Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto sono infettato (BDS zero acces e Win32 Agent?)

3 pages: [1] 2 3

Aiuto sono infettato (BDS zero acces e Win32 Agent?)

Opzioni

Topic Precedente · Topic Sucessivo

grinta

Inviato: Thursday, March 07, 2013 10:37:20 AM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Probabilmente preso da una richiesta di installazione di adobe reader (!!!) mi ritrovo il pc molto lento,con scomparsa di alcune cartelle ed icone,internet lentissimo e scomaprsa della cartella preferiti.L'antivirus Avira mi segnala i seguenti virus:BDS ZERO ACCESS e WIN32 agent ma non è riuscito a bloccarli;non riesco a far partire scansioni online o a installare nuovi antivirus(probabilmente vengono bloccati);sono riuscito a fare una scansione con Malaware-antimalaware senza alcun risultato.Prima di formattare qualcuno mi può aiutare?

Sponsor

Inviato: Thursday, March 07, 2013 10:37:20 AM

shapiro

Inviato: Thursday, March 07, 2013 10:41:03 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao vedi se riesci a fare questa scansione

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,

grinta

Inviato: Thursday, March 07, 2013 12:23:45 PM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Ok,intanto grazie.Ma scusa l'inesperienza ,cos'è e come funziona Wikisend?

shapiro

Inviato: Thursday, March 07, 2013 1:02:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

vai su www.wikisend.com

scegli il file di testo trasmite ''sfoglia''

selezionalo

clicca su ''apri'' poi su '' upload file''

copia il primo link e postalo

grinta

Inviato: Thursday, March 07, 2013 7:57:52 PM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Purtroppo wikisend mi dà errore quando cerco di fare l'upload del file.Ti faccio un copia e incolla sperando vada bene lo stesso.

OTL logfile created on: 07/03/2013 12.22.00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benetollo\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,94 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 34,59% Memory free
6,08 Gb Paging File | 4,27 Gb Available in Paging File | 70,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 29,51 Gb Free Space | 13,36% Space Free | Partition Type: NTFS
Drive D: | 118,48 Mb Total Space | 109,21 Mb Free Space | 92,17% Space Free | Partition Type: FAT

Computer Name: PC-BENETOLLO | User Name: Benetollo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Benetollo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programmi\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programmi\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programmi\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programmi\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programmi\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programmi\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Programmi\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programmi\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

========== Modules (No Company Name) ==========

MOD - C:\Programmi\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\madexcept_.bpl ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Programmi\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NisSrv) -- c:\Programmi\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (odserv) -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programmi\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programmi\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ACDaemon) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LVPrcSrv) -- C:\Programmi\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MFE_RR) -- C:\Users\BENETO~1\AppData\Local\Temp\mfe_rr.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (kl1) -- system32\DRIVERS\kl1.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MpKsl97b87076) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3B1236F-4C44-45CF-A2B3-20B610F2CDA4}\MpKsl97b87076.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (VtcDrv) -- C:\Windows\System32\drivers\vtcdrv_x86.sys (Windows (R) Codename Longhorn DDK provider)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programmi\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7PBEA_it&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=08zZqKAyW_epjM3PSwywDktGR6I?q={searchTerms}
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\{F2F43F86-8C0E-4D99-BEAC-0C6FE0EC0AEF}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\Yahoo!: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (MapsGalaxy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/03/03 12.02.28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Benetollo\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Benetollo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@greentube.com/GreenWebPlayer: C:\Games\GreenWebPlayer\npgreenwebplayer.dll (Greentube Internet Entertainment Solutions GmbH)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benetollo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Users\Benetollo\AppData\Roaming\OfferBox\offerboxffx@offerbox.com [2013/03/03 12.03.04 | 000,000,000 | ---D | M]

