Posto i log come da guida suggerita.
Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.orgData scansione: 02/09/2014
Ora scansione: 11.52.39
File di log: Log_malwarebytes.txt
Amministratore: Si
Versione: 2.00.2.1012
Database malware: v2014.09.02.03
Database rootkit: v2014.08.21.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata
SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: Mora
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 323017
Tempo impiegato: 1 ore, 27 min, 36 sec
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Heuristics: Attivata
PUP: Attivata
PUM: Attivata
Processi: 0
(No malicious items detected)
Moduli: 0
(No malicious items detected)
Chiavi di registro: 0
(No malicious items detected)
Valori di registro: 0
(No malicious items detected)
Dati di registro: 0
(No malicious items detected)
Cartelle: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Settori fisici: 0
(No malicious items detected)
(end)
AdwCleaner
# AdwCleaner v3.308 - Rapporto creato 02/09/2014 in 16:00:40
# Aggiornato 20/08/2014 di Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nome utente : Mora - MORA-D67647DE04
# In esecuzione da : C:\Documents and Settings\Mora\Documenti\Download\adwcleaner_3.308.exe
# Opzione : Pulisci
***** [ Servizi ] *****
***** [ File / Cartelle ] *****
***** [ Compiti ] *****
***** [ Collegamenti ] *****
***** [ Registro ] *****
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v31.0 (x86 it)
[ File : C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\prefs.js ]
[ File : C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [22649 octets] - [23/08/2014 11:39:10]
AdwCleaner[R1].txt - [22710 octets] - [23/08/2014 12:02:36]
AdwCleaner[R2].txt - [1215 octets] - [02/09/2014 15:50:22]
AdwCleaner[R3].txt - [1275 octets] - [02/09/2014 15:58:31]
AdwCleaner[S0].txt - [23249 octets] - [23/08/2014 12:03:36]
AdwCleaner[S1].txt - [1193 octets] - [02/09/2014 16:00:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1253 octets] ##########
OTL
OTL logfile created on: 02/09/2014 15.29.13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mora\Documenti\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
1,94 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 33,29% Memory free
3,78 Gb Paging File | 2,54 Gb Available in Paging File | 67,05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 76,32 Gb Total Space | 30,23 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 439,01 Gb Free Space | 94,26% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 340,08 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
Computer Name: MORA-D67647DE04 | User Name: Mora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Mora\Documenti\Download\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmi\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\Norton 360\Engine\21.5.0.19\n360.exe (Symantec Corporation)
PRC - C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programmi\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programmi\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programmi\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
PRC - C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\system32\S3Trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (No Company Name) ========== MOD - c:\Documents and Settings\Mora\Impostazioni locali\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpla484r.dll ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_multiprocessing.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\hashobjs_ext.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_ssl.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_hashlib.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._windows_.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._html2.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32pipe.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32pdh.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._controls_.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\unicodedata.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\pyexpat.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32inet.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32event.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\select.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32file.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32security.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32profile.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32gui.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_elementtree.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32api.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_ctypes.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\_socket.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._core_.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32ts.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._misc_.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\pythoncom27.dll ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._wizard.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\wx._animate.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32crypt.pyd ()
MOD - C:\Documents and Settings\Mora\Impostazioni locali\Temp\_MEI18682\win32process.pyd ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
MOD - C:\Programmi\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\libcef.dll ()
MOD - C:\Programmi\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Programmi\HP\Digital Imaging\bin\libexpatw.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
========== Services (SafeList) ========== SRV - (SoftwareUpd) -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (N360) -- C:\Programmi\Norton 360\Engine\21.5.0.19\N360.exe (Symantec Corporation)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (PowerOffer Service) -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\PosService\Pos.exe (PowerOfferService)
