:00:02.0908 4036 C:\Windows\System32\setupapi.dll - ok
16:00:02.0908 4036 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
16:00:02.0908 4036 C:\Windows\System32\comdlg32.dll - ok
16:00:02.0908 4036 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
16:00:02.0908 4036 C:\Windows\System32\imagehlp.dll - ok
16:00:02.0924 4036 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
16:00:02.0924 4036 C:\Windows\System32\nsi.dll - ok
16:00:02.0924 4036 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
16:00:02.0924 4036 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
16:00:02.0924 4036 [ 47A26995DB61FB5B3B54026C26A7A998 ] C:\Windows\System32\urlmon.dll
16:00:02.0924 4036 C:\Windows\System32\urlmon.dll - ok
16:00:02.0940 4036 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
16:00:02.0940 4036 C:\Windows\System32\msvcrt.dll - ok
16:00:02.0940 4036 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
16:00:02.0940 4036 C:\Windows\System32\usp10.dll - ok
16:00:02.0940 4036 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
16:00:02.0940 4036 C:\Windows\System32\ws2_32.dll - ok
16:00:02.0940 4036 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
16:00:02.0940 4036 C:\Windows\System32\msctf.dll - ok
16:00:02.0955 4036 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
16:00:02.0955 4036 C:\Windows\System32\shlwapi.dll - ok
16:00:02.0955 4036 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
16:00:02.0955 4036 C:\Windows\System32\cfgmgr32.dll - ok
16:00:02.0971 4036 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
16:00:02.0971 4036 C:\Windows\System32\KernelBase.dll - ok
16:00:02.0971 4036 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
16:00:02.0971 4036 C:\Windows\System32\devobj.dll - ok
16:00:02.0971 4036 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
16:00:02.0971 4036 C:\Windows\System32\wintrust.dll - ok
16:00:02.0971 4036 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
16:00:02.0971 4036 C:\Windows\System32\crypt32.dll - ok
16:00:02.0986 4036 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
16:00:02.0986 4036 C:\Windows\System32\comctl32.dll - ok
16:00:02.0986 4036 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
16:00:02.0986 4036 C:\Windows\System32\msasn1.dll - ok
16:00:02.0986 4036 [ 9A6342C69B411005C0EEEFFA9B98630B ] \Device\1510592667
16:00:02.0986 4036 \Device\1510592667 - ok
16:00:03.0002 4036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
16:00:03.0002 4036 C:\Windows\System32\drivers\agilevpn.sys - ok
16:00:03.0002 4036 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
16:00:03.0002 4036 C:\Windows\System32\drivers\CompositeBus.sys - ok
16:00:03.0002 4036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
16:00:03.0002 4036 C:\Windows\System32\drivers\ndistapi.sys - ok
16:00:03.0018 4036 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
16:00:03.0018 4036 C:\Windows\System32\drivers\rasl2tp.sys - ok
16:00:03.0018 4036 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
16:00:03.0018 4036 C:\Windows\System32\drivers\wmiacpi.sys - ok
16:00:03.0018 4036 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
16:00:03.0018 4036 C:\Windows\System32\drivers\ndiswan.sys - ok
16:00:03.0033 4036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
16:00:03.0033 4036 C:\Windows\System32\drivers\raspppoe.sys - ok
16:00:03.0033 4036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
16:00:03.0033 4036 C:\Windows\System32\drivers\raspptp.sys - ok
16:00:03.0033 4036 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
16:00:03.0033 4036 C:\Windows\System32\drivers\ks.sys - ok
16:00:03.0049 4036 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
16:00:03.0049 4036 C:\Windows\System32\drivers\rassstp.sys - ok
16:00:03.0049 4036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
16:00:03.0049 4036 C:\Windows\System32\drivers\swenum.sys - ok
16:00:03.0049 4036 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
16:00:03.0049 4036 C:\Windows\System32\drivers\umbus.sys - ok
16:00:03.0049 4036 [ 57DAD6D26B34A6BCC3E8315B65DE1D95 ] C:\Windows\System32\drivers\onda_mx83xup_dc_enum.sys
16:00:03.0049 4036 C:\Windows\System32\drivers\onda_mx83xup_dc_enum.sys - ok
16:00:03.0064 4036 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
16:00:03.0064 4036 C:\Windows\SysWOW64\normaliz.dll - ok
16:00:03.0064 4036 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
16:00:03.0064 4036 C:\Windows\System32\drivers\usbhub.sys - ok
16:00:03.0064 4036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
16:00:03.0064 4036 C:\Windows\System32\drivers\ndproxy.sys - ok
16:00:03.0080 4036 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
16:00:03.0080 4036 C:\Windows\System32\drivers\drmk.sys - ok
16:00:03.0080 4036 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
16:00:03.0080 4036 C:\Windows\System32\drivers\ksthunk.sys - ok
16:00:03.0080 4036 [ CB599955CE2CE9694721562F9481CD84 ] C:\Windows\System32\drivers\nvhda64v.sys
16:00:03.0080 4036 C:\Windows\System32\drivers\nvhda64v.sys - ok
16:00:03.0096 4036 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
16:00:03.0096 4036 C:\Windows\System32\drivers\portcls.sys - ok
16:00:03.0096 4036 [ BC64B75E8E0A0B8982AB773483164E72 ] C:\Windows\System32\drivers\RTKVHD64.sys
16:00:03.0096 4036 C:\Windows\System32\drivers\RTKVHD64.sys - ok
16:00:03.0096 4036 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
16:00:03.0096 4036 C:\Windows\System32\drivers\dxapi.sys - ok
16:00:03.0096 4036 [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
16:00:03.0096 4036 C:\Windows\System32\win32k.sys - ok
16:00:03.0111 4036 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
16:00:03.0111 4036 C:\Windows\System32\csrsrv.dll - ok
16:00:03.0111 4036 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
16:00:03.0111 4036 C:\Windows\System32\csrss.exe - ok
16:00:03.0111 4036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
16:00:03.0111 4036 C:\Windows\System32\basesrv.dll - ok
16:00:03.0127 4036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
16:00:03.0127 4036 C:\Windows\System32\winsrv.dll - ok
16:00:03.0127 4036 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
16:00:03.0127 4036 C:\Windows\System32\drivers\usbccgp.sys - ok
16:00:03.0127 4036 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
16:00:03.0127 4036 C:\Windows\System32\drivers\usbd.sys - ok
16:00:03.0142 4036 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
16:00:03.0142 4036 C:\Windows\System32\drivers\USBSTOR.SYS - ok
16:00:03.0142 4036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
16:00:03.0142 4036 C:\Windows\System32\drivers\monitor.sys - ok
16:00:03.0142 4036 [ 800BA92F7010378B09F9ED9270F07137 ] C:\Windows\System32\drivers\modem.sys
16:00:03.0142 4036 C:\Windows\System32\drivers\modem.sys - ok
16:00:03.0158 4036 [ 9CCABF24F5825B3FFAAF790D232E34DC ] C:\Windows\System32\drivers\onda_mx83xup_cdc_acm.sys
16:00:03.0158 4036 C:\Windows\System32\drivers\onda_mx83xup_cdc_acm.sys - ok
16:00:03.0158 4036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
16:00:03.0158 4036 C:\Windows\System32\sxssrv.dll - ok
16:00:03.0158 4036 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
16:00:03.0158 4036 C:\Windows\System32\tsddd.dll - ok
16:00:03.0174 4036 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
16:00:03.0174 4036 C:\Windows\System32\wininit.exe - ok
16:00:03.0174 4036 [ 79983483BC764E2CAB1799793170F4FE ] C:\Windows\System32\KBDIT.DLL
16:00:03.0174 4036 C:\Windows\System32\KBDIT.DLL - ok
16:00:03.0174 4036 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
16:00:03.0174 4036 C:\Windows\System32\profapi.dll - ok
16:00:03.0189 4036 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
16:00:03.0189 4036 C:\Windows\System32\RpcRtRemote.dll - ok
16:00:03.0189 4036 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
16:00:03.0189 4036 C:\Windows\System32\cdd.dll - ok
16:00:03.0205 4036 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
16:00:03.0205 4036 C:\Windows\System32\KBDUS.DLL - ok
16:00:03.0205 4036 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
16:00:03.0205 4036 C:\Windows\System32\WlS0WndH.dll - ok
16:00:03.0205 4036 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
16:00:03.0205 4036 C:\Windows\System32\sxs.dll - ok
16:00:03.0220 4036 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
16:00:03.0220 4036 C:\Windows\System32\cryptbase.dll - ok
16:00:03.0220 4036 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
16:00:03.0220 4036 C:\Windows\System32\apphelp.dll - ok
16:00:03.0220 4036 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
16:00:03.0220 4036 C:\Windows\System32\lsasrv.dll - ok
16:00:03.0236 4036 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
16:00:03.0236 4036 C:\Windows\System32\lsass.exe - ok
16:00:03.0236 4036 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
16:00:03.0236 4036 C:\Windows\System32\lsm.exe - ok
16:00:03.0236 4036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
16:00:03.0236 4036 C:\Windows\System32\services.exe - ok
16:00:03.0252 4036 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
16:00:03.0252 4036 C:\Windows\System32\sspicli.dll - ok
16:00:03.0252 4036 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
16:00:03.0252 4036 C:\Windows\System32\sspisrv.dll - ok
16:00:03.0252 4036 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
16:00:03.0252 4036 C:\Windows\System32\sysntfy.dll - ok
16:00:03.0252 4036 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
16:00:03.0252 4036 C:\Windows\System32\wmsgapi.dll - ok
16:00:03.0267 4036 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
16:00:03.0267 4036 C:\Windows\System32\samsrv.dll - ok
16:00:03.0267 4036 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
16:00:03.0267 4036 C:\Windows\System32\scesrv.dll - ok
16:00:03.0283 4036 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
16:00:03.0283 4036 C:\Windows\System32\scext.dll - ok
16:00:03.0283 4036 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
16:00:03.0283 4036 C:\Windows\System32\secur32.dll - ok
16:00:03.0283 4036 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
16:00:03.0283 4036 C:\Windows\System32\winlogon.exe - ok
16:00:03.0298 4036 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
16:00:03.0298 4036 C:\Windows\System32\winsta.dll - ok
16:00:03.0298 4036 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
16:00:03.0298 4036 C:\Windows\System32\cryptdll.dll - ok
16:00:03.0298 4036 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
16:00:03.0298 4036 C:\Windows\System32\srvcli.dll - ok
16:00:03.0314 4036 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
16:00:03.0314 4036 C:\Windows\System32\wevtapi.dll - ok
16:00:03.0314 4036 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
16:00:03.0314 4036 C:\Windows\System32\authz.dll - ok
16:00:03.0314 4036 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
16:00:03.0314 4036 C:\Windows\System32\cngaudit.dll - ok
16:00:03.0330 4036 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
16:00:03.0330 4036 C:\Windows\System32\ncrypt.dll - ok
16:00:03.0330 4036 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
16:00:03.0330 4036 C:\Windows\System32\bcrypt.dll - ok
16:00:03.0330 4036 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
16:00:03.0330 4036 C:\Windows\System32\msprivs.dll - ok
16:00:03.0345 4036 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
16:00:03.0345 4036 C:\Windows\System32\negoexts.dll - ok
16:00:03.0345 4036 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
16:00:03.0345 4036 C:\Windows\System32\netjoin.dll - ok
16:00:03.0345 4036 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
16:00:03.0345 4036 C:\Windows\System32\kerberos.dll - ok
16:00:03.0345 4036 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
16:00:03.0345 4036 C:\Windows\System32\cryptsp.dll - ok
16:00:03.0361 4036 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
16:00:03.0361 4036 C:\Windows\System32\mswsock.dll - ok
16:00:03.0361 4036 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
16:00:03.0361 4036 C:\Windows\System32\msv1_0.dll - ok
16:00:03.0361 4036 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
16:00:03.0361 4036 C:\Windows\System32\wship6.dll - ok
16:00:03.0376 4036 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
16:00:03.0376 4036 C:\Windows\System32\netlogon.dll - ok
16:00:03.0376 4036 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
16:00:03.0376 4036 C:\Windows\System32\dnsapi.dll - ok
16:00:03.0376 4036 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
16:00:03.0376 4036 C:\Windows\System32\logoncli.dll - ok
16:00:03.0376 4036 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
16:00:03.0376 4036 C:\Windows\System32\schannel.dll - ok
16:00:03.0392 4036 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
16:00:03.0392 4036 C:\Windows\System32\wdigest.dll - ok
16:00:03.0392 4036 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
16:00:03.0392 4036 C:\Windows\System32\rsaenh.dll - ok
16:00:03.0392 4036 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
16:00:03.0392 4036 C:\Windows\System32\LIVESSP.DLL - ok
16:00:03.0408 4036 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
16:00:03.0408 4036 C:\Windows\System32\pku2u.dll - ok
16:00:03.0408 4036 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
16:00:03.0408 4036 C:\Windows\System32\TSpkg.dll - ok
16:00:03.0408 4036 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
16:00:03.0408 4036 C:\Windows\System32\bcryptprimitives.dll - ok
16:00:03.0423 4036 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
16:00:03.0423 4036 C:\Windows\System32\credssp.dll - ok
16:00:03.0423 4036 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
16:00:03.0423 4036 C:\Windows\System32\efslsaext.dll - ok
16:00:03.0423 4036 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
16:00:03.0423 4036 C:\Windows\System32\scecli.dll - ok
16:00:03.0423 4036 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
16:00:03.0423 4036 C:\Windows\System32\ubpm.dll - ok
16:00:03.0439 4036 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
16:00:03.0439 4036 C:\Windows\System32\svchost.exe - ok
16:00:03.0439 4036 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
16:00:03.0439 4036 C:\Windows\System32\umpnpmgr.dll - ok
16:00:03.0439 4036 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
16:00:03.0439 4036 C:\Windows\System32\SPInf.dll - ok
16:00:03.0454 4036 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
16:00:03.0454 4036 C:\Windows\System32\devrtl.dll - ok
16:00:03.0454 4036 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
16:00:03.0454 4036 C:\Windows\System32\userenv.dll - ok
16:00:03.0454 4036 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
16:00:03.0454 4036 C:\Windows\System32\gpapi.dll - ok
16:00:03.0454 4036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
16:00:03.0470 4036 C:\Windows\System32\umpo.dll - ok
16:00:03.0470 4036 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
16:00:03.0470 4036 C:\Windows\System32\pcwum.dll - ok
16:00:03.0470 4036 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
16:00:03.0470 4036 C:\Windows\System32\powrprof.dll - ok
16:00:03.0470 4036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
16:00:03.0470 4036 C:\Windows\System32\drivers\luafv.sys - ok
16:00:03.0486 4036 [ B1224E6B086CD6548315B04AB575A23E ] C:\Windows\System32\drivers\avgntflt.sys
16:00:03.0486 4036 C:\Windows\System32\drivers\avgntflt.sys - ok
16:00:03.0486 4036 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] C:\Windows\System32\nvvsvc.exe
16:00:03.0486 4036 C:\Windows\System32\nvvsvc.exe - ok
16:00:03.0486 4036 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
16:00:03.0486 4036 C:\Windows\System32\wtsapi32.dll - ok
16:00:03.0501 4036 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:00:03.0501 4036 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
16:00:03.0501 4036 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
16:00:03.0501 4036 C:\Windows\SysWOW64\ntdll.dll - ok
16:00:03.0501 4036 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
16:00:03.0501 4036 C:\Windows\System32\wow64.dll - ok
16:00:03.0501 4036 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
16:00:03.0501 4036 C:\Windows\System32\wow64win.dll - ok
16:00:03.0517 4036 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
16:00:03.0517 4036 C:\Windows\System32\wow64cpu.dll - ok
16:00:03.0517 4036 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
16:00:03.0517 4036 C:\Windows\SysWOW64\kernel32.dll - ok
16:00:03.0517 4036 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
16:00:03.0517 4036 C:\Windows\SysWOW64\KernelBase.dll - ok
16:00:03.0532 4036 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
16:00:03.0532 4036 C:\Windows\SysWOW64\msvcrt.dll - ok
16:00:03.0532 4036 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
16:00:03.0532 4036 C:\Windows\SysWOW64\version.dll - ok
16:00:03.0532 4036 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
16:00:03.0532 4036 C:\Windows\SysWOW64\setupapi.dll - ok
16:00:03.0548 4036 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
16:00:03.0548 4036 C:\Windows\SysWOW64\cfgmgr32.dll - ok
16:00:03.0548 4036 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
16:00:03.0548 4036 C:\Windows\SysWOW64\rpcrt4.dll - ok
16:00:03.0548 4036 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
16:00:03.0548 4036 C:\Windows\SysWOW64\advapi32.dll - ok
16:00:03.0564 4036 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
16:00:03.0564 4036 C:\Windows\SysWOW64\cryptbase.dll - ok
16:00:03.0564 4036 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
16:00:03.0564 4036 C:\Windows\SysWOW64\sechost.dll - ok
16:00:03.0564 4036 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
16:00:03.0564 4036 C:\Windows\SysWOW64\sspicli.dll - ok
16:00:03.0564 4036 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
16:00:03.0564 4036 C:\Windows\SysWOW64\gdi32.dll - ok
16:00:03.0579 4036 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
16:00:03.0579 4036 C:\Windows\SysWOW64\lpk.dll - ok
16:00:03.0579 4036 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
16:00:03.0579 4036 C:\Windows\SysWOW64\user32.dll - ok
16:00:03.0579 4036 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
16:00:03.0579 4036 C:\Windows\SysWOW64\usp10.dll - ok
16:00:03.0595 4036 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
16:00:03.0595 4036 C:\Windows\SysWOW64\oleaut32.dll - ok
16:00:03.0595 4036 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
16:00:03.0595 4036 C:\Windows\SysWOW64\ole32.dll - ok
16:00:03.0595 4036 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
16:00:03.0595 4036 C:\Windows\SysWOW64\devobj.dll - ok
16:00:03.0595 4036 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
16:00:03.0595 4036 C:\Windows\SysWOW64\winspool.drv - ok
16:00:03.0610 4036 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
16:00:03.0610 4036 C:\Windows\SysWOW64\imm32.dll - ok
16:00:03.0610 4036 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
16:00:03.0610 4036 C:\Windows\SysWOW64\msctf.dll - ok
16:00:03.0610 4036 [ 145E7826A07D98628924A9B06F6273AB ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll
16:00:03.0610 4036 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll - ok
16:00:03.0626 4036 [ 7AD857422AFA068A39A4B4BBF7FCC49C ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll
16:00:03.0626 4036 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll - ok
16:00:03.0626 4036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
16:00:03.0626 4036 C:\Windows\System32\rpcss.dll - ok
16:00:03.0626 4036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
16:00:03.0626 4036 C:\Windows\System32\RpcEpMap.dll - ok
16:00:03.0642 4036 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
16:00:03.0642 4036 C:\Windows\SysWOW64\wintrust.dll - ok
16:00:03.0642 4036 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
16:00:03.0642 4036 C:\Windows\SysWOW64\crypt32.dll - ok
16:00:03.0642 4036 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
16:00:03.0642 4036 C:\Windows\SysWOW64\msasn1.dll - ok
16:00:03.0642 4036 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
16:00:03.0642 4036 C:\Windows\SysWOW64\ntmarta.dll - ok
16:00:03.0657 4036 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
16:00:03.0657 4036 C:\Windows\System32\wshqos.dll - ok
16:00:03.0657 4036 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
16:00:03.0657 4036 C:\Windows\System32\WSHTCPIP.DLL - ok
16:00:03.0657 4036 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
16:00:03.0657 4036 C:\Windows\SysWOW64\Wldap32.dll - ok
16:00:03.0673 4036 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
16:00:03.0673 4036 C:\Windows\System32\FirewallAPI.dll - ok
16:00:03.0673 4036 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
16:00:03.0673 4036 C:\Windows\SysWOW64\devrtl.dll - ok
16:00:03.0673 4036 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
16:00:03.0673 4036 C:\Windows\SysWOW64\SPInf.dll - ok
16:00:03.0688 4036 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
16:00:03.0688 4036 C:\Windows\System32\LogonUI.exe - ok
16:00:03.0688 4036 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
16:00:03.0688 4036 C:\Windows\System32\version.dll - ok
16:00:03.0688 4036 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
16:00:03.0688 4036 C:\Windows\System32\wevtsvc.dll - ok
16:00:03.0688 4036 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
16:00:03.0688 4036 C:\Windows\System32\authui.dll - ok
16:00:03.0704 4036 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
16:00:03.0704 4036 C:\Windows\System32\cryptui.dll - ok
16:00:03.0704 4036 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
16:00:03.0704 4036 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
16:00:03.0704 4036 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
16:00:03.0704 4036 C:\Windows\System32\adtschema.dll - ok
16:00:03.0720 4036 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll

[nerchiola]

il secondo log di tdsskiller (3a parte)

] C:\Windows\System32\dwmapi.dll
16:00:03.0798 4036 C:\Windows\System32\dwmapi.dll - ok
16:00:03.0798 4036 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
16:00:03.0798 4036 C:\Windows\System32\hid.dll - ok
16:00:03.0798 4036 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
16:00:03.0798 4036 C:\Windows\System32\xmllite.dll - ok
16:00:03.0813 4036 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
16:00:03.0813 4036 C:\Windows\System32\WindowsCodecs.dll - ok
16:00:03.0813 4036 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
16:00:03.0813 4036 C:\Windows\System32\VaultCredProvider.dll - ok
16:00:03.0813 4036 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
16:00:03.0813 4036 C:\Windows\System32\winbrand.dll - ok
16:00:03.0829 4036 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:00:03.0829 4036 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:00:03.0829 4036 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
16:00:03.0829 4036 C:\Windows\System32\BioCredProv.dll - ok
16:00:03.0829 4036 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
16:00:03.0829 4036 C:\Windows\System32\winbio.dll - ok
16:00:03.0844 4036 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
16:00:03.0844 4036 C:\Windows\System32\credui.dll - ok
16:00:03.0844 4036 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
16:00:03.0844 4036 C:\Windows\System32\netapi32.dll - ok
16:00:03.0844 4036 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
16:00:03.0844 4036 C:\Windows\System32\netutils.dll - ok
16:00:03.0860 4036 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
16:00:03.0860 4036 C:\Windows\System32\vaultcli.dll - ok
16:00:03.0860 4036 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
16:00:03.0860 4036 C:\Windows\System32\samcli.dll - ok
16:00:03.0860 4036 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
16:00:03.0860 4036 C:\Windows\System32\wkscli.dll - ok
16:00:03.0876 4036 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
16:00:03.0876 4036 C:\Windows\System32\certCredProvider.dll - ok
16:00:03.0876 4036 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

[nerchiola]

il secondo log di tdsskiller (4a parte)