[2008/08/11 20.28.31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benetollo\AppData\Roaming\mozilla\Extensions
[2008/08/11 20.28.31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benetollo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2006/09/18 22.41.30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Cercato Toolbar) - {545D2280-F50E-4F81-BF5A-CD04A6512CE2} - C:\Programmi\PopCorn\it\Toolbar\PopCorn.dll (E-Kanopi)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\Toolbar\WebBrowser: (Radio Bar 2 Toolbar) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [Facebook Update] C:\Users\Benetollo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [Ylizulynke] C:\Users\Benetollo\AppData\Roaming\Fiurxi\uqudz.exe ()
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\RunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Benetollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Benetollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update GreenWebPlayer.lnk = C:\Games\GreenWebPlayer\Updater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1964839612-41541757-475487781-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..Trusted Domains: civibank.it ([www] http in Siti attendibili)
O15 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..Trusted Domains: localhost ([]http in Intranet locale)
O15 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..Trusted Domains: unicredit.it ([www] https in Siti attendibili)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} http://194.244.16.117/g_bin/eng/navy_2_0_0_29.cab (GameDesire Sea Battle)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.livetv.ru/livetv.ru/cab/tvants.cab.rar (TVAnts ActiveX Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} http://194.244.16.117/g_bin/eng/poker_2_0_0_49.cab (GameDesire Poker Games)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} http://194.244.16.123/g_bin/eng/words_2_0_0_51.cab (GameDesire Word Games)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.fueps.com/gp/images/common/games/PopCapGames/popcaploader_v10_it.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{534F1BAE-E2ED-47F3-8DD8-F77FDDBD2A65}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEF1CDA7-CE88-4D12-BB14-9159C0ACD443}: DhcpNameServer = 193.70.152.15
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programmi\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Programmi\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benetollo\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benetollo\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01a0c49e-bf2f-11de-a08c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{01a0c49e-bf2f-11de-a08c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O33 - MountPoints2\{19f0cfa8-eff1-11de-923a-0024219f6c76}\Shell - "" = AutoRun
O33 - MountPoints2\{19f0cfa8-eff1-11de-923a-0024219f6c76}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c1f863fc-3d73-11df-bfb1-0024219f6c76}\Shell\Auto\command - "" = semmbzkvc.exe
O33 - MountPoints2\{c1f863fc-3d73-11df-bfb1-0024219f6c76}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL semmbzkvc.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/03/07 12.32.31 | 000,043,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ycarakha.sys
[2013/03/07 12.20.06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benetollo\Desktop\OTL.exe
[2013/03/07 07.08.47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/07 07.05.55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/07 06.59.24 | 011,116,496 | ---- | C] (Microsoft Corporation) -- C:\Users\Benetollo\Desktop\mseinstall.exe
[2013/03/07 06.47.29 | 000,393,104 | ---- | C] (Softonic ) -- C:\Users\Benetollo\Desktop\SoftonicDownloader_per_microsoft-security-essentials.exe
[2013/03/07 01.20.05 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\Documents\AGENTCLN
[2013/03/07 00.18.58 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Local\Threat Expert
[2013/03/06 23.05.20 | 014,298,728 | ---- | C] (Kingsoft Corporation) -- C:\Users\Benetollo\Desktop\kav_setup.exe
[2013/03/06 22.57.55 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2013/03/06 22.50.04 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2013/03/06 22.50.00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2013/03/06 22.48.52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/03/06 22.48.45 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\TestApp
[2013/03/06 22.31.58 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Benetollo\Desktop\iexplore.exe.exe
[2013/03/06 21.59.19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/03/06 21.22.52 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/06 20.23.07 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/06 20.20.18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/03/06 20.13.41 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Local\{CD50D04F-1017-4487-AA67-39523F19B9D6}
[2013/03/06 19.58.58 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\DriverCure
[2013/03/06 19.58.57 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\SpeedyPC Software
[2013/03/06 19.54.38 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/06 19.39.21 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2013/03/06 19.37.05 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2013/03/06 10.59.00 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Uspywe
[2013/03/06 10.59.00 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Syopi
[2013/03/06 10.59.00 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Beugl
[2013/03/05 11.06.03 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Wepuga
[2013/03/05 11.06.03 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Qiis
[2013/03/05 11.06.03 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Eqamev
[2013/03/04 16.33.23 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Fiurxi
[2013/03/04 16.33.23 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Couror
[2013/03/04 16.33.23 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\Arwup
[2013/03/02 08.32.16 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Local\{87A2BF78-7635-4E90-BCC4-3A82AFE073EB}
[2013/03/01 20.34.27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot(4289)
[2013/03/01 20.34.27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar(4386)
[2013/03/01 13.25.25 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Local\{B010C1D7-4912-4B80-8985-D29B377A391A}
[2013/03/01 09.30.47 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{7CFA6180-7E81-4E6F-B902-F6D9DED9F703}
[2013/02/28 12.09.41 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{7693343E-1D91-4FB4-8F94-A081459A789B}
[2013/02/27 13.25.42 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{FB6B7A8D-BD81-49CA-9AA6-4E9A9567C856}
[2013/02/26 22.37.36 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{C0750F4B-A36F-4F70-B7FB-211AD82EFE9F}
[2013/02/26 10.28.38 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{0FBD1C0B-7B89-47CD-A2C3-508FCCCCB6E2}