SRV - (Autodesk Licensing Service) -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (LBTServ) -- C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (CCALib8) -- C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (IDSxpx86) -- C:\Programmi\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140901.001\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Programmi\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140901.021\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programmi\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20140901.021\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Programmi\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140821.007\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\1505000.013\symefa.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\1505000.013\symtdi.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\1505000.013\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\1505000.013\srtspx.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\1505000.013\ironx86.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\1505000.013\ccsetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\1505000.013\symds.sys (Symantec Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)
DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.symantec.comIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=it&pid=N360&pvid=21.3.0.12IE - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..\SearchScopes\{C123A82E-627A-416C-A3B2-683EF592BE12}: "URL" =
http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: matchersitepro%40matchersitepro.com:1.7
FF - prefs.js..extensions.enabledAddons: %7Ba2bfe612-4cf5-48ea-907c-f3fb25bc9d6b%7D:0.1
FF - prefs.js..extensions.enabledAddons: sitenew%40sitenew.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.7.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programmi\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Programmi\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn\ [2014/09/02 14.29.01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/04 12.21.32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2014/08/13 19.01.31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/04 12.21.32 | 000,000,000 | ---D | M]
[2010/03/24 19.15.51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Extensions
[2014/08/23 12.03.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\n7yi78zn.default\extensions
[2014/09/02 15.25.48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions
[2014/08/07 14.46.45 | 000,000,000 | ---D | M] ("Website Xplorer") -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions\{a2bfe612-4cf5-48ea-907c-f3fb25bc9d6b}
[2014/06/24 09.55.07 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions\1403541403_xpi
[2014/07/21 11.22.27 | 000,000,000 | ---D | M] ("Site Matcher Pro") -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions\matchersitepro@matchersitepro.com
[2014/09/02 14.57.28 | 000,000,000 | ---D | M] ("Site Explorer") -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions\sitenew@sitenew.com
[2014/09/02 15.25.50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\xer3k0ph.default-1380109211859\extensions\staged
[2014/08/23 12.03.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\extensions
[2010/03/25 10.44.49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/03/25 10.44.49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 10.44.49 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/03/25 10.44.47 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\Mora\Dati applicazioni\Mozilla\Firefox\Profiles\zab0syon.Pier Luigi\extensions\anycolor.pavlos256@gmail.com
[2014/08/23 12.03.49 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2014/08/01 17.20.56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/08/01 17.20.57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/08/01 17.20.57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/08/01 17.20.58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/08/01 17.20.54 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2014/08/01 17.20.54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/08/01 17.21.58 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/02 14.29.01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DATI APPLICAZIONI\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\COFFPLGN
[2010/03/24 09.56.10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O1 HOSTS File: ([2004/08/19 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PDFPrint] C:\Programmi\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PosService] File not found
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003..\Run: [Gadwin PrintScreen] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003..\Run: [GoogleDriveSync] C:\Programmi\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Mora\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk = C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1275210071-1417001333-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269412663531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269421224109 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E}
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E27F4A48-C185-4AB1-83AE-ECCD496B0CDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E27F4A48-C185-4AB1-83AE-ECCD496B0CDB}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll) - c:\Programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 13.46.46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 60 Days ========== [2014/09/02 15.16.15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/23 11.40.09 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/08/23 11.37.55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/22 21.33.01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/22 21.32.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
[2014/08/22 21.31.59 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/22 21.31.58 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/22 21.31.58 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes Anti-Malware
[2014/08/22 21.31.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2014/08/19 20.07.43 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Skype
[2014/08/19 17.57.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\Adobe