16:00:05.0498 4036 C:\Windows\SysWOW64\dwmapi.dll - ok
16:00:05.0514 4036 [ 02C60C606B17D7797377F1AC837EA070 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:00:05.0514 4036 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
16:00:05.0514 4036 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
16:00:05.0514 4036 C:\Windows\SysWOW64\comdlg32.dll - ok
16:00:05.0514 4036 [ 0FEBED0093D2FD38DA6C6E5DE1ADA24C ] C:\Program Files\Zune\ZuneLauncher.exe
16:00:05.0514 4036 C:\Program Files\Zune\ZuneLauncher.exe - ok
16:00:05.0529 4036 [ 984BDAC9F4FC9993CE8D3A7D7DA3E9A5 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
16:00:05.0529 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
16:00:05.0529 4036 [ B3A029E4F539D2EAAB73C7307FE28147 ] C:\Program Files\Zune\ZuneCfg.dll
16:00:05.0529 4036 C:\Program Files\Zune\ZuneCfg.dll - ok
16:00:05.0529 4036 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
16:00:05.0529 4036 C:\Windows\System32\linkinfo.dll - ok
16:00:05.0545 4036 [ E366F0C5D6C948B76EEB3BE21762CAF6 ] C:\Program Files\Zune\ZuneShellExt.dll
16:00:05.0545 4036 C:\Program Files\Zune\ZuneShellExt.dll - ok
16:00:05.0545 4036 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
16:00:05.0545 4036 C:\Windows\SysWOW64\credssp.dll - ok
16:00:05.0560 4036 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
16:00:05.0560 4036 C:\Windows\System32\thumbcache.dll - ok
16:00:05.0560 4036 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
16:00:05.0560 4036 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
16:00:05.0576 4036 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
16:00:05.0576 4036 C:\Windows\SysWOW64\rasadhlp.dll - ok
16:00:05.0576 4036 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
16:00:05.0576 4036 C:\Windows\System32\shdocvw.dll - ok
16:00:05.0576 4036 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
16:00:05.0576 4036 C:\Windows\System32\aeevts.dll - ok
16:00:05.0592 4036 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
16:00:05.0592 4036 C:\Windows\System32\dsound.dll - ok
16:00:05.0592 4036 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
16:00:05.0592 4036 C:\Windows\System32\oledlg.dll - ok
16:00:05.0607 4036 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
16:00:05.0607 4036 C:\Windows\System32\AudioSes.dll - ok
16:00:05.0607 4036 [ 3960CEB4A6B13784252D827ECF65CED3 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll
16:00:05.0607 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll - ok
16:00:05.0607 4036 [ 02F7A5D18A9B33DE676A7C0010AB2326 ] C:\Windows\System32\RtkCfg64.dll
16:00:05.0607 4036 C:\Windows\System32\RtkCfg64.dll - ok
16:00:05.0607 4036 [ 232027F7CBBFBCF3F0C23C708CD9C836 ] C:\Windows\System32\RtkAPO64.dll
16:00:05.0607 4036 C:\Windows\System32\RtkAPO64.dll - ok
16:00:05.0623 4036 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
16:00:05.0623 4036 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
16:00:05.0623 4036 [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
16:00:05.0623 4036 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
16:00:05.0623 4036 [ 1530DFBDFD68AAD1FD5FDA52EA44925E ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll
16:00:05.0623 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll - ok
16:00:05.0638 4036 [ F34E7705751BB413283434697BF8E55D ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
16:00:05.0638 4036 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe - ok
16:00:05.0638 4036 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
16:00:05.0638 4036 C:\Windows\SysWOW64\rasapi32.dll - ok
16:00:05.0638 4036 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
16:00:05.0638 4036 C:\Windows\SysWOW64\rasman.dll - ok
16:00:05.0654 4036 [ 9385BD61B365DE7CF9AF3290B7D5A3B9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
16:00:05.0654 4036 C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll - ok
16:00:05.0654 4036 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
16:00:05.0654 4036 C:\Windows\SysWOW64\rtutils.dll - ok
16:00:05.0654 4036 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
16:00:05.0654 4036 C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe - ok
16:00:05.0670 4036 [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
16:00:05.0670 4036 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
16:00:05.0670 4036 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
16:00:05.0670 4036 C:\Windows\System32\WMALFXGFXDSP.dll - ok
16:00:05.0670 4036 [ D75398987C968DCBABC411E08029E387 ] C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
16:00:05.0670 4036 C:\Program Files\Web Assistant\ExtensionUpdaterService.exe - ok
16:00:05.0685 4036 [ 7FC0F6C8A0CEFBE4E60D8577C6FF8584 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll
16:00:05.0685 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll - ok
16:00:05.0685 4036 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
16:00:05.0685 4036 C:\Program Files\Windows Defender\MpSvc.dll - ok
16:00:05.0701 4036 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
16:00:05.0701 4036 C:\Windows\System32\wbem\WMIsvc.dll - ok
16:00:05.0701 4036 [ 68A553BDFA855C4F1074696682FCDEB6 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:00:05.0701 4036 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
16:00:05.0701 4036 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:00:05.0701 4036 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
16:00:05.0716 4036 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
16:00:05.0716 4036 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe - ok
16:00:05.0716 4036 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
16:00:05.0716 4036 C:\Program Files\Windows Defender\MpClient.dll - ok
16:00:05.0716 4036 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
16:00:05.0716 4036 C:\Windows\System32\wbemcomn.dll - ok
16:00:05.0716 4036 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\37277127.sys
16:00:05.0716 4036 C:\Windows\System32\drivers\37277127.sys - ok
16:00:05.0732 4036 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
16:00:05.0732 4036 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
16:00:05.0732 4036 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
16:00:05.0732 4036 C:\Windows\System32\SensApi.dll - ok
16:00:05.0732 4036 [ EEA7E552C2C992CFD4B50857010F39EA ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll
16:00:05.0732 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll - ok
16:00:05.0748 4036 [ 3B104EE76B142ECDFCD38ED80F0098A5 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
16:00:05.0748 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe - ok
16:00:05.0748 4036 [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
16:00:05.0748 4036 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
16:00:05.0748 4036 [ 4981DB968584570A059FC70A9C4ECC04 ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
16:00:05.0748 4036 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
16:00:05.0763 4036 [ C613E69C3B191BB02C7A191741A1D024 ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
16:00:05.0763 4036 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
16:00:05.0763 4036 [ 76A7A2522603D07A87F6B296D5218713 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
16:00:05.0763 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
16:00:05.0779 4036 [ 5E2623439A9936D320FE8DC1AB84526A ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll
16:00:05.0779 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll - ok
16:00:05.0779 4036 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
16:00:05.0779 4036 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
16:00:05.0779 4036 [ 152AA2AE3A9AF63F065B5560F9815FD6 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
16:00:05.0779 4036 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe - ok
16:00:05.0779 4036 [ 8F1656DEB2E861D608909792F5A68C3B ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll
16:00:05.0779 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll - ok
16:00:05.0794 4036 [ 15530639789C990827E594344EACC465 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
16:00:05.0794 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
16:00:05.0794 4036 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
16:00:05.0794 4036 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
16:00:05.0794 4036 [ AFA686AA5B86B971D44A1A0099267C72 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
16:00:05.0794 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
16:00:05.0810 4036 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
16:00:05.0810 4036 C:\Windows\SysWOW64\ncrypt.dll - ok
16:00:05.0810 4036 [ 99C7D3DE3B2708BF45F02E495A86A971 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll
16:00:05.0810 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll - ok
16:00:05.0810 4036 [ 87672FD8B10E0E3D6098799CAFF04C3D ] C:\Program Files (x86)\DAEMON Tools Lite\DTLiteUI.dll
16:00:05.0810 4036 C:\Program Files (x86)\DAEMON Tools Lite\DTLiteUI.dll - ok
16:00:05.0826 4036 [ 5E4EB12A399889BFBEF1412ACBB797FC ] C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_it_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
16:00:05.0826 4036 C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_it_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll - ok
16:00:05.0826 4036 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
16:00:05.0826 4036 C:\Windows\SysWOW64\bcrypt.dll - ok
16:00:05.0826 4036 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
16:00:05.0826 4036 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
16:00:05.0841 4036 [ 78193AA97D679531522C3E2FA4A5EDFE ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll
16:00:05.0841 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll - ok
16:00:05.0841 4036 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
16:00:05.0841 4036 C:\Windows\SysWOW64\sxs.dll - ok
16:00:05.0841 4036 [ 5225673E3F28A251CC8449EFA7C82F03 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll
16:00:05.0841 4036 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll - ok
16:00:05.0857 4036 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
16:00:05.0857 4036 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
16:00:05.0857 4036 [ 5716DD3DEC01F5D185A2EAC81D4078F3 ] C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll
16:00:05.0857 4036 C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll - ok
16:00:05.0857 4036 [ 5419E71A08A660AC55206A2092F66E0A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll
16:00:05.0857 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
16:00:05.0872 4036 [ 793A19EAB66BB232F019DFF9D1977A41 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll
16:00:05.0872 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll - ok
16:00:05.0872 4036 [ BA726152513EC650EED219B7995DE852 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll
16:00:05.0872 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll - ok
16:00:05.0872 4036 [ 1836546A3F9B09CCB93FCC1B5E041E0F ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll
16:00:05.0872 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll - ok
16:00:05.0888 4036 [ 77C8E1779E784189EA29D9A5ECCDD9E9 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll
16:00:05.0888 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll - ok
16:00:05.0888 4036 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
16:00:05.0888 4036 C:\Windows\System32\esent.dll - ok
16:00:05.0888 4036 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
16:00:05.0888 4036 C:\Windows\System32\mfplat.dll - ok
16:00:05.0904 4036 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
16:00:05.0904 4036 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:00:05.0904 4036 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
16:00:05.0904 4036 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
16:00:05.0904 4036 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
16:00:05.0904 4036 C:\Windows\System32\WinSCard.dll - ok
16:00:05.0919 4036 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
16:00:05.0919 4036 C:\Windows\System32\networkexplorer.dll - ok
16:00:05.0919 4036 [ 2CAC5F1C11BA3163BBE7A2E5302BDCC8 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkRSSLib.dll
16:00:05.0919 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkRSSLib.dll - ok
16:00:05.0919 4036 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
16:00:05.0919 4036 C:\Windows\System32\wbem\fastprox.dll - ok
16:00:05.0935 4036 [ 7548066DF68A8A1A56B043359F915F37 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
16:00:05.0935 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
16:00:05.0935 4036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
16:00:05.0935 4036 C:\Windows\System32\drivers\srv2.sys - ok
16:00:05.0935 4036 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
16:00:05.0935 4036 C:\Windows\System32\iphlpsvc.dll - ok
16:00:05.0950 4036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
16:00:05.0950 4036 C:\Windows\System32\drivers\srv.sys - ok
16:00:05.0950 4036 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
16:00:05.0950 4036 C:\Windows\System32\ntdsapi.dll - ok
16:00:05.0950 4036 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
16:00:05.0950 4036 C:\Windows\System32\sqmapi.dll - ok
16:00:05.0966 4036 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
16:00:05.0966 4036 C:\Windows\System32\wbem\wbemprox.dll - ok
16:00:05.0966 4036 [ 88B06D3AFF35F06FE6808E238F1028F0 ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
16:00:05.0966 4036 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
16:00:05.0966 4036 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
16:00:05.0966 4036 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
16:00:05.0982 4036 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
16:00:05.0982 4036 C:\Windows\System32\msxml3.dll - ok
16:00:05.0982 4036 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
16:00:05.0982 4036 C:\Windows\System32\wdscore.dll - ok
16:00:05.0982 4036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
16:00:05.0982 4036 C:\Windows\System32\browser.dll - ok
16:00:05.0982 4036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
16:00:05.0982 4036 C:\Windows\System32\srvsvc.dll - ok
16:00:05.0997 4036 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
16:00:05.0997 4036 C:\Windows\System32\netmsg.dll - ok
16:00:05.0997 4036 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
16:00:05.0997 4036 C:\Windows\System32\netcfgx.dll - ok
16:00:05.0997 4036 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
16:00:05.0997 4036 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
16:00:06.0013 4036 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
16:00:06.0013 4036 C:\Windows\System32\hnetcfg.dll - ok
16:00:06.0013 4036 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
16:00:06.0013 4036 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
16:00:06.0013 4036 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
16:00:06.0013 4036 C:\Windows\System32\clusapi.dll - ok
16:00:06.0028 4036 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
16:00:06.0028 4036 C:\Windows\System32\sscore.dll - ok
16:00:06.0028 4036 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
16:00:06.0028 4036 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
16:00:06.0028 4036 [ F4CAC43FB018D8D413F22FB029AC15CE ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl
16:00:06.0028 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl - ok
16:00:06.0044 4036 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
16:00:06.0044 4036 C:\Windows\System32\resutils.dll - ok
16:00:06.0044 4036 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
16:00:06.0044 4036 C:\Windows\System32\nci.dll - ok
16:00:06.0044 4036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
16:00:06.0044 4036 C:\Windows\System32\netprofm.dll - ok
16:00:06.0060 4036 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
16:00:06.0060 4036 C:\Windows\System32\wbem\wbemcore.dll - ok
16:00:06.0060 4036 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
16:00:06.0060 4036 C:\Windows\System32\stobject.dll - ok
16:00:06.0060 4036 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
16:00:06.0060 4036 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
16:00:06.0075 4036 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
16:00:06.0075 4036 C:\Windows\System32\batmeter.dll - ok
16:00:06.0075 4036 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
16:00:06.0075 4036 C:\Windows\System32\wbem\esscli.dll - ok
16:00:06.0075 4036 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
16:00:06.0075 4036 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:00:06.0091 4036 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
16:00:06.0091 4036 C:\Windows\System32\wbem\wmiutils.dll - ok
16:00:06.0091 4036 [ 5B9D67912C2F9771EA1E35A47AF34743 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ITA.DLL
16:00:06.0091 4036 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ITA.DLL - ok
16:00:06.0091 4036 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
16:00:06.0091 4036 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:00:06.0106 4036 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
16:00:06.0106 4036 C:\Windows\System32\wdi.dll - ok
16:00:06.0106 4036 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
16:00:06.0106 4036 C:\Windows\System32\wpdbusenum.dll - ok
16:00:06.0106 4036 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
16:00:06.0106 4036 C:\Windows\SysWOW64\wbemcomn.dll - ok
16:00:06.0122 4036 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
16:00:06.0122 4036 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
16:00:06.0122 4036 [ 47766F6B79A25AF04ED3F6F2B02AA4CB ] C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
16:00:06.0122 4036 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll - ok
16:00:06.0122 4036 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
16:00:06.0122 4036 C:\Windows\System32\diagperf.dll - ok
16:00:06.0122 4036 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
16:00:06.0122 4036 C:\Windows\System32\npmproxy.dll - ok
16:00:06.0138 4036 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
16:00:06.0138 4036 C:\Windows\System32\perftrack.dll - ok
16:00:06.0138 4036 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
16:00:06.0138 4036 C:\Windows\System32\PortableDeviceApi.dll - ok
16:00:06.0138 4036 [ B6663FC132F0262A5EF48DB2D0187DE3 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll
16:00:06.0138 4036 C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll - ok
16:00:06.0153 4036 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
16:00:06.0153 4036 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
16:00:06.0153 4036 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
16:00:06.0153 4036 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
16:00:06.0153 4036 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
16:00:06.0153 4036 C:\Windows\System32\prnfldr.dll - ok
16:00:06.0169 4036 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:00:06.0169 4036 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:00:06.0169 4036 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
16:00:06.0169 4036 C:\Windows\System32\rundll32.exe - ok
16:00:06.0184 4036 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
16:00:06.0184 4036 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
16:00:06.0184 4036 [ 15DFB3CAF377FC93440BA5756637D37F ] C:\Program Files (x86)\Avira\AntiVir Desktop\scewxmlw.dll
16:00:06.0184 4036 C:\Program Files (x86)\Avira\AntiVir Desktop\scewxmlw.dll - ok
16:00:06.0184 4036 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
16:00:06.0184 4036 C:\Windows\System32\ncobjapi.dll - ok
16:00:06.0200 4036 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
16:00:06.0200 4036 C:\Windows\System32\Apphlpdm.dll - ok
16:00:06.0200 4036 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
16:00:06.0200 4036 C:\Windows\System32\pnpts.dll - ok
16:00:06.0200 4036 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
16:00:06.0200 4036 C:\Windows\System32\radardt.dll - ok
16:00:06.0216 4036 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
16:00:06.0216 4036 C:\Windows\System32\wbem\wbemess.dll - ok
16:00:06.0216 4036 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
16:00:06.0216 4036 C:\Windows\System32\wdiasqmmodule.dll - ok
16:00:06.0216 4036 [ AFD87B70E2C48EC080CA28ADCC3175B5 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll
16:00:06.0216 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll - ok
16:00:06.0231 4036 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
16:00:06.0231 4036 C:\Windows\System32\DXP.dll - ok
16:00:06.0231 4036 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
16:00:06.0231 4036 C:\Windows\System32\ksuser.dll - ok
16:00:06.0231 4036 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
16:00:06.0231 4036 C:\Windows\System32\wdmaud.drv - ok
16:00:06.0247 4036 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
16:00:06.0247 4036 C:\Windows\System32\Syncreg.dll - ok
16:00:06.0247 4036 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