[2013/02/25 13.16.11 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B9D3883E-001E-4E84-9A4E-F9D779E2BD37}
[2013/02/24 20.35.12 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{D511A982-B949-460F-883E-4B0FCCD7F22C}
[2013/02/23 08.41.45 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{CC011515-55C3-4FB0-811F-075E01BEE139}
[2013/02/22 08.57.10 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{F2E65878-4E9F-4631-8BA6-F8FAE9954E8E}
[2013/02/21 12.18.54 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{0AAEDE2E-C254-44C2-9AC3-4E9DC68F5C62}
[2013/02/20 13.10.47 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{860E14CF-C46F-4D1D-80BC-C98B4DD67016}
[2013/02/19 11.54.43 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{640EAAB8-84C2-4BEF-A813-C9D058D9D957}
[2013/02/18 07.37.48 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{6E817E3C-CE94-49BD-A232-6EEF6D0C4EE7}
[2013/02/15 13.01.00 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{60F4A00F-02D7-4987-9319-6234D05B9440}
[2013/02/14 11.04.57 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{4BAA0BDC-FB45-4933-BCA9-16AFBFB1F76F}
[2013/02/13 19.55.12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 19.55.11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 19.55.10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 19.55.10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 19.55.10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 19.55.08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 19.55.08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 19.55.07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 14.20.46 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{BCE025EA-251D-4612-AD6B-18257AF24F12}
[2013/02/13 13.44.16 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 13.44.15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/02/13 13.44.12 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 13.44.12 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 13.36.04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/02/13 13.36.04 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2013/02/13 13.36.04 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/02/12 10.48.06 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{4BE2087A-8E64-4A3E-AC6B-6EE52D8F7B93}
[2013/02/11 13.41.42 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{C1AA3A80-E4B2-494D-80A5-CF9A53003F65}
[2013/02/08 13.30.55 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{CBD5A606-97C0-45B1-B192-D64B12EDC93E}
[2013/02/07 11.31.07 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{0EE29A97-4B85-4C8C-BF26-0E6AC28C2C46}
[2013/02/06 12.45.04 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{F799F4D1-2A78-40BE-9F0D-C123EB76290D}
[2013/02/05 10.26.23 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{069F20B6-A526-4C8E-9086-5E0CA3BE7DB6}
[2013/02/04 13.20.11 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{A86A7F40-DE63-4E4C-9C2B-95466C100D2B}
[2013/02/03 08.19.23 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{6E39E499-49B1-4A0E-B795-0B3530A7B09A}
[2013/02/02 17.38.58 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{F770325B-02F8-40D4-80B0-25F3CE8AE9F8}
[2013/02/01 11.57.06 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{D56B6D81-A58E-498D-9221-143E083533DD}
[2013/01/31 11.46.32 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{3CAB77BB-9244-4DA3-8045-ACDC52D7FA25}
[2013/01/29 12.08.14 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{A472A565-E392-4D4B-B495-D2DC76B3D8FA}
[2013/01/28 17.29.28 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{F189CBFE-F99C-4A80-9D05-01183AD9C95A}
[2013/01/27 17.17.43 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\Documents\Harry Potter II
[2013/01/27 17.17.13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013/01/27 17.15.48 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2013/01/27 17.14.41 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2013/01/27 17.14.28 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/01/27 17.14.28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/01/25 12.58.37 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B72D84E1-427E-4DF3-84C8-BCECE19006D2}
[2013/01/24 12.26.47 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{CE98246B-F4E0-4AD2-8231-6A35EC3CD2A6}
[2013/01/23 13.30.43 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{26DADD1A-DAD6-4D21-8269-CB0431C1F98B}
[2013/01/22 11.31.44 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B3B84539-A499-46DC-AF50-F1350A8703CC}
[2013/01/21 13.26.41 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{28059530-4EA8-41CF-B652-2E3824949DC9}
[2013/01/20 20.24.10 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{F33A79E9-9B29-4ACC-93A4-B669A95EC7E7}
[2013/01/20 15.59.04 | 000,100,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2013/01/18 11.53.52 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{264007AE-B548-44C5-A06F-D4F7721285EB}
[2013/01/17 11.27.31 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{D41A959C-D177-4A71-90BF-4F394C33207D}
[2013/01/16 13.02.21 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{3A41552F-E6B3-4C2E-A652-0B2E78CD58F7}
[2013/01/15 13.20.46 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{5733C523-3891-4383-A6FC-9A10537B4D43}
[2013/01/14 12.35.13 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{29B4C4B2-BBD7-4715-AEE2-6C783DDC993A}
[2013/01/13 11.16.10 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{17FA4E3C-4202-45D2-8DA3-BCC5029BDEC2}
[2013/01/12 16.09.41 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B49AD9D9-7392-4DF5-8863-E5152F6EA438}
[2013/01/11 11.51.02 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{66CC79C4-076F-41F6-85D8-C94D1A3EC661}
[2013/01/10 11.20.42 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{28EB4FA3-5896-4024-9EB8-702EA7B49DAB}
[2013/01/09 13.33.02 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{21E674EF-F00E-4BB1-95CA-9DCA677004FC}
[2013/01/09 13.18.56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/08 10.33.33 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{FB2A8769-7F51-45F5-B646-A0B3F1CF4BFD}
[2013/01/07 13.44.22 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B2D9885E-5730-4BD3-951F-516753C59A0F}
[2013/01/06 21.54.34 | 000,000,000 | -H-D | C] -- C:\Users\Benetollo\AppData\Local\{B8CCB58D-706F-4845-9871-7473837F99F5}
[2012/04/13 11.37.45 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Benetollo\AppData\Roaming\SetupGFD.exe
[2012/04/13 11.37.29 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Benetollo\AppData\Roaming\ffdshow.exe
[2012/04/13 11.37.28 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Benetollo\AppData\Roaming\xvid.exe
[2012/04/13 11.37.18 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Benetollo\AppData\Roaming\Imgburn.exe
[2012/04/13 11.37.10 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Benetollo\AppData\Roaming\Avisynth.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/03/07 12.45.07 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 12.42.00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 12.42.00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 12.32.32 | 000,043,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ycarakha.sys