[2014/08/13 20.14.58 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2014/08/13 20.14.30 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/08/13 20.14.15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/08/13 20.14.15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/08/13 20.14.15 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/08/01 17.20.52 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 60 Days ========== [2014/09/02 15.05.00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-1275210071-1417001333-725345543-1003.job
[2014/09/02 14.59.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/02 14.48.38 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/02 14.48.38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Go for FilesUpdate.job
[2014/09/02 14.48.38 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
[2014/09/02 14.41.00 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/02 14.28.41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/02 11.50.47 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/02 11.20.06 | 000,002,704 | ---- | M] () -- C:\Documents and Settings\Mora\intlname.ols
[2014/09/01 19.02.05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/27 11.47.21 | 000,043,689 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1505000.013\VT20140827.005
[2014/08/22 21.32.17 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/22 15.05.39 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Mora\Desktop\Microsoft Office Word 2003.lnk
[2014/08/18 15.20.06 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/08/18 13.41.48 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/08/18 13.41.48 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/08/14 15.35.15 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Mora\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
[2014/08/14 15.32.43 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Mora\Desktop\Dropbox.lnk
[2014/08/14 15.24.03 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2014/08/14 15.23.09 | 000,684,292 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1505000.013\Cat.DB
[2014/08/13 20.13.53 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/08/13 20.13.50 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/08/13 20.13.50 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/08/13 20.13.50 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/08/13 20.13.50 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/08/08 15.00.00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
[2014/07/31 22.49.37 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1505000.013\isolate.ini
[2014/07/23 07.13.10 | 000,030,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1505000.013\symvtcer.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2014/08/22 21.32.17 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/14 15.35.13 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Mora\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
[2013/02/06 14.36.46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/29 11.20.19 | 000,715,038 | ---- | C] () -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\unins000.exe
[2012/11/29 11.20.19 | 000,004,790 | ---- | C] () -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\unins000.dat
[2012/10/04 12.12.27 | 000,210,347 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2012/10/04 12.12.27 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2011/11/03 17.17.38 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 12.12.51 | 000,002,034 | ---- | C] () -- C:\Documents and Settings\Mora\Dati applicazioni\SAS7_000.DAT
[2010/12/12 18.13.30 | 000,038,485 | ---- | C] () -- C:\Documents and Settings\Mora\Dati applicazioni\Microsoft Excel.ADR
[2010/03/26 12.07.38 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\Mora\intlname.ols
[2010/03/24 09.56.02 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Mora\Impostazioni locali\Dati applicazioni\fusioncache.dat
========== ZeroAccess Check ========== [2010/03/24 08.51.44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 07.08.10 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2010/03/25 17.28.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
[2012/03/08 16.09.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2012
[2010/11/19 12.10.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/11/19 15.19.56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2010/03/25 19.58.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2012/03/08 16.08.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2014/06/06 18.47.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
[2014/06/24 11.20.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Smart Soft
[2010/03/24 18.10.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2011/01/11 19.00.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Autodesk
[2014/09/02 14.52.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Dropbox
[2010/03/24 18.16.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\EPSON
[2012/11/07 12.36.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\FileZilla
[2014/06/24 11.20.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Free PDF to Word Converter
[2011/04/12 15.09.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\GARMIN
[2013/10/28 19.03.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\inkscape
[2010/03/24 10.28.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\IsolatedStorage
[2010/12/02 19.47.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Nuance
[2011/10/07 16.52.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\OpenOffice.org
[2010/03/26 12.11.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\pdf995
[2013/10/04 14.32.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\ProgeCAD
[2012/11/28 16.15.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Softi Software
[2011/07/06 15.48.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\Spamihilator
[2012/06/19 13.10.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\wtxpcom
[2011/11/28 12.27.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mora\Dati applicazioni\ZippHO3