16:00:06.0247 4036 C:\Windows\System32\midimap.dll - ok
16:00:06.0247 4036 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
16:00:06.0247 4036 C:\Windows\System32\msacm32.dll - ok
16:00:06.0262 4036 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
16:00:06.0262 4036 C:\Windows\System32\msacm32.drv - ok
16:00:06.0262 4036 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
16:00:06.0262 4036 C:\Windows\ehome\ehSSO.dll - ok
16:00:06.0262 4036 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
16:00:06.0262 4036 C:\Windows\SysWOW64\ntdsapi.dll - ok
16:00:06.0278 4036 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
16:00:06.0278 4036 C:\Windows\System32\l3codeca.acm - ok
16:00:06.0278 4036 [ B5BD0D5792E8C6195312275D335F50E1 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtcore4.dll
16:00:06.0278 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtcore4.dll - ok
16:00:06.0294 4036 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
16:00:06.0294 4036 C:\Windows\System32\netshell.dll - ok
16:00:06.0294 4036 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
16:00:06.0294 4036 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
16:00:06.0309 4036 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
16:00:06.0309 4036 C:\Windows\System32\AudioEng.dll - ok
16:00:06.0309 4036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
16:00:06.0309 4036 C:\Windows\System32\aelupsvc.dll - ok
16:00:06.0309 4036 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
16:00:06.0309 4036 C:\Windows\System32\dssenh.dll - ok
16:00:06.0325 4036 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
16:00:06.0325 4036 C:\Windows\System32\AUDIOKSE.dll - ok
16:00:06.0325 4036 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
16:00:06.0325 4036 C:\Windows\System32\wbem\cimwin32.dll - ok
16:00:06.0340 4036 [ 99BE216125AAB5A73AFCBA094453E5F0 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtdeclarative4.dll
16:00:06.0340 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtdeclarative4.dll - ok
16:00:06.0340 4036 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
16:00:06.0340 4036 C:\Windows\System32\AltTab.dll - ok
16:00:06.0340 4036 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
16:00:06.0340 4036 C:\Windows\System32\framedynos.dll - ok
16:00:06.0356 4036 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
16:00:06.0356 4036 C:\Windows\System32\pnidui.dll - ok
16:00:06.0356 4036 [ BC52F54AF3EDA4D3AD55D220D43A7060 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
16:00:06.0356 4036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
16:00:06.0356 4036 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
16:00:06.0356 4036 C:\Windows\System32\security.dll - ok
16:00:06.0372 4036 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
16:00:06.0372 4036 C:\Windows\System32\browcli.dll - ok
16:00:06.0372 4036 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
16:00:06.0372 4036 C:\Windows\System32\schedcli.dll - ok
16:00:06.0387 4036 [ 49003BF81E30ABC08A1E5F63E77AD1F7 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
16:00:06.0387 4036 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
16:00:06.0387 4036 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
16:00:06.0387 4036 C:\Windows\System32\wmi.dll - ok
16:00:06.0387 4036 [ FCDBB3D493C6C5F591C8D4FC02C00DE0 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.dll
16:00:06.0387 4036 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.dll - ok
16:00:06.0403 4036 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
16:00:06.0403 4036 C:\Windows\System32\QUTIL.DLL - ok
16:00:06.0403 4036 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
16:00:06.0403 4036 C:\Windows\System32\WPDShServiceObj.dll - ok
16:00:06.0403 4036 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
16:00:06.0403 4036 C:\Windows\System32\ActionCenter.dll - ok
16:00:06.0418 4036 [ C6836EE046D2E383672DAF40694046F7 ] C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
16:00:06.0418 4036 C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll - ok
16:00:06.0418 4036 [ 25D986A4DA38668E2AA89955A790E578 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtscript4.dll
16:00:06.0418 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtscript4.dll - ok
16:00:06.0434 4036 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
16:00:06.0434 4036 C:\Windows\System32\PortableDeviceTypes.dll - ok
16:00:06.0434 4036 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
16:00:06.0434 4036 C:\Windows\System32\bthprops.cpl - ok
16:00:06.0434 4036 [ 5ECEA5F29DCEE8D320454C86A1CB3366 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll
16:00:06.0434 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll - ok
16:00:06.0450 4036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
16:00:06.0450 4036 C:\Windows\System32\drivers\WUDFRd.sys - ok
16:00:06.0450 4036 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
16:00:06.0450 4036 C:\Windows\System32\SyncCenter.dll - ok
16:00:06.0465 4036 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
16:00:06.0465 4036 C:\Windows\SysWOW64\winmm.dll - ok
16:00:06.0465 4036 [ E601860AA04CE2198DBC6AC2AF80AFF7 ] C:\Windows\System32\perfos.dll
16:00:06.0465 4036 C:\Windows\System32\perfos.dll - ok
16:00:06.0465 4036 [ 723E7574A94C54664E4C8D0A4AAE4F97 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtsql4.dll
16:00:06.0465 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtsql4.dll - ok
16:00:06.0481 4036 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
16:00:06.0481 4036 C:\Windows\System32\drivers\WUDFPf.sys - ok
16:00:06.0481 4036 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
16:00:06.0481 4036 C:\Windows\System32\WUDFSvc.dll - ok
16:00:06.0481 4036 [ D8DB8523C1585589411277AE5DC91555 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtgui4.dll
16:00:06.0481 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtgui4.dll - ok
16:00:06.0496 4036 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
16:00:06.0496 4036 C:\Windows\SysWOW64\riched20.dll - ok
16:00:06.0496 4036 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
16:00:06.0496 4036 C:\Windows\System32\WUDFHost.exe - ok
16:00:06.0512 4036 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
16:00:06.0512 4036 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
16:00:06.0512 4036 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
16:00:06.0512 4036 C:\Windows\System32\srchadmin.dll - ok
16:00:06.0512 4036 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
16:00:06.0512 4036 C:\Windows\System32\WUDFx.dll - ok
16:00:06.0528 4036 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
16:00:06.0528 4036 C:\Windows\System32\SearchIndexer.exe - ok
16:00:06.0528 4036 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
16:00:06.0528 4036 C:\Windows\System32\tquery.dll - ok
16:00:06.0528 4036 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
16:00:06.0528 4036 C:\Windows\SysWOW64\duser.dll - ok
16:00:06.0543 4036 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
16:00:06.0543 4036 C:\Windows\SysWOW64\dui70.dll - ok
16:00:06.0543 4036 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
16:00:06.0543 4036 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
16:00:06.0543 4036 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
16:00:06.0543 4036 C:\Windows\System32\WMVCORE.DLL - ok
16:00:06.0559 4036 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
16:00:06.0559 4036 C:\Windows\System32\mssrch.dll - ok
16:00:06.0559 4036 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
16:00:06.0559 4036 C:\Windows\System32\WMASF.DLL - ok
16:00:06.0559 4036 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
16:00:06.0559 4036 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
16:00:06.0574 4036 [ F75EB0078259C7F9A5F09A00355725DD ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtnetwork4.dll
16:00:06.0574 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qtnetwork4.dll - ok
16:00:06.0574 4036 [ 27B9E163740A226B65E4B9E186117911 ] C:\Program Files\Windows Portable Devices\sqmapi.dll
16:00:06.0574 4036 C:\Program Files\Windows Portable Devices\sqmapi.dll - ok
16:00:06.0590 4036 [ 39560DCA50F0564F80A5929C4FD40774 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\MCARecLib.dll
16:00:06.0590 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\MCARecLib.dll - ok
16:00:06.0590 4036 [ A10F1B5754D53DA13C43AB3A174177BF ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2RuleLibrary.dll
16:00:06.0590 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2RuleLibrary.dll - ok
16:00:06.0606 4036 [ 9E03CFA327E6894FEDD5BBB2536366CE ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\ProductInfoLib.dll
16:00:06.0606 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\ProductInfoLib.dll - ok
16:00:06.0606 4036 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
16:00:06.0606 4036 C:\Windows\System32\msidle.dll - ok
16:00:06.0606 4036 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
16:00:06.0606 4036 C:\Windows\System32\netman.dll - ok
16:00:06.0621 4036 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
16:00:06.0621 4036 C:\Windows\System32\mssprxy.dll - ok
16:00:06.0621 4036 [ 84D47D08C3870551779A451D7FCF65C0 ] C:\Users\Nerchiola\Desktop\HitmanPro_x64.exe
16:00:06.0621 4036 C:\Users\Nerchiola\Desktop\HitmanPro_x64.exe - ok
16:00:06.0621 4036 [ 006597773BE583D1CCF6A913477937E0 ] C:\Program Files\iPod\bin\iPodService.exe
16:00:06.0621 4036 C:\Program Files\iPod\bin\iPodService.exe - ok
16:00:06.0637 4036 [ 2AE206C2AB6FA06C56FB4297433F2EBA ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
16:00:06.0637 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll - ok
16:00:06.0637 4036 [ 6271741B301F8ADD046670C18EF20EAA ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
16:00:06.0637 4036 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
16:00:06.0637 4036 [ 9A2942B80223A6C2C73C567C9E231375 ] C:\Program Files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.dll
16:00:06.0637 4036 C:\Program Files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalized.dll - ok
16:00:06.0652 4036 [ ADA1971194495C3D0C42EE0DC8FA82F5 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuuc40.dll
16:00:06.0652 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuuc40.dll - ok
16:00:06.0652 4036 [ 18873D2B1ABBB8826ED18F840CB8E0D3 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll
16:00:06.0652 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll - ok
16:00:06.0652 4036 [ 9D2695FDDD875009A50E231EBBECD694 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icudt40.dll
16:00:06.0652 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icudt40.dll - ok
16:00:06.0668 4036 [ 79ECBC83B844F7A474C66BE77AAF7180 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll
16:00:06.0668 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll - ok
16:00:06.0668 4036 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
16:00:06.0668 4036 C:\Windows\System32\FXSST.dll - ok
16:00:06.0668 4036 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
16:00:06.0668 4036 C:\Windows\System32\ndiscapCfg.dll - ok
16:00:06.0684 4036 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
16:00:06.0684 4036 C:\Windows\System32\rascfg.dll - ok
16:00:06.0684 4036 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
16:00:06.0684 4036 C:\Windows\System32\mprapi.dll - ok
16:00:06.0684 4036 [ 069006BF253F32CD980E67E8671DFE3C ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll
16:00:06.0684 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll - ok
16:00:06.0699 4036 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
16:00:06.0699 4036 C:\Windows\System32\FXSAPI.dll - ok
16:00:06.0699 4036 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
16:00:06.0699 4036 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
16:00:06.0699 4036 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
16:00:06.0699 4036 C:\Windows\System32\mprmsg.dll - ok
16:00:06.0715 4036 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
16:00:06.0715 4036 C:\Windows\System32\tcpipcfg.dll - ok
16:00:06.0715 4036 [ 5925F32114BF5ACF50C66500433B35CC ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll
16:00:06.0715 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll - ok
16:00:06.0715 4036 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
16:00:06.0715 4036 C:\Windows\System32\FXSRESM.dll - ok
16:00:06.0730 4036 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
16:00:06.0730 4036 C:\Windows\System32\SearchProtocolHost.exe - ok
16:00:06.0730 4036 [ 03C7D7A1553E3009CEBE3013A578B0ED ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll
16:00:06.0730 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll - ok
16:00:06.0730 4036 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
16:00:06.0730 4036 C:\Windows\System32\msshooks.dll - ok
16:00:06.0746 4036 [ 4FFD3E3363EBAC7FC8BBA58EAD594AFF ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll
16:00:06.0746 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll - ok
16:00:06.0746 4036 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
16:00:06.0746 4036 C:\Windows\System32\SearchFilterHost.exe - ok
16:00:06.0746 4036 [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
16:00:06.0746 4036 C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
16:00:06.0762 4036 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
16:00:06.0762 4036 C:\Windows\System32\rasdlg.dll - ok
16:00:06.0762 4036 [ 2499E32320905E68F9710527593A0EDB ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll
16:00:06.0762 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll - ok
16:00:06.0762 4036 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\SysWOW64\msxml6.dll
16:00:06.0762 4036 C:\Windows\SysWOW64\msxml6.dll - ok
16:00:06.0777 4036 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
16:00:06.0777 4036 C:\Windows\System32\mscoree.dll - ok
16:00:06.0777 4036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
16:00:06.0777 4036 C:\Windows\System32\FXSSVC.exe - ok
16:00:06.0793 4036 [ 591EA8B6991D99720B36EBC1CC16CEA8 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll
16:00:06.0793 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll - ok
16:00:06.0793 4036 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
16:00:06.0793 4036 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
16:00:06.0793 4036 [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll
16:00:06.0793 4036 C:\Windows\System32\webcheck.dll - ok
16:00:06.0808 4036 [ A4487F6CEFED12F2C1257F6DBCDAEB1E ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll
16:00:06.0808 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll - ok
16:00:06.0808 4036 [ 45D84D3601A0972AA734410534219EA5 ] C:\Windows\System32\ieframe.dll
16:00:06.0808 4036 C:\Windows\System32\ieframe.dll - ok
16:00:06.0808 4036 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
16:00:06.0824 4036 C:\Windows\System32\mssph.dll - ok
16:00:06.0824 4036 [ 35989A505DEEC24DEF8D327D22FF14D4 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll
16:00:06.0824 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll - ok
16:00:06.0824 4036 [ 9D825B4E6B28F93F326538515EFC880B ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll
16:00:06.0824 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll - ok
16:00:06.0840 4036 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
16:00:06.0840 4036 C:\Windows\System32\mapi32.dll - ok
16:00:06.0840 4036 [ D9BFF3E59CBE32FE72D6D68F6AF348BD ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll
16:00:06.0840 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll - ok
16:00:06.0840 4036 [ E84CB5D899098DDEA6D013057C9E4B5F ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll
16:00:06.0840 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll - ok
16:00:06.0855 4036 [ CA7A41D02CBCADCAC62F5EB5DFA52C36 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\IAAMon_ITA.dll
16:00:06.0855 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\IAAMon_ITA.dll - ok
16:00:06.0855 4036 [ 8E1892734E0FE58E73B4FE69DAC7B404 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\PlugInRAID_ITA.dll
16:00:06.0855 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ITA\PlugInRAID_ITA.dll - ok
16:00:06.0871 4036 [ A5DBC74C5B91CF6E43B73D62936F8186 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
16:00:06.0871 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
16:00:06.0871 4036 [ 3CEF96890064B3CDB190963157F24BAC ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
16:00:06.0871 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
16:00:06.0871 4036 [ 5BFB02BDA2700D078400E149BC4CF87A ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
16:00:06.0871 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
16:00:06.0886 4036 [ 3C29B98149A28FEDA42796D3EA904F62 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
16:00:06.0886 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
16:00:06.0886 4036 [ 38ADD53ECFC5F040EF1C647ECD22A2A4 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
16:00:06.0886 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
16:00:06.0902 4036 [ F0BFA0FE6317B40CD4A3FE5EB6F8C55F ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
16:00:06.0902 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
16:00:06.0902 4036 [ 748849C42DEA24C723048E24BCA1BD55 ] C:\Windows\System32\wshbth.dll
16:00:06.0902 4036 C:\Windows\System32\wshbth.dll - ok
16:00:06.0902 4036 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
16:00:06.0902 4036 C:\Windows\System32\dot3api.dll - ok
16:00:06.0918 4036 [ 43B02D7C43B77775F1DA63B1D1014F38 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
16:00:06.0918 4036 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
16:00:06.0918 4036 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
16:00:06.0918 4036 C:\Windows\System32\eappcfg.dll - ok
16:00:06.0918 4036 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
16:00:06.0918 4036 C:\Windows\System32\wlanhlp.dll - ok
16:00:06.0933 4036 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
16:00:06.0933 4036 C:\Windows\System32\wlanapi.dll - ok
16:00:06.0933 4036 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
16:00:06.0933 4036 C:\Windows\System32\wlanutil.dll - ok
16:00:06.0933 4036 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
16:00:06.0933 4036 C:\Windows\System32\onex.dll - ok
16:00:06.0949 4036 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
16:00:06.0949 4036 C:\Windows\System32\eappprxy.dll - ok
16:00:06.0949 4036 [ E95AEB6AFBA4CDF2FA864623BCD8F0CC ] C:\Program Files\Autodesk\AutoCAD 2011\acad.exe
16:00:06.0949 4036 C:\Program Files\Autodesk\AutoCAD 2011\acad.exe - ok
16:00:06.0949 4036 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
16:00:06.0949 4036 C:\Windows\System32\mlang.dll - ok
16:00:06.0964 4036 [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
16:00:06.0964 4036 C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - ok
16:00:06.0964 4036 [ 6EF89B745E881F1692533038B47E42FA ] C:\Windows\Installer\{5783F2D7-9001-0410-0102-0060B0CE6BBA}\Acad162_icon.exe
16:00:06.0964 4036 C:\Windows\Installer\{5783F2D7-9001-0410-0102-0060B0CE6BBA}\Acad162_icon.exe - ok
16:00:06.0964 4036 [ 09A42F11B6E49B417D72BACAE4ECC281 ] C:\Program Files\Internet Explorer\ieproxy.dll
16:00:06.0964 4036 C:\Program Files\Internet Explorer\ieproxy.dll - ok
16:00:06.0980 4036 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
16:00:06.0980 4036 C:\Windows\System32\imapi2.dll - ok
16:00:06.0980 4036 [ 75EB974222F293159427F9A77A5F3C6A ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
16:00:06.0980 4036 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll - ok
16:00:06.0980 4036 [ 6B93B15D98FA2A7D2B8E60030AD7B95D ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\Localization\IT\NkMC2Lang.dll
16:00:06.0980 4036 C:\Program Files (x86)\Nikon\Nikon Message Center 2\Localization\IT\NkMC2Lang.dll - ok
16:00:06.0996 4036 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
16:00:06.0996 4036 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
16:00:06.0996 4036 [ 254EEFA92A3438879E2A80BD76B0378F ] C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
16:00:06.0996 4036 C:\Program Files\Windows Photo Viewer\PhotoViewer.dll - ok
16:00:06.0996 4036 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
16:00:06.0996 4036 C:\Windows\System32\UIAnimation.dll - ok
16:00:07.0011 4036 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
16:00:07.0011 4036 C:\Windows\System32\WWanAPI.dll - ok
16:00:07.0011 4036 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
16:00:07.0011 4036 C:\Windows\System32\wwapi.dll - ok
16:00:07.0011 4036 [ A8C05DD686FD7521914AAE742DECB0DA ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
16:00:07.0011 4036 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll - ok
16:00:07.0027 4036 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
16:00:07.0027 4036 C:\Windows\System32\notepad.exe - ok
16:00:07.0027 4036 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
16:00:07.0027 4036 C:\Windows\System32\QAGENT.DLL - ok
16:00:07.0027 4036 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
16:00:07.0027 4036 C:\Windows\System32\hgcpl.dll - ok