[2013/03/07 12.31.01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Garanzia estesa-Benetollo.job
[2013/03/07 12.20.07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benetollo\Desktop\OTL.exe
[2013/03/07 12.11.02 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 09.51.03 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964839612-41541757-475487781-1000UA.job
[2013/03/07 09.11.03 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 07.13.50 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/07 06.59.25 | 011,116,496 | ---- | M] (Microsoft Corporation) -- C:\Users\Benetollo\Desktop\mseinstall.exe
[2013/03/07 06.53.13 | 000,671,944 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/03/07 06.53.13 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/07 06.53.13 | 000,123,496 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/03/07 06.53.12 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/07 06.41.52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/07 06.41.49 | 3153,240,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 06.37.49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/03/07 05.02.10 | 000,002,493 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013/03/07 00.59.30 | 000,393,104 | ---- | M] (Softonic ) -- C:\Users\Benetollo\Desktop\SoftonicDownloader_per_microsoft-security-essentials.exe
[2013/03/06 23.05.49 | 014,298,728 | ---- | M] (Kingsoft Corporation) -- C:\Users\Benetollo\Desktop\kav_setup.exe
[2013/03/06 22.57.23 | 002,341,939 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2013/03/06 22.21.14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Benetollo\Desktop\iexplore.exe.exe
[2013/03/06 20.07.12 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2013/03/06 20.07.12 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2013/03/06 12.51.01 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964839612-41541757-475487781-1000Core.job
[2013/03/01 12.55.46 | 000,001,356 | ---- | M] () -- C:\Users\Benetollo\AppData\Local\d3d9caps.dat
[2013/03/01 12.34.02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\RbPBJipVqHrR
[2013/03/01 12.29.49 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-RbPBJipVqHrRr
[2013/03/01 12.29.49 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-RbPBJipVqHrR
[2013/02/27 13.45.30 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/27 13.45.30 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/23 08.27.23 | 000,056,832 | ---- | M] () -- C:\Users\Benetollo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/14 12.21.33 | 095,023,320 | -H-- | M] () -- C:\ProgramData\5606191.pad
[2013/02/14 10.59.29 | 000,373,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 14.34.24 | 000,662,793 | -H-- | M] () -- C:\Users\Benetollo\Desktop\Folgaria_Buono_Vota_Pag1-2.pdf
[2013/01/30 11.53.21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/27 17.17.18 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Harry Potter e la Camera dei Segreti.lnk
[2013/01/25 22.52.10 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 21.59.07 | 000,002,639 | ---- | M] () -- C:\Users\Benetollo\Desktop\Microsoft Office Word 2007.lnk
[2013/01/20 15.59.04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2013/01/08 23.11.21 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/08 23.03.12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/08 23.01.48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/08 23.00.14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/08 22.59.02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/08 22.57.49 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/08 22.56.23 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/08 22.53.13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/07 07.13.50 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/07 07.09.59 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/06 22.50.44 | 002,341,939 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2013/03/06 20.07.12 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/03/06 20.07.12 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/03/06 18.48.38 | 3153,240,064 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/01 11.04.04 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-RbPBJipVqHrRr
[2013/03/01 11.04.03 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-RbPBJipVqHrR
[2013/03/01 11.04.01 | 000,000,168 | -H-- | C] () -- C:\ProgramData\RbPBJipVqHrR
[2013/02/14 11.48.32 | 000,002,802 | ---- | C] () -- C:\ProgramData\5606191.js
[2013/02/14 11.48.30 | 095,023,320 | -H-- | C] () -- C:\ProgramData\5606191.pad
[2013/02/13 14.34.24 | 000,662,793 | -H-- | C] () -- C:\Users\Benetollo\Desktop\Folgaria_Buono_Vota_Pag1-2.pdf
[2013/01/27 17.17.18 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Harry Potter e la Camera dei Segreti.lnk
[2012/11/08 15.58.44 | 000,000,000 | -H-- | C] () -- C:\Users\Benetollo\AppData\Roaming\SharedSettings.ccs
[2012/10/23 11.39.34 | 000,004,127 | -H-- | C] () -- C:\Users\Benetollo\AppData\Local\unins000.dat
[2012/10/11 11.14.34 | 083,023,306 | -H-- | C] () -- C:\ProgramData\87_fg.pad
[2012/10/11 11.14.23 | 083,023,306 | -H-- | C] () -- C:\ProgramData\0tbpw.pad
[2012/08/23 12.53.57 | 001,776,968 | ---- | C] () -- C:\Users\Benetollo\FreeiSMS-1.13.sis
[2012/04/13 11.38.25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/13 11.38.22 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/13 11.38.21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/13 11.37.37 | 005,243,208 | ---- | C] ( ) -- C:\Users\Benetollo\AppData\Roaming\AvsP.exe
[2012/01/13 12.10.45 | 000,285,245 | -H-- | C] () -- C:\Users\Benetollo\AppData\Local\census.cache
[2012/01/13 12.10.25 | 000,239,759 | -H-- | C] () -- C:\Users\Benetollo\AppData\Local\ars.cache
[2012/01/13 11.59.06 | 000,000,036 | -H-- | C] () -- C:\Users\Benetollo\AppData\Local\housecall.guid.cache
[2011/11/10 10.34.40 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/08/12 18.27.27 | 000,001,356 | ---- | C] () -- C:\Users\Benetollo\AppData\Local\d3d9caps.dat
[2011/07/15 18.43.41 | 000,011,658 | -HS- | C] () -- C:\Users\Benetollo\AppData\Local\hw1bknq874beni6e51i228tag
[2011/07/15 18.43.41 | 000,011,658 | -HS- | C] () -- C:\ProgramData\hw1bknq874beni6e51i228tag
[2011/03/30 19.43.31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/03/04 22.20.24 | 000,056,832 | ---- | C] () -- C:\Users\Benetollo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 13.43.46 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat
[2010/06/25 13.53.09 | 000,115,200 | ---- | C] () -- C:\Users\Benetollo\1040.MST
[2010/06/25 13.53.09 | 000,015,390 | ---- | C] () -- C:\Users\Benetollo\0x0410.ini
[2010/06/25 13.52.58 | 097,979,392 | ---- | C] () -- C:\Users\Benetollo\Samsung New PC Studio.msi
[2008/09/25 12.25.43 | 000,682,679 | -H-- | C] () -- C:\Users\Benetollo\AppData\Roaming\mdbu.bin