========== Purity Check ========== < End of report >
OTL Extras
OTL Extras logfile created on: 02/09/2014 15.29.13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mora\Documenti\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
1,94 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 33,29% Memory free
3,78 Gb Paging File | 2,54 Gb Available in Paging File | 67,05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 76,32 Gb Total Space | 30,23 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 439,01 Gb Free Space | 94,26% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 340,08 Gb Free Space | 73,02% Space Free | Partition Type: NTFS
Computer Name: MORA-D67647DE04 | User Name: Mora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1275210071-1417001333-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Modulo di esecuzione DLL come applicazioni -- (Microsoft Corporation)
"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Mora\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082EC8DE-8C4E-453B-8623-87E24642426E}" = Google SketchUp 8
"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI
"{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25AB02BF-E977-49B3-A743-270EA89A9C8F}" = EN 13790 DoCEt
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5783F2D7-6001-0410-0002-0060B0CE6BBA}" = AutoCAD 2008 - Italiano
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 6.3.2
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA47ABA7-4F91-4B66-A03D-47CB1552F5E6}" = pdfforge Toolbar v9.6
"{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adsen FavIcon_is1" = Adsen FavIcon
"AutoCAD 2008 - Italiano" = AutoCAD 2008 - Italiano
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Codice Fiscale 32-bit v4.21_is1" = Codice Fiscale 32-bit v4.21
"DiathermPRO 2.0" = DiathermPRO 2.0
"EPSON Printer and Utilities" = Software per stampante EPSON
"FileZilla Client" = FileZilla Client 3.5.3
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Gadwin PrintScreen" = Gadwin PrintScreen
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma
"JEcho - Calcolo delle proprietà acustiche di edifici" = JEcho - Calcolo delle proprietà acustiche di edifici
"JTempEst Calcolo dello sfasamento e dell'attenuazione dell'onda termica" = JTempEst Calcolo dello sfasamento e dell'attenuazione dell'onda termica
"JVap Calcolo dei fenomeni di condensazione superficiale e interstiziale" = JVap Calcolo dei fenomeni di condensazione superficiale e interstiziale
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versione 2.0.2.1012
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 31.0 (x86 it)" = Mozilla Firefox 31.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"Pdf995" = Pdf995
"pdfsam" = pdfsam
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.94
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = TermoK8calc
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0095
"VLC media player" = VLC media player 2.0.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZippHO_is1" = ZippHO
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1275210071-1417001333-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cened+" = Cened+
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.4.0.1558
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 17/02/2014 10.25.59 | Computer Name = MORA-D67647DE04 | Source = VSS | ID = 12297
Description = Errore del Servizio copia replicata del volume: le scritture di I/O
non possono essere scaricate durante il periodo di creazione della copia replicata
del volume C:\. L'indice del volume nel gruppo delle copie replicate è 0. Dettagli
errore: Flush[0x00000000], Release[0x00000000], OnRun[0x00000000].
Error - 17/02/2014 10.26.06 | Computer Name = MORA-D67647DE04 | Source = VSS | ID = 12289
Description = Errore del Servizio copia replicata del volume: errore inatteso SetEvent(00000368).
hr = 0x80070006.
Error - 17/02/2014 10.26.14 | Computer Name = MORA-D67647DE04 | Source = VSS | ID = 12298
Description = Errore del Servizio copia replicata del volume: le scritture di I/O
non possono essere mantenute durante il periodo di creazione della copia replicata
del volume C:\. L'indice del volume nel gruppo delle copie replicate è 0. Dettagli
errore: Flush[0x00000000], Release[0x00000000], OnRun[0x00000000].
Error - 18/02/2014 5.02.00 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 04/04/2014 3.38.53 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 07/04/2014 8.15.52 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 08/04/2014 3.33.03 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 11/04/2014 13.19.00 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 17/04/2014 3.20.56 | Computer Name = MORA-D67647DE04 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 17/04/2014 3.24.09 | Computer Name = MORA-D67647DE04 | Source = MsiInstaller | ID = 1013
Description = Product: Skype Click to Call -- Installation cannot proceed on this
operating system.
[ System Events ]
Error - 22/08/2014 4.53.33 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
Error - 22/08/2014 16.14.39 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
Error - 22/08/2014 16.14.39 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: PCIIde
ViaIde
Error - 23/08/2014 4.11.40 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
Error - 23/08/2014 6.07.47 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7000
Description = Il servizio Software Upd non è stato avviato per il seguente errore:
%%3
Error - 23/08/2014 6.09.36 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
Error - 02/09/2014 4.45.16 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7000
Description = Il servizio Software Upd non è stato avviato per il seguente errore:
%%3
Error - 02/09/2014 4.46.59 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
Error - 02/09/2014 8.29.17 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7000
Description = Il servizio Software Upd non è stato avviato per il seguente errore:
%%3
Error - 02/09/2014 8.30.37 | Computer Name = MORA-D67647DE04 | Source = Service Control Manager | ID = 7022
Description = Servizio Pos Service bloccato in partenza.
< End of report >