[nerchiola]

il secondo log di tdsskiller (5a parte)

16:00:07.0042 4036 [ 0048BFA62725F0B85798BD05876BEE50 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ndetect.ppl
16:00:07.0042 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ndetect.ppl - ok
16:00:07.0042 4036 [ D1ED6EDC7C84EEC38FA3235B4E898AF9 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\crpthlpr.ppl
16:00:07.0042 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\crpthlpr.ppl - ok
16:00:07.0042 4036 [ 5BEC497CBFE08084C29516E00F4850EC ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cf_facade.dll
16:00:07.0042 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cf_facade.dll - ok
16:00:07.0058 4036 [ 2756E5754EFD53CA896AC79DA0C4BFBE ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\report.ppl
16:00:07.0058 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\report.ppl - ok
16:00:07.0058 4036 [ FD0033EFFC0D1715A9CB9FC26B811518 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
16:00:07.0058 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll - ok
16:00:07.0058 4036 [ 1D3FF0ADFF08C3B0973DCCF410217953 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuin40.dll
16:00:07.0058 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuin40.dll - ok
16:00:07.0074 4036 [ 4180F793AFF75412907D8AD251B3BF39 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuio40.dll
16:00:07.0074 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuio40.dll - ok
16:00:07.0074 4036 [ 74B20D05BAF57B2F1CBED6BD8390D6C6 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\schedule.ppl
16:00:07.0074 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\schedule.ppl - ok
16:00:07.0074 4036 [ C705355FE7496096EC784AC55C6D36A0 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\timer.ppl
16:00:07.0074 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\timer.ppl - ok
16:00:07.0089 4036 [ 1A06BD406146AA8695BC68270FA84D23 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\reportdb.ppl
16:00:07.0089 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\reportdb.ppl - ok
16:00:07.0089 4036 [ 45DF0EA46A032EC6B09A69EAAF648CD7 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksnhelper.dll
16:00:07.0089 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksnhelper.dll - ok
16:00:07.0089 4036 [ B729D7178BB4E5A8C6626EB028CF7DE8 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\packed_io.dll
16:00:07.0089 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\packed_io.dll - ok
16:00:07.0089 4036 [ E6B0D195113EBB83AF831A041D6168B8 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\processmonitor.dll
16:00:07.0089 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\processmonitor.dll - ok
16:00:07.0105 4036 [ 102D12912CE68C4535C196094D504CCB ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\excludemanager.dll
16:00:07.0105 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\excludemanager.dll - ok
16:00:07.0105 4036 [ 31328123BF7581298BFC4E46188A58C6 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\sfdb.ppl
16:00:07.0105 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\sfdb.ppl - ok
16:00:07.0105 4036 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
16:00:07.0105 4036 C:\Program Files\Windows Defender\MpRTP.dll - ok
16:00:07.0105 4036 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
16:00:07.0105 4036 C:\Windows\System32\tdh.dll - ok
16:00:07.0120 4036 [ 747E9FD93A32202BE6DC5D1321BE977C ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpengine.dll
16:00:07.0120 4036 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpengine.dll - ok
16:00:07.0120 4036 [ A58F4E888905822C479B4CDC642AE278 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpasbase.vdm
16:00:07.0120 4036 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpasbase.vdm - ok
16:00:07.0120 4036 [ 7EFCD514DC284B897D43F3FD3E978B00 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpasdlta.vdm
16:00:07.0120 4036 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B618FC-612E-4BEE-BC15-8FD04D418765}\mpasdlta.vdm - ok
16:00:07.0136 4036 [ 89231F82DE33B0B57B14BE21D231AF65 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\format_recognizer.dll
16:00:07.0136 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\format_recognizer.dll - ok
16:00:07.0136 4036 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
16:00:07.0136 4036 C:\Program Files\Windows Defender\MsMpLics.dll - ok
16:00:07.0136 4036 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
16:00:07.0136 4036 C:\Windows\System32\wscapi.dll - ok
16:00:07.0136 4036 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
16:00:07.0136 4036 C:\Windows\System32\wscisvif.dll - ok
16:00:07.0152 4036 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
16:00:07.0152 4036 C:\Windows\System32\wscproxystub.dll - ok
16:00:07.0152 4036 [ 0F16777416E13F4C412019CEC3C3345C ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\lic.ppl
16:00:07.0152 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\lic.ppl - ok
16:00:07.0152 4036 [ D0C9AA43508A5F942ED770688A3D6E65 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cbi.dll
16:00:07.0152 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cbi.dll - ok
16:00:07.0167 4036 [ 1A5CA707943EFBCACCB2652149B793F6 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl
16:00:07.0167 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl - ok
16:00:07.0167 4036 [ 1A98C6BDE8E2FC093CFF2BE8DE6E9055 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\threatsmanager.dll
16:00:07.0167 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\threatsmanager.dll - ok
16:00:07.0167 4036 [ 237F13A62A8189ABE36C945405C1506B ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prutil.ppl
16:00:07.0167 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prutil.ppl - ok
16:00:07.0167 4036 [ 0577C58AEBBA4B6C6AA9224F6581DF27 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qb.ppl
16:00:07.0167 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\qb.ppl - ok
16:00:07.0183 4036 [ CDAB8C6721D39B7D1A1C89575F5999DA ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avs.ppl
16:00:07.0183 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avs.ppl - ok
16:00:07.0183 4036 [ 7418FBCE0863D8ED7966E0364D586644 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dmap.ppl
16:00:07.0183 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dmap.ppl - ok
16:00:07.0183 4036 [ 5D8316954B2FBFCFDC534571BCAB17DD ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_client.dll
16:00:07.0183 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_client.dll - ok
16:00:07.0198 4036 [ 95C04EA043FDF5B055A02DB404EB2929 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\transport_provider.dll
16:00:07.0198 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\transport_provider.dll - ok
16:00:07.0198 4036 [ 012A22A626884CF63DC51792081DF46B ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cryptostaticprovider.dll
16:00:07.0198 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\cryptostaticprovider.dll - ok
16:00:07.0198 4036 [ 0316A26929C49D72D100A11BA949F8B6 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\avengine.dll.0316a26929c49d72d100a11ba949f8b6
16:00:07.0198 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\avengine.dll.0316a26929c49d72d100a11ba949f8b6 - ok
16:00:07.0214 4036 [ 92DFF4EE3F31D4A8028788006D921D26 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\uds.dll.92dff4ee3f31d4a8028788006d921d26
16:00:07.0214 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\uds.dll.92dff4ee3f31d4a8028788006d921d26 - ok
16:00:07.0214 4036 [ 5E27E54F3B4175E0E6DFEE726B87A311 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavbase.kdl.5e27e54f3b4175e0e6dfee726b87a311
16:00:07.0214 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavbase.kdl.5e27e54f3b4175e0e6dfee726b87a311 - ok
16:00:07.0214 4036 [ 1A452F4C88C4A1A1CDF6DF6AA75D681E ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_agent.dll
16:00:07.0214 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_agent.dll - ok
16:00:07.0230 4036 [ 473BAE7ED99FBB8E839B2BFA6B69F476 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\persistent_queue.dll
16:00:07.0230 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\persistent_queue.dll - ok
16:00:07.0230 4036 [ E773ED0C888BA4CD62C96A5EE02DEC93 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\filesystem_services.dll
16:00:07.0230 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\filesystem_services.dll - ok
16:00:07.0230 4036 [ 6CB560907292A84CD0A6BA0E9E8B632C ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\klavemu.kdl.6cb560907292a84cd0a6ba0e9e8b632c
16:00:07.0230 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\klavemu.kdl.6cb560907292a84cd0a6ba0e9e8b632c - ok
16:00:07.0230 4036 [ A918B448BE75F1E6825549DDB6692D7A ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kjim.kdl.a918b448be75f1e6825549ddb6692d7a
16:00:07.0230 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kjim.kdl.a918b448be75f1e6825549ddb6692d7a - ok
16:00:07.0245 4036 [ FED411A74CC5C5DAC6AC7D81339FC781 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\mark.kdl.fed411a74cc5c5dac6ac7d81339fc781
16:00:07.0245 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\mark.kdl.fed411a74cc5c5dac6ac7d81339fc781 - ok
16:00:07.0245 4036 [ 317DF7C0EFF0939E6289F5C72F65BA51 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51
16:00:07.0245 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51 - ok
16:00:07.0245 4036 [ FB1FEC251BAAA2AB4237FB3CFF510751 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\qscan.kdl.fb1fec251baaa2ab4237fb3cff510751
16:00:07.0245 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\qscan.kdl.fb1fec251baaa2ab4237fb3cff510751 - ok
16:00:07.0261 4036 [ 41DC267440BC79CB8C2216BD28F1F254 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\pbs.kdl.41dc267440bc79cb8c2216bd28f1f254
16:00:07.0261 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\pbs.kdl.41dc267440bc79cb8c2216bd28f1f254 - ok
16:00:07.0261 4036 [ 653E156FDB4F4B76DAFC165750A62610 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl
16:00:07.0261 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl - ok
16:00:07.0261 4036 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
16:00:07.0261 4036 C:\Windows\SysWOW64\samcli.dll - ok
16:00:07.0276 4036 [ 250E75C744E3AF7D35C10A2C76DB0BFD ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll
16:00:07.0276 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll - ok
16:00:07.0276 4036 [ D611F46C2A564BAA38319982960B95B0 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll
16:00:07.0276 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll - ok
16:00:07.0276 4036 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
16:00:07.0276 4036 C:\Windows\SysWOW64\gpapi.dll - ok
16:00:07.0276 4036 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
16:00:07.0276 4036 C:\Windows\SysWOW64\cryptnet.dll - ok
16:00:07.0292 4036 [ 15E9A31D0538E71B67C782508A43F542 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avzkrnl.dll
16:00:07.0292 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avzkrnl.dll - ok
16:00:07.0292 4036 [ 7B53984BB934E599A4E3668B2F678D48 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavsys.kdl.7b53984bb934e599a4e3668b2f678d48
16:00:07.0292 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\kavsys.kdl.7b53984bb934e599a4e3668b2f678d48 - ok
16:00:07.0292 4036 [ 92BAA7DEBEDC6EBE803BC14BC5180AB3 ] C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\arkmon.kdl.92baa7debedc6ebe803bc14bc5180ab3
16:00:07.0292 4036 C:\ProgramData\Kaspersky Lab\AVP13\Bases\Cache\arkmon.kdl.92baa7debedc6ebe803bc14bc5180ab3 - ok
16:00:07.0308 4036 [ 52DD0E9815202E771059F1C00AEF2B13 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\stat.ppl
16:00:07.0308 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\stat.ppl - ok
16:00:07.0308 4036 [ 208CC0625B984EFC896A093C8852692B ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_facade.dll
16:00:07.0308 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_facade.dll - ok
16:00:07.0308 4036 [ 1C18C63FDBA6D5A6F5C1F6D8611DF731 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\procmon.ppl
16:00:07.0308 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\procmon.ppl - ok
16:00:07.0308 4036 [ 31C4D1F503B2D3216CB219A52FAC02ED ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\netwatch.ppl
16:00:07.0308 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\netwatch.ppl - ok
16:00:07.0323 4036 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
16:00:07.0323 4036 C:\Windows\SysWOW64\wlanapi.dll - ok
16:00:07.0323 4036 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
16:00:07.0323 4036 C:\Windows\SysWOW64\wlanutil.dll - ok
16:00:07.0323 4036 [ 870BB92CBE2B2D516A78AB011DB0FA8A ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\safe_banking.dll
16:00:07.0323 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\safe_banking.dll - ok
16:00:07.0323 4036 [ EF099B2AFEF2F3EC323EA3B379B49595 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\antispam.ppl
16:00:07.0323 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\antispam.ppl - ok
16:00:07.0339 4036 [ 2873B8A5FE2E30065C0DC38E55FA497B ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\oas.ppl
16:00:07.0339 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\oas.ppl - ok
16:00:07.0339 4036 [ E2F65916C9455544A897B9671DBE42F7 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\volenum.ppl
16:00:07.0339 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\volenum.ppl - ok
16:00:07.0339 4036 [ 3F39D46DAAC6316609F630C7BE5915BA ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\appcat.ppl
16:00:07.0339 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\appcat.ppl - ok
16:00:07.0354 4036 [ 9A9F9D2A7FF8BA975E6613E46017DC19 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\smtpprtc.ppl
16:00:07.0354 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\smtpprtc.ppl - ok
16:00:07.0354 4036 [ CED8CC7E9AC262C46ED8B66072C6FBBC ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pop3prtc.ppl
16:00:07.0354 4036 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pop3prtc.ppl - ok
16:00:07.0354 4036 ============================================================
16:00:07.0354 4036 Scan finished
16:00:07.0354 4036 ============================================================
16:00:07.0370 4028 Detected object count: 1
16:00:07.0370 4028 Actual detected object count: 1
16:00:48.0086 4028 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:00:48.0086 4028 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[nerchiola]