========== ZeroAccess Check ==========

[2013/01/25 22.24.02 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\@
[2013/01/25 22.24.02 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\L
[2013/02/04 16.47.30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\U
[2006/11/02 13.51.16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/02 18.43.19 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Acwimo
[2009/12/02 15.44.02 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\AnvSoft
[2009/12/02 15.27.33 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Any Video Converter
[2013/03/04 16.33.23 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Arwup
[2013/03/06 10.59.00 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Beugl
[2013/03/07 00.04.37 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Couror
[2012/01/29 19.24.36 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Downloaded Installations
[2013/03/06 19.58.58 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\DriverCure
[2012/05/22 17.22.47 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Dropbox
[2012/10/23 11.06.46 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\EmoticoonsToolbar
[2013/03/05 11.06.03 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Eqamev
[2012/04/27 13.16.46 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Ewasl
[2013/03/03 12.03.02 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Facebook
[2010/06/13 14.13.13 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\FissaSearch
[2013/03/07 12.36.08 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Fiurxi
[2010/06/13 14.01.19 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\freeTVRadio
[2012/04/23 17.50.57 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Fudol
[2012/04/27 12.52.38 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Fyebo
[2012/12/27 22.56.25 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Geko
[2008/10/23 17.35.47 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\HiYo
[2012/11/19 21.16.57 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Image Zone Express
[2013/01/12 19.39.21 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\IObit
[2010/11/26 09.29.39 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\it.vodafone.counterswidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2012/03/15 17.45.32 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\it.vodafone.desktopwidget
[2010/11/26 09.27.29 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2012/02/02 19.48.37 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Izsox
[2012/12/15 14.35.37 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\KeePass
[2012/10/30 19.34.51 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\LaunchPad
[2009/03/13 09.30.52 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Leadertech
[2012/01/29 19.29.14 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Nitro PDF
[2010/01/10 19.15.13 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Nokia
[2012/11/08 15.53.40 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\OfferBox
[2013/01/28 18.06.30 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\PC Suite
[2009/05/18 19.37.06 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Philips
[2008/12/21 12.32.20 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Printer Info Cache
[2013/03/05 11.06.03 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Qiis
[2010/06/25 13.59.10 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Samsung
[2009/01/13 11.31.29 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Software Informer
[2013/03/06 19.58.57 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\SpeedyPC Software
[2013/03/06 10.59.00 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Syopi
[2013/03/06 22.48.45 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\TestApp
[2008/08/11 20.28.30 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\TomTom
[2013/03/06 10.59.00 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Uspywe
[2013/03/07 12.52.35 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\uTorrent
[2013/03/05 11.06.03 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\Wepuga
[2010/11/01 20.02.01 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Windows Live Writer
[2012/10/23 11.35.58 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 568 bytes -> C:\Windows\System32\drivers\ycarakha.sys:changelist
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Secondo file (Extras):
OTL Extras logfile created on: 07/03/2013 12.22.00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benetollo\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,94 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 34,59% Memory free
6,08 Gb Paging File | 4,27 Gb Available in Paging File | 70,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 29,51 Gb Free Space | 13,36% Space Free | Partition Type: NTFS
Drive D: | 118,48 Mb Total Space | 109,21 Mb Free Space | 92,17% Space Free | Partition Type: FAT

Computer Name: PC-BENETOLLO | User Name: Benetollo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE404A9-683D-C686-6CCA-1AEF3EBBED73}" = My 190
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C1ED1BF-B7B9-4DED-90E2-B9B0C1ED12C1}" = IObit Toolbar v6.9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = MediaConverter 2.5 for Philips
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}" = HiYo
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980B9958-1239-4FC5-8C88-AC5650321040}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6F2308-19FF-422D-9C87-3594EF27CF97}" = HDregIT
"{AC76BA86-7AD7-1040-7B44-A80000000000}" = Adobe Reader 8 - Italiano
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DCFB8DFD-EA58-4CEB-9C20-ECB825173568}_is1" = AlphaTESTER 4.0
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5413DC1-1278-4BE5-A3A4-C947436EF7EB}_is1" = SocialPlus! 2.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE4D51F0-FF96-00AF-5D2E-E703C44FC73D}" = Widget Contatori
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pacchetto driver Windows - Nokia Modem (02/15/2007 3.1)
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Pacchetto driver Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pacchetto driver Windows - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Any Video Converter_is1" = Any Video Converter 3.0.1
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5559
"AviSynth" = AviSynth 2.5
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pacchetto driver Windows - Nokia Modem (02/15/2007 3.1)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Proteggi i tuoi dati
"CCleaner" = CCleaner
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pacchetto driver Windows - Nokia Modem (05/24/2007 6.84.0.1)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EsetOnlineScanner" = ESET Online Scanner
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Desktop" = Google Desktop
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = Google Desktop
"GoogleToolbar" = GoogleToolbar
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HiYo" = HiYo
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"it.vodafone.counterswidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1" = Widget Contatori
"it.vodafone.desktopwidget" = My 190
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"LCDTest" = Packard Bell LCD Test
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Pacchetto di driver di Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"Messenger Plus! Live" = Messenger Plus! Live
"METABOLI" = Metaboli
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MioFotografo.it MyComposer_is1" = MioFotografo.it MyComposer 5.0
"Nero8" = Nero 8 Essentials
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Picasa_2" = Picasa2
"Picasa2" = Picasa 2
"PowerCinema6" = Power Cinema 6
"Radio_Bar_2 Toolbar" = Radio Bar 2 Toolbar
"rPat Ib_is1" = rPat Ib - ver. 4.00
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SETUPMYPC_IT" = SetUp My PC
"SKYPE" = Skype 3.6.2.248
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TripAdvisor Screensaver" = Screensaver di TripAdvisor
"TVAnts ActiveX Control 1.0" = TVAnts ActiveX Control 1.0
"UltraDefrag" = Ultra Defragmenter
"Updator" = Packard Bell Updator
"uTorrent" = µTorrent
"VIDEO_NVIDIA_GOB" = Video NVIDIA V163.96
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1964839612-41541757-475487781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CercatoToolbar" = Cercato Toolbar
"Facebook Plug-In" = Facebook Plug-In
"gwp-DEFAULT" = GreenWebPlayer
"Redditest" = Redditest