il log di hitmanpro

Codice: Seleziona tutto

HitmanPro 3.7.3.193
www.hitmanpro.com

   Computer name . . . . : NERCHIOLA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Nerchiola-pc\Nerchiola
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-04-03 16:05:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 29s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 109

   Objects scanned . . . : 1.712.489
   Files scanned . . . . : 32.331
   Remnants scanned  . . : 444.685 files / 1.235.473 keys

Cookies _____________________________________________________________________

   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:divx.112.2o7.net
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:oase00821.247realmedia.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\09EPXTZU.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\0PF38AAV.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\14Z41XSI.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\1NXXWFTL.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\1P3FQHFM.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\1W3F7J7D.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\2OD69DNY.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\2SJS0GRW.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\2WI0OL7U.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\307SJPYO.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\3489GALR.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\4DVLRFD5.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\4E3Y1ILP.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\4JQ3EQGU.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\5G0VHTMN.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\5P1J2N1E.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\5X3U6YGR.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\6IQO3ANS.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\7BZQIRIK.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\7NOPFCAQ.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\7T2BTDGN.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\7TTI73CE.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\8DZKN7DS.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\8QIMHMIC.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\A3M8ZSGP.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\AFVGD9WZ.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\AJV3DM6G.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\AXCF1RW3.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\B3SQF6SV.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\B6VK7TNN.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\BORTH0RU.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\BV2GCNA6.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\BW8R0A6D.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\BWPRHEN5.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\BXL0GVIH.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\CF12TMC0.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\CI4NU88Z.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\CMV6RXDX.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\CQNVSR4K.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\DHA5D0AI.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\EKP1IRRV.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\FB4N6ZGA.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\FIRFESL2.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\G3I1EYP1.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\H0SUDUQ9.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\HHYQE01V.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\IL26HUXQ.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\IPSVFH4R.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\KINY3JBA.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\KPBK5K27.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\LFH9JKDD.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\M667PHR8.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\MLNXOO7R.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\MR3F70F5.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\NCM8KQND.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\O5P7ECTZ.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\O88G9JZI.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\OD8ETFZ0.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\OPD9A26X.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\P7GLAH3B.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\PE50CZX7.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\PK39XC8N.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\PKU55EUP.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\PZII0LEN.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\Q932KY8Q.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\QDZHQ22L.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\QOHV4Z4Q.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\QRT7RKX0.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\QVXV4NG0.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\RCQK3OV1.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\RGJYOOZ6.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\S5QATR8Z.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\SFRTSY6L.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\SGVKSUM2.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\SNI7FAFT.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\THMD8B0S.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\TY695RBB.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\U0LM9S22.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\U6WGTNR1.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\UG92BM81.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\UV65KIRC.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\V9XJMCMD.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\VYWSY7HB.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\W05UL24V.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\W53YG64Z.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\XL1LNJEA.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\XL7BTIX4.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\XOH8RI8M.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\XWBP12RD.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\XWRVLQJ9.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\Y03WKKUH.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\Y3TS6P6R.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\YAC037TQ.txt
   C:\Users\Nerchiola\AppData\Roaming\Microsoft\Windows\Cookies\YVC7JWMP.txt




[nerchiola]

Come antivirus (in teoria) ho solo Karspersky, Avira e Avg non risultano nell'istallazione applicazioni ma a quanto pare non sono disinstallati del tutto. Ho provato con altri software per disinstallazioni efficaci ma niente. Scusa ma non riesco ad allegarti il report della quarantena di Karspersky (mia mancanza, ho fatto un priunt screen ma non riesco ad allegartelo). Drweb non mi ha piu risposto, l'ultima mia mail inviata, avevo inserito come allegati i due log che mi avevi consigliato precedentemente.
Ho disinstallato Flash Player, Adobe Reader e Quicktime, Java non me l'ha tolto di mezzo.
Penso sia tutto.
Nn so come ringraiarti del tempo che mi stai dedicando.

[hashcat]

Come antivirus (in teoria) ho solo Karspersky, Avira e Avg non risultano nell'istallazione applicazioni ma a quanto pare non sono disinstallati del tutto. Ho provato con altri software per disinstallazioni efficaci ma niente.

In realtà AVG è completamente disinstallato (avevo notato una traccia minore nel log), te l'ho chiesto solo per conferma. Per quanto riguarda Avira, invece, sembra essere tenacemente presente nel sistema. Per rimuoverlo utilizza l'apposito removal tool:

1. Scaricalo da QUI
2. Eseguilo
3. Clicca su Configuration, metti una spunta a tutte le caselle del campo Scan these HKeys: e clicca su OK
4. Avvia la scansione cliccando su Scan for keys
5. Al termine della scansione seleziona tutti gli elementi individuati e clicca su Delete
6. Riavvia il computer

non riesco ad allegarti il report della quarantena di Karspersky (mia mancanza, ho fatto un priunt screen ma non riesco ad allegartelo).

Dai un'occhiata a QUESTA pagina informativa.

Java non me l'ha tolto di mezzo.

Per effettuare una rimozione forzata di questa applicazione utilizza lo strumento JavaRa:

1. Scarica JavaRa da QUI
2. Decomprimi l'archivio .zip compresso
3. Avvia l'eseguibile JavaRa
4. Clicca su Update JavaRa Definitions poi su Download ed infine su Back
5. Clicca su Remove JRE
6. Clicca su Run Uninstaller
7. Clicca su Next
8. Clicca su Perform Removal Routine

Nn so come ringraiarti del tempo che mi stai dedicando.

Figurati, sono felice di poter "dare una mano" agli utenti in difficoltà.

[nerchiola]

Uploaded with ImageShack.us

Spero che sia sufficiente per farti vedere la foto....
Java sono riuscito a disinstallarlo correttamente, mentre Avira è riuscito in parte a disinstallare poi mi ha dato un errore.

[hashcat]

Purtroppo avrei bisogno di poter consultare tutto il report delle minacce individuate, i ricercatori hanno bisogno dell'eseguibile che ha dato origine all'infezione.

[nerchiola]

[img][IMG]http://img201.imageshack.us/img201/5038/immaginehkm.jpg[/img]

Uploaded with ImageShack.us[/img]

QUesta la parte in basso del print screen... Spero ti sia sufficiente, non ho altro da postarti!

[hashcat]

Purtroppo (anche se non posso vedere il percorso ed i dettagli) tutte quelle rilevazioni tranne la PDM (che si riferisce a Combofix) riguardano minacce derivanti da exploit per versioni obsolete di Java, quindi file .jar .jad o .class, nel nostro caso dovremmo trovare dei file con estensioni .exe .scr .com .pif .bat .cmd .vbs .dll

Potresti inviarmi attraverso MP (messaggio privato) uno dei file criptati caricandolo su RGhost?

[nerchiola]

Ti ho mandato due volte un messaggio privato... Al momento me li da in uscita... Aspettiamo!

[hashcat]

Ho letto il messaggio da mobile, appena ho tempo analizzo il file e ti faccio sapere.

P.S.: Il link al quale venivi diretto é:

Codice: Seleziona tutto

http://help-ping.com/i.php?uid={IDENTIFICATIVO_UNIVOCO}

[nerchiola]

SI Ush è proprio quello il sito che mi apriva... Come ti dicevo i primi due giorni si apriva e mi chiedeva 100 euro per sbloccare i file... Poi è diventato irraggiungibile...

[hashcat]

Purtroppo non so dirti molto, il file è stato (con una buona probabilità) cifrato o compresso (o compresso e cifrato allo stesso tempo) dato l'alto valore dell'entropia calcolato da ent:

Codice: Seleziona tutto

$ ent DSC_0165.JPG.html

Entropy = 7.999972 bits per byte.

Optimum compression would reduce the size
of this 6115023 byte file by 0 percent.

Chi square distribution for 6115023 samples is 237.45, and randomly
would exceed this value 77.82 percent of the times.

Arithmetic mean value of data bytes is 127.4773 (127.5 = random).
Monte Carlo value for Pi is 3.141740828 (error 0.00 percent).
Serial correlation coefficient is 0.000620 (totally uncorrelated = 0.0).

In questa situazione non saprei proprio come aiutarti, prova a postare un log di Combofix e uno aggiornato di OTL (segui le nuove istruzioni):

1. Scaricare Combofix da qui
2. Rinominare Combofix in modo fantasioso
3. Disconnettere il computer da Internet
   Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare ComboFix
4. Terminare tutti i programmi non fondamentali del tuo computer
5. Fare doppio clic sul file
6. Non utilizzare il computer durante l'esecuzione di Combofix (nemmeno mouse e tastiera)
7. Quando Combofix finirà, salverà un log in:
   C:\ComboFix.txt
8. Inserisci il log di Combofix nel tuo prossimo messaggio

Se il log di Combofix dovesse essere molto lungo postalo su Ubuntu Pastebin

Posta un log aggiornato di OTL (configurato come al solito) selezionando nel campo File Age l'opzione 14 Days.

Hai provato la strada del recupero dei file cancellati attraverso strumenti appositi?

P.S: Potresti inviarmi un altro campione cifrato che non sia un file d'immagine (l'ideale sarebbe un documento o file txt) ed (eventualmente) il suo corrispettivo non cifrato?

[nerchiola]

ComboFix 13-03-30.01 - Nerchiola 05/04/2013 12:16:28.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6143.4608 [GMT 2:00]
Eseguito da: c:\users\Nerchiola\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-05 al 2013-04-05 )))))))))))))))))))))))))))))))))))
.
.
2013-04-05 10:17 . 2013-04-05 10:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-05 10:17 . 2013-04-05 10:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-05 10:17 . 2013-04-05 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-05 10:06 . 2013-04-05 10:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FA9F0F6-5DF4-42CC-A86D-087F7A7AAE3C}\offreg.dll
2013-04-05 09:56 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FA9F0F6-5DF4-42CC-A86D-087F7A7AAE3C}\mpengine.dll
2013-04-04 20:04 . 2013-04-04 20:04 -------- d-----w- c:\users\Nerchiola\licman
2013-04-04 20:04 . 2013-04-04 20:04 -------- d-----w- c:\users\Nerchiola\ERHome64
2013-04-04 19:59 . 2013-04-04 19:59 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\Babylon
2013-04-04 19:59 . 2013-04-04 19:59 -------- d-----w- c:\programdata\Babylon
2013-04-04 18:52 . 2013-04-04 18:56 -------- d-----w- c:\program files (x86)\SoftLogica
2013-04-04 09:20 . 2013-04-04 09:20 -------- d-----w- c:\users\Nerchiola\AppData\Local\sshelper
2013-04-04 09:20 . 2013-04-04 15:31 -------- d-----w- c:\users\Nerchiola\AppData\Local\ssupd
2013-04-04 09:20 . 2013-04-04 09:22 -------- d-----w- c:\users\Nerchiola\AppData\Local\ServiceManager
2013-04-03 14:03 . 2013-04-03 14:09 -------- d-----w- c:\programdata\HitmanPro
2013-04-03 13:35 . 2013-04-03 13:35 -------- d-----w- c:\windows\SysWow64\syncdb
2013-03-29 16:43 . 2013-03-29 16:43 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\Malwarebytes
2013-03-29 16:43 . 2013-03-29 16:43 -------- d-----w- c:\programdata\Malwarebytes
2013-03-29 16:39 . 2013-04-04 09:22 -------- d-----w- c:\users\Nerchiola\AppData\Local\SoftwareUpdater
2013-03-29 15:35 . 2013-03-06 21:20 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-03-29 15:34 . 2013-03-29 15:34 -------- d-----w- c:\windows\ELAMBKUP
2013-03-29 15:34 . 2013-04-05 09:46 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-29 15:34 . 2013-03-29 15:34 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-03-29 15:34 . 2013-03-06 21:20 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-03-29 15:34 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-03-29 15:25 . 2013-03-29 15:27 -------- d-----w- c:\users\Nerchiola\AppData\Local\Avg2013
2013-03-28 16:42 . 2013-03-28 16:42 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\TuneUp Software
2013-03-28 16:37 . 2013-03-28 16:37 -------- d-----w- c:\users\Nerchiola\AppData\Local\MFAData
2013-03-28 16:26 . 2013-03-28 16:34 -------- d-----w- c:\users\Nerchiola\Doctor Web
2013-03-28 15:37 . 2013-03-28 15:42 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\IrfanView
2013-03-28 15:33 . 2013-03-28 16:16 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\Anvisoft
2013-03-28 15:32 . 2013-03-28 15:32 -------- d-----w- c:\programdata\Anvisoft
2013-03-28 15:32 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Anvisoft
2013-03-28 15:31 . 2013-04-04 18:52 -------- d-----w- c:\users\Nerchiola\AppData\Roaming\GetRightToGo
2013-03-28 15:16 . 2013-03-28 15:16 -------- d-----w- c:\users\Nerchiola\AppData\Local\VS Revo Group
2013-03-28 15:16 . 2013-03-28 15:16 -------- d-----w- c:\programdata\VS Revo Group
2013-03-28 15:16 . 2013-03-28 15:16 -------- d-----w- c:\users\Nerchiola\AppData\Local\Programs
2013-03-26 22:38 . 2013-03-28 10:24 -------- d-----w- c:\users\Nerchiola\AppData\Local\NeoSmart Technologies
2013-03-17 09:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-17 09:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-06 21:20 . 2013-03-06 21:20 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-03-06 21:20 . 2013-03-06 21:20 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-03-06 21:20 . 2013-03-06 21:20 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:47 . 2009-11-15 14:12 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-11 23:10 . 2009-11-12 12:05 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-04 09:00 . 2012-08-28 07:57 1316144 ----a-w- c:\windows\system32\dmwu.exe
2013-03-04 08:59 . 2012-08-28 07:57 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-03-04 08:07 . 2012-08-28 07:57 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-04 08:07 . 2012-08-28 07:57 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-12 05:45 . 2013-03-13 18:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:37 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-15 15:56 . 2012-06-26 20:37 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2010-11-08 15:01 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-30 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-06 356376]
"SsroService"="c:\users\Public\Documents\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00674792.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LiveUpSC;LiveUpSC;c:\users\Nerchiola\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280]
R2 SsroService;Ssro Service;c:\users\Nerchiola\AppData\Local\ServiceManager\ssro.exe [2013-01-24 31232]
R2 SsupdService;Ssupd Service;c:\users\Nerchiola\AppData\Local\ssupd\ssupd.exe [2013-01-24 156160]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-03 1436424]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\DRIVERS\onda_mx83xup_cpo.sys [2010-05-13 13824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-28 49152]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-21 834544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-03-06 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-29 188760]
S3 e1yexpress;Driver connessioni di rete Gigabit Intel(R);c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-03-06 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-03-06 29528]
S3 onda_mx83xup_cdc_acm;ONDA Mx83xUP CDC-ACM driver;c:\windows\system32\DRIVERS\onda_mx83xup_cdc_acm.sys [2010-05-13 80384]
S3 onda_mx83xup_dc_enum;ONDA Mx83xUP DC Enumerator;c:\windows\system32\DRIVERS\onda_mx83xup_dc_enum.sys [2010-05-13 80384]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 10:14 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 22:12]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 22:12]
.
2013-04-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.asp ... 5y47021215
mStart Page = hxxp://homepage.packardbell.com/rdr.asp ... 5y47021215
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Aggiungi ad Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe
DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} - hxxp://ww2.photocity.it/WebResource.axd ... 1880000000
FF - ProfilePath - c:\users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c25a9aaf000000000000000000000000
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15799
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.022:00
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
Supplementary scan did not complete!
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PDrotect - c:\program files (x86)\DProtect 2013©\DProtect 2013\DProtect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-04-05 12:19:52
ComboFix-quarantined-files.txt 2012-03-31 12:53
.
Pre-Run: 140.228.386.816 byte disponibili
Post-Run: 140.216.373.248 byte disponibili
.
- - End Of File - - 775A8CCB771152453575461E8F3B1881

[nerchiola]

1A PARTE OTL.TXT

OTL logfile created on: 05/04/2013 12:22:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nerchiola\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 66,75% Memory free
12,00 Gb Paging File | 9,66 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,45 Gb Total Space | 130,66 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
Drive D: | 342,09 Gb Total Space | 341,86 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive F: | 21,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NERCHIOLA-PC | User Name: Nerchiola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (SafeList) ==========

PRC - [2013/04/04 22:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\SANDRO.exe
PRC - [2013/03/06 23:20:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe
PRC - [2013/01/24 15:44:06 | 000,760,320 | ---- | M] (ssadp) -- C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe
PRC - [2013/01/15 23:10:06 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/17 22:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2010/07/05 11:55:30 | 007,697,816 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\UIMain.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 12:56:19 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 12:27:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 23:01:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 23:01:03 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 23:00:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 23:00:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 23:00:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 23:00:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 23:00:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/17 22:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010/11/13 02:58:31 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 03:55:37 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
MOD - [2010/07/05 11:55:30 | 007,697,816 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\UIMain.exe
MOD - [2010/07/05 11:55:16 | 001,034,664 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\DLL_Netcard_R.dll
MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/11 16:52:28 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Chiavetta Internet MT833UP\WaitingForm.dll


========== Services (SafeList) ==========

SRV - [2013/03/06 23:20:48 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/02/04 01:01:14 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programmi\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV - [2013/01/25 18:04:46 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Nerchiola\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (LiveUpSC)
SRV - [2013/01/24 15:46:02 | 000,156,160 | ---- | M] (SsupdService) [Auto | Stopped] -- C:\Users\Nerchiola\AppData\Local\ssupd\ssupd.exe -- (SsupdService)
SRV - [2013/01/24 15:46:02 | 000,031,232 | ---- | M] (SsroService) [Auto | Stopped] -- C:\Users\Nerchiola\AppData\Local\ServiceManager\ssro.exe -- (SsroService)
SRV - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/07/21 12:24:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 23:20:48 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/03/06 23:20:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/03/06 23:20:46 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/03/06 23:20:46 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/13 17:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/21 12:26:27 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 12:26:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 15:09:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/13 14:54:18 | 000,080,384 | ---- | M] (ONDA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\onda_mx83xup_dc_enum.sys -- (onda_mx83xup_dc_enum)
DRV:64bit: - [2010/05/13 14:54:18 | 000,080,384 | ---- | M] (ONDA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\onda_mx83xup_cdc_acm.sys -- (onda_mx83xup_cdc_acm)
DRV:64bit: - [2010/05/13 14:54:18 | 000,013,824 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_mx83xup_cpo.sys -- (onda_mx83xup_cpo)
DRV:64bit: - [2010/02/26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/02/26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/02/26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5y47021215
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADSA_it
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ' http://search.findeer.com&#39;
FF - prefs.js..extensions.enabledItems: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}:3.2.5.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}:2.0.0.573
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/03/29 17:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/03/29 17:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/03/29 17:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/03/29 17:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/03/29 17:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/03 15:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/03 15:34:56 | 000,000,000 | ---D | M]

[2009/11/12 16:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\Mozilla\Extensions
[2009/11/12 16:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/04/04 22:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions
[2013/04/04 22:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\extensions\ffxtlbr@babylon.com
[2013/04/04 22:00:10 | 000,001,294 | ---- | M] () -- C:\Users\Nerchiola\AppData\Roaming\Mozilla\Firefox\Profiles\c2qa81pg.default\searchplugins\delta.xml
[2013/03/30 13:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/03 21:56:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/08 17:01:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 12:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 21:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/04 11:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/06/26 22:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/08 22:40:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/18 12:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
File not found (No name found) -- C:\USERS\NERCHIOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2QA81PG.DEFAULT\EXTENSIONS\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
File not found (No name found) -- C:\USERS\NERCHIOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2QA81PG.DEFAULT\EXTENSIONS\DTTOOLBAR@TOOLBARNET.COM
File not found (No name found) -- C:\USERS\NERCHIOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2QA81PG.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\USERS\NERCHIOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2QA81PG.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM
[2010/05/03 21:56:04 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2010/05/03 21:56:04 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2010/05/03 21:56:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/11/03 04:26:39 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/11/03 04:26:39 | 000,001,412 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\demauro.xml
[2009/11/03 04:26:39 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2009/11/03 04:26:39 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/11/03 04:26:39 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/11/03 04:26:39 | 000,000,649 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.findeer.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00C2\u2122 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Ricerca Google = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Controllo URL Kaspersky = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Blocco contenuto = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Tastiera Virtuale = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Gmail = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Nerchiola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/03/30 14:04:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

[nerchiola]

2A PARTE OTL.TXT

]64bit:[/b] - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programmi\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe (ssadl)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3408613440-3956981067-2139279331-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe File not found
O9 - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C0F454A0-6020-488D-A48E-84B92E60DEE8} http://ww2.photocity.it/WebResource.axd ... 1880000000 (Image Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/16 19:49:38 | 000,000,034 | R--- | M] () - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/03/17 18:26:53 | 000,000,117 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 14 Days ==========

[2013/04/05 12:19:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/04 22:20:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\SANDRO.exe
[2013/04/04 22:04:34 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\licman
[2013/04/04 22:04:33 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\ERHome64
[2013/04/04 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Babylon
[2013/04/04 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/04/04 20:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftLogica
[2013/04/04 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\sshelper
[2013/04/04 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\ssupd
[2013/04/04 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\ServiceManager
[2013/04/04 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Application
[2013/04/03 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/03 15:35:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2013/04/03 15:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Desktop\Da mandare a MegaLab
[2013/04/03 15:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZSoft
[2013/04/02 23:14:21 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Desktop\Nuova cartella
[2013/03/29 19:34:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/29 19:34:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/29 18:55:18 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Nerchiola\Desktop\ComboFix.exe
[2013/03/29 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Malwarebytes
[2013/03/29 18:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\SoftwareUpdater
[2013/03/29 17:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/03/29 17:35:13 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/03/29 17:34:22 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/03/29 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/03/29 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/03/29 17:34:08 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/03/29 17:34:08 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/03/29 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\Avg2013
[2013/03/28 18:42:46 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\TuneUp Software
[2013/03/28 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\MFAData
[2013/03/28 18:26:08 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\Doctor Web
[2013/03/28 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\IrfanView
[2013/03/28 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\Anvisoft
[2013/03/28 17:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/28 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/28 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Roaming\GetRightToGo
[2013/03/28 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\VS Revo Group
[2013/03/28 17:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/28 17:16:18 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\Programs
[2013/03/28 17:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/27 00:38:00 | 000,000,000 | ---D | C] -- C:\Users\Nerchiola\AppData\Local\NeoSmart Technologies
[2009/08/15 10:09:28 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 14 Days ==========