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/03/2013 1.45.10 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 1.45.48 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 1.45.48 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 1.46.24 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 1.46.24 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.02.51 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.02.52 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.03.01 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.03.01 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.05.23 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.05.23 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.09.26 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.09.26 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.10.06 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 07/03/2013 2.10.06 | Computer Name = PC-Benetollo | Source = SideBySide | ID = 16842830
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe". Errore nel file manifesto o dei criteri
"", riga . Una versione del componente richiesta dall'applicazione è in conflitto
con un'altra versione del componente già attiva. Componenti in conflitto:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

[ OSession Events ]
Error - 26/06/2009 6.34.05 | Computer Name = PC-Benetollo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/11/2010 9.21.03 | Computer Name = PC-Benetollo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/12/2010 8.31.52 | Computer Name = PC-Benetollo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/05/2011 6.00.43 | Computer Name = PC-Benetollo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/03/2013 2.05.08 | Computer Name = PC-Benetollo | Source = PlugPlayManager | ID = 11
Description = Il dispositivo Root\LEGACY_SASKUTIL\0000 è scomparso dal sistema senza
essere stato prima preparato per la rimozione.

Error - 07/03/2013 2.21.10 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: Origine aggiornamento:
%%815 Fase aggiornamento: %%854 Percorso aggiornamento: Tipo firma: %%886 Tipo aggiornamento:
%%803 Utente: PC-Benetollo\Benetollo Versione motore corrente: Versione motore precedente:
Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo o del servizio di
dipendenza non riuscito.

Error - 07/03/2013 2.21.10 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2003
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
del motore. Versione nuovo motore: Versione motore precedente: Tipo motore: %%886

Utente:
PC-Benetollo\Benetollo Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo
o del servizio di dipendenza non riuscito.

Error - 07/03/2013 2.21.13 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: 0.0.0.0 Origine aggiornamento:
%%851 Fase aggiornamento: %%854 Percorso aggiornamento: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Tipo
firma: %%886 Tipo aggiornamento: %%803 Utente: PC-Benetollo\Benetollo Versione motore
corrente: Versione motore precedente: 0.0.0.0 Codice errore: 0x8007042c Descrizione
errore: Avvio del gruppo o del servizio di dipendenza non riuscito.

Error - 07/03/2013 2.23.26 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: Origine aggiornamento:
%%815 Fase aggiornamento: %%854 Percorso aggiornamento: Tipo firma: %%886 Tipo aggiornamento:
%%803 Utente: PC-Benetollo\Benetollo Versione motore corrente: Versione motore precedente:
Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo o del servizio di
dipendenza non riuscito.

Error - 07/03/2013 2.23.26 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2003
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
del motore. Versione nuovo motore: Versione motore precedente: Tipo motore: %%886

Utente:
PC-Benetollo\Benetollo Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo
o del servizio di dipendenza non riuscito.

Error - 07/03/2013 2.23.29 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: 0.0.0.0 Origine aggiornamento:
%%851 Fase aggiornamento: %%854 Percorso aggiornamento: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Tipo
firma: %%886 Tipo aggiornamento: %%803 Utente: PC-Benetollo\Benetollo Versione motore
corrente: Versione motore precedente: 0.0.0.0 Codice errore: 0x8007042c Descrizione
errore: Avvio del gruppo o del servizio di dipendenza non riuscito.

Error - 07/03/2013 2.23.49 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: Origine aggiornamento:
%%815 Fase aggiornamento: %%854 Percorso aggiornamento: Tipo firma: %%886 Tipo aggiornamento:
%%803 Utente: PC-Benetollo\Benetollo Versione motore corrente: Versione motore precedente:
Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo o del servizio di
dipendenza non riuscito.

Error - 07/03/2013 2.23.49 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2003
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
del motore. Versione nuovo motore: Versione motore precedente: Tipo motore: %%886

Utente:
PC-Benetollo\Benetollo Codice errore: 0x8007042c Descrizione errore: Avvio del gruppo
o del servizio di dipendenza non riuscito.

Error - 07/03/2013 2.23.52 | Computer Name = PC-Benetollo | Source = Microsoft Antimalware | ID = 2001
Description = %%860 ha rilevato un errore durante il tentativo di aggiornamento
delle firme. Versione nuova firma: Versione firma precedente: 0.0.0.0 Origine aggiornamento:
%%851 Fase aggiornamento: %%854 Percorso aggiornamento: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Tipo
firma: %%886 Tipo aggiornamento: %%803 Utente: PC-Benetollo\Benetollo Versione motore
corrente: Versione motore precedente: 0.0.0.0 Codice errore: 0x8007042c Descrizione
errore: Avvio del gruppo o del servizio di dipendenza non riuscito.

< End of report >

shapiro

Inviato: Thursday, March 07, 2013 8:21:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

hai un misto di infezioni oltre lo zero access ti sei preso anche l'Ukash (finta Polizia di Stato ed altro) preferirei fare un primo passaggio con combofix

scaricalo da qui e mettilo sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

grinta

Inviato: Friday, March 08, 2013 8:31:16 AM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Purtroppo,ho provato e riprovato:combofix si avvia ma dopo pochi minuti si blocca in una schermata blu in cui dice che normalmente la scansione dura 10 minuti ma può durare il doppio in presenza di gravi infezioni:ho atteso tutta la notte ma da quella schermata il programma non si è più sbloccato.Ora il PC è ancora più lento e al riavvio appaiono vari messaggi(tipo updater.exe ha smesso di funzionare....).Mi sa che siamo al capolinea.... Think

Think

colpodifrusta

Inviato: Friday, March 08, 2013 9:05:09 AM

Rank: AiutAmico

Iscritto dal : 11/4/2010
Posts: 682

grinta ha scritto:

Purtroppo,ho provato e riprovato:combofix si avvia ma dopo pochi minuti si blocca in una schermata blu in cui dice che normalmente la scansione dura 10 minuti ma può durare il doppio in presenza di gravi infezioni:ho atteso tutta la notte ma da quella schermata il programma non si è più sbloccato.Ora il PC è ancora più lento e al riavvio appaiono vari messaggi(tipo updater.exe ha smesso di funzionare....).Mi sa che siamo al capolinea.... Think

Think

Se un computer (il tuo computer) è messo così male, penso che potresti risolvere solo con una formattazione e reinstallazione del SO altrimenti, come noto, andrai avanti per settimane senza risolvere un bel niente.
Non ho letto tutto ma, hai provato con un ripristino ad una data precedente all' inconveniente ?

grinta

Inviato: Friday, March 08, 2013 9:15:58 AM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Ovviamente ho provato il ripristino configurazione sistema ma senza beneficio.

shapiro

Inviato: Friday, March 08, 2013 11:07:04 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

dammi il tempo di prepararti una procedura per rimuovere le infezioni, poi riproveremo con combofix

=======================================

ora apri otl e copia sotto "Custom Scans\Fixes" questo testo ( non copiare CODE)

Code:

:OTL
SRV - (Application Updater) -- C:\Programmi\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKLM\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Users\Benetollo\AppData\Roaming\OfferBox\offerboxffx@offerbox.com [2013/03/03 12.03.04 | 000,000,000 | ---D | M]
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Programmi\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\6.9\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Cercato Toolbar) - {545D2280-F50E-4F81-BF5A-CD04A6512CE2} - C:\Programmi\PopCorn\it\Toolbar\PopCorn.dll (E-Kanopi)
O3 - HKLM\..\Toolbar: (Radio Bar 2 Toolbar) - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1964839612-41541757-475487781-1000\..\Toolbar\WebBrowser: (Radio Bar 2 Toolbar) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - C:\Programmi\Radio_Bar_2\tbRadi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-1964839612-41541757-475487781-1000..\Run: [Ylizulynke] C:\Users\Benetollo\AppData\Roaming\Fiurxi\uqudz.exe ()
O13 - gopher Prefix: missing
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
[2013/03/06 19.58.57 | 000,000,000 | ---D | C] -- C:\Users\Benetollo\AppData\Roaming\SpeedyPC Software
[2013/03/06 19.54.38 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/01 20.34.27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot(4289)
[2013/03/01 20.34.27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar(4386)
[2013/02/13 13.36.04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/02/13 13.36.04 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/07/15 18.43.41 | 000,011,658 | -HS- | C] () -- C:\Users\Benetollo\AppData\Local\hw1bknq874beni6e51i228tag
[2011/07/15 18.43.41 | 000,011,658 | -HS- | C] () -- C:\ProgramData\hw1bknq874beni6e51i228tag
[2012/10/23 11.06.46 | 000,000,000 | -H-D | M] -- C:\Users\Benetollo\AppData\Roaming\EmoticoonsToolbar
[2012/11/08 15.53.40 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\OfferBox
[2013/03/06 19.58.57 | 000,000,000 | ---D | M] -- C:\Users\Benetollo\AppData\Roaming\SpeedyPC Software
@Alternate Data Stream - 568 bytes -> C:\Windows\System32\drivers\ycarakha.sys:changelist
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

:Files
C:\Users\Benetollo\AppData\Roaming\Fiurxi
C:\Users\Benetollo\AppData\Roaming\Uspywe
C:\Users\Benetollo\AppData\Roaming\Syopi
C:\Users\Benetollo\AppData\Roaming\Beugl
C:\Users\Benetollo\AppData\Roaming\Acwimo
C:\Users\Benetollo\AppData\Roaming\Arwup
C:\Users\Benetollo\AppData\Roaming\Eqamev
C:\Users\Benetollo\AppData\Roaming\Fudol
C:\Users\Benetollo\AppData\Roaming\Fyebo
C:\Users\Benetollo\AppData\Roaming\Geko
C:\Users\Benetollo\AppData\Roaming\HiYo
C:\Users\Benetollo\AppData\Roaming\Izsox
C:\Users\Benetollo\AppData\Roaming\Wepuga
C:\ProgramData\RbPBJipVqHrR
C:\ProgramData\-RbPBJipVqHrRr
C:\ProgramData\-RbPBJipVqHrR
C:\ProgramData\5606191.pad
C:\ProgramData\-RbPBJipVqHrRr
C:\ProgramData\-RbPBJipVqHrR
C:\ProgramData\RbPBJipVqHrR
C:\ProgramData\5606191.js
C:\ProgramData\5606191.pad
C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\@
C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\L
C:\$Recycle.Bin\S-1-5-18\$ed001e6bc7de8df218a57a39ae386d41\U
C:\ProgramData\87_fg.pad
C:\ProgramData\0tbpw.pad
C:\Users\Benetollo\AppData\Roaming\Qiis
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Reboot]

clicca su RUN FIX .......attendi la fine della scansione poi posta il log che rilascia, lo trovi nella cartella di otl, e' un log con dei numeri

appena finito ti diro' come proseguire

grinta

Inviato: Friday, March 08, 2013 2:30:41 PM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Allora:non riuscivo a riavviare il PC.Ho dovuto accedere a modalità provvisoria,fare un ripristino configurazione di sistema (al 27 Febbraio) e sono così riuscito a riavviare.Ho riscaricato OTL e fatto come hai detto ma purtroppo il programma dopo pochi secondi si blocca (non risponde).Ho provato 2 volte ma niente,continua a bloccarsi.