[2013/04/05 12:14:10 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/05 12:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/04/05 11:39:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 11:39:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 11:37:27 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/05 11:37:27 | 000,698,554 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/04/05 11:37:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/05 11:37:27 | 000,127,780 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/04/05 11:37:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/05 11:30:26 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/05 11:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 11:30:15 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 22:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nerchiola\Desktop\SANDRO.exe
[2013/04/04 18:15:18 | 521,195,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/30 14:04:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/30 13:32:45 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Nerchiola\Desktop\ComboFix.exe
[2013/03/29 19:54:43 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/28 11:56:52 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/03/27 01:03:22 | 006,115,242 | ---- | M] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG.html

========== Files Created - No Company Name ==========

[2013/04/04 18:15:18 | 521,195,265 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/03/29 20:54:41 | 006,115,242 | ---- | C] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG.html
[2013/03/29 20:54:17 | 006,115,022 | ---- | C] () -- C:\Users\Nerchiola\Desktop\DSC_0165.JPG
[2013/03/29 19:34:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/29 19:34:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/29 19:34:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/29 19:34:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/29 19:34:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/29 18:39:57 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/02/14 22:57:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/20 23:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Patch Names
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Drivers
[2011/12/20 23:11:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mallets
[2011/12/20 23:11:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/20 23:11:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/20 23:11:20 | 000,000,268 | RH-- | C] () -- C:\Users\Nerchiola\AppData\Roaming\MIDI Devices
[2011/12/20 23:11:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail
[2011/12/20 23:11:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/07/21 12:56:01 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{E12EFDEE-E69D-4B20-98DF-3B3F4C360B10}
[2011/07/20 13:21:58 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{9AD2035E-3D46-425B-942E-D76124407B93}
[2011/07/20 13:19:54 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{427DC1E0-C13B-4D05-BFE5-918B3138A7A1}
[2011/06/20 11:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{A687D062-7EB1-4068-A0F0-1BDDF07D07E2}
[2011/06/20 11:45:38 | 000,000,000 | ---- | C] () -- C:\Users\Nerchiola\AppData\Local\{79D8E7F8-792F-44E3-B92F-FF73A1EB05D3}

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/28 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\AlawarEntertainment
[2012/04/30 11:45:51 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Amifude
[2013/03/28 18:16:45 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Anvisoft
[2013/02/04 01:09:47 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Autodesk
[2010/11/14 00:06:24 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\AVG10
[2013/04/04 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Babylon
[2013/04/05 00:29:00 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\BitTorrent
[2013/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\bwin-Piccadilly
[2009/12/02 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Capcom
[2010/12/21 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\DAEMON Tools Lite
[2012/11/11 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Friday's games
[2013/04/04 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\GetRightToGo
[2012/10/16 13:02:36 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\HdO Adventure
[2013/03/28 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\IrfanView
[2012/01/01 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\LucasArts
[2011/12/20 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Nikon
[2010/11/19 01:08:35 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Nokia
[2013/01/03 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Old Castle
[2009/11/12 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Opera
[2010/11/19 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\PC Suite
[2013/01/23 16:16:30 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Picturenaut
[2012/05/05 11:59:56 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Qio
[2011/11/27 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Registry Mechanic
[2011/11/11 16:20:27 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Rovio
[2011/11/10 01:57:18 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Sports Interactive
[2012/11/18 12:14:37 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\TOMI3
[2013/03/28 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\TuneUp Software
[2012/10/22 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\UseNeXT
[2010/10/30 23:55:49 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\Windows Live Writer
[2012/11/05 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\Nerchiola\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:95079543
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[nerchiola]

1A PARTE EXTRAS.TXT

OTL Extras logfile created on: 05/04/2013 12:22:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nerchiola\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 66,75% Memory free
12,00 Gb Paging File | 9,66 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,45 Gb Total Space | 130,66 Gb Free Space | 38,27% Space Free | Partition Type: NTFS
Drive D: | 342,09 Gb Total Space | 341,86 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive F: | 21,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NERCHIOLA-PC | User Name: Nerchiola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CC322DC-AD78-4E96-9213-40B4B2B5BAD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4519B65B-C811-4B5A-A9DB-9E4585B2507B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F5F2E12-441E-4FD3-965D-6BE47C10D1BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E4F7CB80-4155-41E6-AF7E-B4CDF60D376B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FE805C74-A956-4E4B-8BEF-ABC341609EDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294B968-7AA8-4432-998D-77A96AFA8BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08115FEA-B795-4748-B5B7-3E7CAC99BAB0}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010 demo\fm.exe |
"{0AC8DC33-0543-44A5-AA60-CDE59F36DE6D}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"{0E16BA90-EF90-4218-BC8D-DD8DA27DD253}" = protocol=6 | dir=in | app=c:\program files (x86)\halto\halto.exe |
"{19F63918-93DF-4CAF-B327-8CB3483122DA}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{204E6AD5-A48B-42D2-8C10-1B6ECAEAA02E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{20548650-3046-46CE-86EB-95748F20FC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4040C12A-AB27-406E-BB78-B0B2AD22107B}" = protocol=6 | dir=in | app=c:\users\nerchiola\appdata\roaming\bittorrent\bittorrent.exe |
"{4CB7EFD0-14A0-4E9B-B248-D4AE85AAF52B}" = protocol=17 | dir=in | app=c:\users\nerchiola\appdata\roaming\bittorrent\bittorrent.exe |
"{53666896-D109-4E58-971E-DCAD9882D43D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{566BADBC-7C78-45FD-9AF9-CE9A8C605517}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{59C1DE01-3E07-431E-8335-77814C878C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\motogp 08 demo\motogp 08\launcher.exe |
"{65A136D4-018A-448D-A372-E64ED5791512}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{763FD064-539E-41D6-B17C-2A3E00D0B3EA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{79489F02-4941-49DF-B822-6A8F82EDA1DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7F068429-5120-49D0-8ED8-C77B11FBB1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{80D03ECE-7039-4F61-ACAA-EA158864A71F}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{887EC3BE-7A51-4E08-BB1F-072AAD710EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{897126E8-77A5-49A7-882C-6B48BE1F7AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\motogp 08 demo\motogp 08\launcher.exe |
"{90A73702-13AD-4D1E-97ED-C23DE8DC80C0}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{915DE142-CF40-4F8B-8FB7-C7C76817FAB5}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{94E70677-D457-41BD-B858-9F73EFF029FA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{99E82B33-B227-4F45-B89E-12ABDE2CB168}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{9FD81AB1-CFC2-480A-A783-D59A78F6B115}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"{B61DD337-0996-4FDA-AAF3-3419ACAD1B7B}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010 demo\fm.exe |
"{B6C8F68E-B83E-4991-B7F6-2E7FA4A6169E}" = protocol=17 | dir=in | app=c:\program files (x86)\halto\halto.exe |
"{BB93E037-6EB8-4759-94F8-B9B32FDD958C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{BE099A54-BC04-4987-A91B-FAB650BC1C79}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C4687674-ADE2-40A8-A271-BC6911D5E03E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D34096B4-297D-4E35-8EC1-3EA969437745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D5490EDA-4D7D-4E14-ACAA-112A713751F5}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D8E6256A-2B1D-4C33-A429-DD0F7A7DA230}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E016C576-C0CB-4665-BBA8-7AD92D300EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E6202140-06EA-4A7F-8615-6676416B06AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E673DC62-206F-4F52-8474-2503B18C7A7C}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{EA3E70F3-AC72-441B-9C03-FB2377648470}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F2C68DF2-8570-48D7-AC04-50B5C9B0AEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8C2A91B-431F-4183-AEFF-2D74EAF0175B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{FC6280D7-0EC2-4AFA-ACF4-5D27F6599290}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{0B5D5359-2606-4BAB-9E92-23F3506BB7E9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{4BF68932-678F-4A68-86B6-28C306840546}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{716B2D02-F01B-497B-B281-BB99EDAD1B09}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{87F4EC56-50CF-49ED-88B0-6D61358A1BBE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B126A7F2-EFEC-442C-A341-EC20460162C7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B3148A7C-834E-4544-B393-DD91E3DA5C43}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{DB63B4D3-15D1-45BD-A2AB-C6BD60C2D37E}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=6 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |
"TCP Query User{F9C589EA-6B8F-4BFE-ADCB-C9BD6EEA7350}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{0EB45F41-5299-4D57-84A7-94DAE59485E0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{30D1169F-CE24-46D7-A517-A86C962F7F06}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{3C031FDA-7134-4FBF-AE0C-E602AC5D616A}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{8DE48BCD-834E-4F7A-AB7F-F0FF4CF0B698}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{B252C7B6-D3B9-4199-AAF3-57F5A16EE85D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{CC540565-B4C0-4C07-9326-46FCAC393D9A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F9630DC9-DE94-46F9-A004-7176480B30D1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{FAC45588-5382-4811-865A-FAAF7A955944}C:\users\nerchiola\appdata\roaming\qio\veesuq.exe" = protocol=17 | dir=in | app=c:\users\nerchiola\appdata\roaming\qio\veesuq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3032E99D-56F8-4084-8273-FBFA2F608B4A}" = Studio per il miglioramento del prodotto HP Photosmart 5510 series
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5783F2D7-9001-0410-0102-0060B0CE6BBA}" = AutoCAD 2011 - Italiano
"{5783F2D7-9001-0410-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Italiano
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E2E84C76-2AAC-4DA4-A27B-AD96F79D0FE0}" = Software di base della periferica HP Photosmart 5510 series
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacchetto driver Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Pacchetto driver Windows - Nokia Modem (08/03/2007 6.84.0.2)
"AutoCAD 2011 - Italiano" = AutoCAD 2011 - Italiano
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Zune" = Zune

[nerchiola]

2A PARTE EXTRAS.TXT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2ACE4349-FEF2-44DA-BE12-325D44F32FA8}_is1" = PowerOffer 3.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.3)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1" = Packard Bell GameZone Console
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT833UP
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9A3689DE-4FA6-4D5F-9524-2860229BD265}" = Default
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series ?
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{fd79ac04-05d2-49e2-a108-bcea3559374a}" = Nero 9 Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"BitTorrent" = BitTorrent
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Halto_is1" = Halto 4.4.7
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Lake House Children of Silence Collectors Edition 1.00" = Lake House Children of Silence Collectors Edition 1.00
"Metaboli" = Metaboli
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3408613440-3956981067-2139279331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winga Casino" = Winga Casino

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/04/2013 09:54:31 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 03/04/2013 09:59:05 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 03/04/2013 11:54:32 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 04/04/2013 05:19:20 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 04/04/2013 11:29:43 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 04/04/2013 11:31:39 | Computer Name = Nerchiola-pc | Source = SsupdService | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 04/04/2013 12:15:21 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 04/04/2013 12:17:34 | Computer Name = Nerchiola-pc | Source = SsupdService | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 05/04/2013 05:30:25 | Computer Name = Nerchiola-pc | Source = Avira AntiVir | ID = 4122
Description =

Error - 05/04/2013 05:32:11 | Computer Name = Nerchiola-pc | Source = SsupdService | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

[ Media Center Events ]
Error - 17/01/2010 18:15:04 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:15:04 - Errore di connessione a Internet. 23:15:04 - Impossibile
contattare il server..

Error - 17/01/2010 18:15:12 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:15:09 - Errore di connessione a Internet. 23:15:09 - Impossibile
contattare il server..

Error - 20/01/2010 20:10:21 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:10:21 - Errore di connessione a Internet. 01:10:21 - Impossibile
contattare il server..

Error - 20/01/2010 20:10:30 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:10:26 - Errore di connessione a Internet. 01:10:26 - Impossibile
contattare il server..

Error - 27/01/2010 18:54:11 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:54:11 - Errore di connessione a Internet. 23:54:11 - Impossibile
contattare il server..

Error - 27/01/2010 18:54:43 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 23:54:40 - Errore di connessione a Internet. 23:54:40 - Impossibile
contattare il server..

Error - 27/01/2010 19:55:12 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 00:55:12 - Errore di connessione a Internet. 00:55:12 - Impossibile
contattare il server..

Error - 27/01/2010 19:55:42 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 00:55:41 - Errore di connessione a Internet. 00:55:41 - Impossibile
contattare il server..

Error - 29/01/2010 20:18:16 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:18:15 - Errore di connessione a Internet. 01:18:15 - Impossibile
contattare il server..

Error - 29/01/2010 20:18:24 | Computer Name = Nerchiola-pc | Source = MCUpdate | ID = 0
Description = 01:18:21 - Errore di connessione a Internet. 01:18:21 - Impossibile
contattare il server..

[ System Events ]
Error - 30/03/2013 08:03:28 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 04/04/2013 11:31:13 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssro Service bloccato in partenza.

Error - 04/04/2013 11:31:13 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssupd Service bloccato in partenza.

Error - 04/04/2013 12:15:19 | Computer Name = Nerchiola-pc | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 18:13:31 su ?04/?04/?2013.

Error - 04/04/2013 12:15:25 | Computer Name = Nerchiola-pc | Source = BugCheck | ID = 1001
Description =

Error - 04/04/2013 12:17:12 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssro Service bloccato in partenza.

Error - 04/04/2013 12:17:12 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssupd Service bloccato in partenza.

Error - 05/04/2013 05:31:56 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssro Service bloccato in partenza.

Error - 05/04/2013 05:31:56 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7022
Description = Servizio Ssupd Service bloccato in partenza.

Error - 05/04/2013 06:17:46 | Computer Name = Nerchiola-pc | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.


< End of report >