shapiro

Inviato: Friday, March 08, 2013 3:58:54 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Commenta:

Ho dovuto accedere a modalità provvisoria,fare un ripristino configurazione di sistema (al 27 Febbraio)

grinta se vuoi seguire le mie indicazioni saro' felice di aiutarti, se vuoi invece farti aiutare a formattare da chi ha tempo da perdere e' un altro conto

apri otl e clica su ''cleanup''

scaricalo nuovamente e riipeti la procedura con il codice che ti ho postato, se si blocca prova da provvisoria

grinta

Inviato: Friday, March 08, 2013 8:40:59 PM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Ma certo che voglio seguirti,anche perchè non so come formattare.Domani avrò un pò di tempo e farò come hai detto.Ora devo lavorare tutta la notte(sic!).Intanto grazie.

grinta

Inviato: Saturday, March 09, 2013 11:02:22 AM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Niente da fare,OTL si blocca subito,anche in modalità provvisoria.

r16

Inviato: Saturday, March 09, 2013 11:20:28 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao Shap.
Prova con RogueKiller.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Questo tool uccide i processi attivi dell'infezione.
Una volta eliminati quelli, sei a metà dell'opera.
Inoltre segnala anche Zero Access, ed eventuali altre infezioni collegate.
Istruzioni per l'uso:
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita la pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, clicca su "Report" troverai il log sul desktop.
Postalo qui
Ciao!

grinta

Inviato: Saturday, March 09, 2013 11:40:51 AM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

Fatto.Devo cliccare sul tasto cancella?O sul tasto ripara collegamenti?
RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Benetollo [Admin rights]
Mode : Scan -- Date : 03/09/2013 11:39:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : lniobbe (rundll32 "C:\Users\Benetollo\AppData\Local\lniobbe.dll",lniobbe) [-] -> Trovato
[RUN][SUSP PATH] HKUS\S-1-5-21-1964839612-41541757-475487781-1000[...]\Run : lniobbe (rundll32 "C:\Users\Benetollo\AppData\Local\lniobbe.dll",lniobbe) [-] -> Trovato
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 7bf095fd8065aaf9a9d2d69b6a598ac1
[BSP] 71696f6a6471a3a09c8f7fc413b16420 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 226182 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6ec0745909dfc7b92bae73b95ae268bc
[BSP] 71696f6a6471a3a09c8f7fc413b16420 : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 226182 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488395120 | Size: 0 Mo

Finished : << RKreport[1]_S_03092013_02d1139.txt >>
RKreport[1]_S_03092013_02d1139.txt

r16

Inviato: Saturday, March 09, 2013 12:14:30 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Clicca sul tab "Registry"
Metti la spunta a queste voci:

[RUN][SUSP PATH] HKCU\[...]\Run : lniobbe (rundll32 "C:\Users\Benetollo\AppData\Local\lniobbe.dll",lniobbe) [-] -> Trovato

[RUN][SUSP PATH] HKUS\S-1-5-21-1964839612-41541757-475487781-1000[...]\Run : lniobbe (rundll32 "C:\Users\Benetollo\AppData\Local\lniobbe.dll",lniobbe) [-] -> Trovato

E TOGLI la spunta a TUTTE le altre.

Clicca su Cancella.
Finite le eliminazioni clicca su Report.
Postalo qui.

Poi fai subito una scansione completa con Malwarebytes. (ricorda di AGGIORNARLO prima della scansione)
Elimina quello che trova.
Posta il log.

grinta

Inviato: Saturday, March 09, 2013 12:21:13 PM

Rank: Member

Iscritto dal : 8/8/2007
Posts: 27

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Benetollo [Admin rights]
Mode : Scan -- Date : 03/09/2013 12:20:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 7bf095fd8065aaf9a9d2d69b6a598ac1
[BSP] 71696f6a6471a3a09c8f7fc413b16420 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 226182 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6ec0745909dfc7b92bae73b95ae268bc
[BSP] 71696f6a6471a3a09c8f7fc413b16420 : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 226182 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488395120 | Size: 0 Mo

Finished : << RKreport[3]_S_03092013_02d1220.txt >>
RKreport[1]_S_03092013_02d1139.txt ; RKreport[2]_D_03092013_02d1205.txt ; RKreport[3]_S_03092013_02d1220.txt

r16

Inviato: Saturday, March 09, 2013 1:35:34 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Finita la scansione con Malwarebytes e postato il log, fai una scansione con TDSSKiller:

Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Estrai i dati in una cartella e fai doppio clik su TDSSKiller.exe
Clicca su:
Change parameters.
Metti la spunta su "detect tdlfs file system" e "verify file digital signature"
Clicca OK.
Poi clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà "skip",clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.

Per postare i log:
Collegati ad internet e vai alla pagina WikiSend:
http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

Utenti presenti in questo topic

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto sono infettato (BDS zero acces e Win32 Agent?)

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded