Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

startq.one8 Opzioni
lunanera-nera
Inviato: Saturday, November 02, 2013 9:28:22 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
si è installata facendo un aggiornamento java e non riesco a toglierlo in nessun modo. mi ha cambiato le pagine iniziali dei browser ma sui programmi non riesco a trovarlo. reimposto le pagine dei browser ma non funziona. ho usato il malware ma niente .
aiutoooooooo
sistema operativo xp
grazie
Sponsor
Inviato: Saturday, November 02, 2013 9:28:22 PM

 
shapiro
Inviato: Saturday, November 02, 2013 9:38:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao fai queste due scansioni, la prima elimina i vari adware la seconda li segnala soltanto( li eliminiamo dopo che avro' letto il log


SCARICA SUL DESKTOP adwcleaner

clicca su scan e poi su ''clean'' conferma con OK le varie finestre che ti compariranno.

alla fine clicca su Report e allega il contenuto

ATTENZIONE

Se hai Avira come antivirus, il software utilizza ASK Toolbar che fa parte della sicurezza del programma, quindi procedi cosi':

Apri Adwcleaner e clicca sul ? in alto a sinistra.
Clicca su opzioni.
Metti la spunta su :
DisableAskDetection
Clicca OK.


Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
cbbusto
Inviato: Saturday, November 02, 2013 11:20:38 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao shapiro ben tornato. Applause Speak to the hand
lunanera-nera
Inviato: Sunday, November 03, 2013 3:59:01 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
che cosa è wikisend?
lunanera-nera
Inviato: Sunday, November 03, 2013 4:07:09 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
# AdwCleaner v3.010 - Report created 03/11/2013 at 16:03:51
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ANTONELLA - ANTONELLA
# Running from : C:\Documents and Settings\ANTONELLA\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update SaltarSmart

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Menu Avvio\Programmi\registry mechanic
Folder Deleted : C:\Programmi\Conduit
Folder Deleted : C:\Programmi\FromDocToPDF_65
Folder Deleted : C:\Programmi\registry mechanic
Folder Deleted : C:\Programmi\SaltarSmart
Folder Deleted : C:\Documents and Settings\ANTONELLA\Dati applicazioni\FromDocToPDF_65
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\qone8.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox\Mozilla Firefox (Modalità provvisoria).lnk
Shortcut Disinfected : C:\Documents and Settings\ANTONELLA\Menu Avvio\Programmi\Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\ANTONELLA\Menu Avvio\Programmi\Accessori\Utilità di sistema\Internet Explorer (nessun componente aggiuntivo).lnk
Shortcut Disinfected : C:\Documents and Settings\ANTONELLA\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Avvia il browser Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\ANTONELLA\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SaltarSmart
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AedgePerformanceBCN
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SaltarSmart
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Firefox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaltarSmart

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v24.0 (it)

[ File : C:\Documents and Settings\ANTONELLA\Dati applicazioni\Mozilla\Firefox\Profiles\3empajcj.default-1383423529437\prefs.js ]


*************************

AdwCleaner[R0].txt - [13012 octets] - [03/11/2013 16:03:09]
AdwCleaner[S0].txt - [11684 octets] - [03/11/2013 16:03:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11745 octets] ##########
shapiro
Inviato: Sunday, November 03, 2013 4:42:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
manca la scansione con otl


Commenta:

ciao shapiro ben tornato


ciao cbbusto Drool
lunanera-nera
Inviato: Sunday, November 03, 2013 5:34:10 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
OTL

OTL logfile created on: 03/11/2013 16.13.08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ANTONELLA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 77,04% Memory free
5,09 Gb Paging File | 4,39 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 200,20 Gb Total Space | 169,94 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive D: | 498,43 Gb Total Space | 38,67 Gb Free Space | 7,76% Space Free | Partition Type: NTFS

Computer Name: ANTONELLA | User Name: ANTONELLA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ANTONELLA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\PhotoJoy\Bin\PjApp.exe (IncrediMail, Ltd.)
PRC - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe (Sunbelt Software)
PRC - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe (Sunbelt Software)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\Program Files\D-Link\DSL-200\DslStat.exe (GlobespanVirata, Inc.)
PRC - C:\Program Files\D-Link\DSL-200\dslagent.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
MOD - C:\Programmi\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programmi\PhotoJoy\Bin\NeoComm.dll ()
MOD - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA ()
MOD - C:\Programmi\PhotoJoy\Bin\Im3DEngine.dll ()
MOD - C:\Programmi\PhotoJoy\Bin\IMHttpComm.dll ()
MOD - C:\Programmi\Sunbelt Software\Personal Firewall\PocoXML.dll ()
MOD - C:\Programmi\Sunbelt Software\Personal Firewall\PocoFoundation.dll ()
MOD - C:\Programmi\Sunbelt Software\Personal Firewall\PocoExt.dll ()
MOD - C:\Programmi\Sunbelt Software\Personal Firewall\ssleay32.dll ()
MOD - C:\Programmi\Sunbelt Software\Personal Firewall\libeay32.dll ()
MOD - C:\WINDOWS\system32\PAStiSvc.exe ()
MOD - C:\Program Files\D-Link\DSL-200\DbgMode.dll ()
MOD - C:\Program Files\D-Link\DSL-200\dslagent.exe ()


========== Services (SafeList) ==========

SRV - (WLSetupSvc) -- File not found
SRV - (JavaQuickStarterService) -- C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avg9wd) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Programmi\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (MDM) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (KPF4) -- C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe (Sunbelt Software)
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (Video3D) -- System32\Drivers\Video3D32.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ANTONE~1\IMPOST~1\Temp\catchme.sys File not found
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (AtmLane) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)
DRV - (AtmElan) -- C:\WINDOWS\system32\drivers\atmlane.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (khips) -- C:\WINDOWS\system32\drivers\khips.sys (Sunbelt Software)
DRV - (fwdrv) -- C:\WINDOWS\system32\drivers\fwdrv.sys (Sunbelt Software)
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()
DRV - (atmusb) -- C:\WINDOWS\system32\drivers\gaausb.sys (GlobespanVirata Inc.)
DRV - (Atmuni) -- C:\WINDOWS\system32\drivers\atmuni.sys (Microsoft Corporation)
DRV - (Rawwan) -- C:\WINDOWS\system32\drivers\rawwan.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.it/
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{17AE5B4F-2FF2-4D73-BEC7-6F01F3214D64}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{1BDB2C28-CFE6-4F5B-B2C0-0BD36A5C74C5}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vl%3D
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{515173d2-4bdb-4019-918f-9fbcfb876729}: "URL" = http://www.cercato.it/?search&q={searchTerms}
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{6332AC39-4E9C-4F16-AF31-4C937CAFD178}: "URL" = http://search.microsoft.com/results.aspx?mkt=it-IT&setlang=it-IT&q={searchTerms}
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{C898C3A5-7496-46BB-9368-686F14043A48}: "URL" = http://cerca.lycos.it/cgi-bin/pursuit?query={searchTerms}&NDB=asp_lycos&id_window=120&tld=all&family=off&cat=it
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{DA5B15C6-CBF1-4DA3-886E-A4A94386F1D3}: "URL" = http://it.wikipedia.org/wiki/{searchTerms}
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\SearchScopes\{DD28C976-9686-49CB-9911-62B792EA4870}: "URL" = http://search.avg.com/?d=4dc02f8b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.it/webhp?gws_rd=cr&ei=1V51UpPSD-Hn4gSOxoCYAQ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Programmi\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programmi\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2012/08/22 13.23.54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/09/18 13.33.22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/10/16 14.16.18 | 000,000,000 | ---D | M]

[2011/09/21 06.56.58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Mozilla\Extensions
[2013/11/02 21.26.52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Mozilla\Firefox\Profiles\3empajcj.default-1383423529437\extensions
[2013/09/18 13.33.22 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/09/18 13.33.22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 13.33.21 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/09/18 13.33.31 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/10/14 09.16.20 | 000,479,977 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14973 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe (GlobespanVirata, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-790525478-1123561945-725345543-1003..\Run: [PhotoJoy] C:\Programmi\PhotoJoy\bin\PhotoJoy.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-790525478-1123561945-725345543-1003..\Run: [uTorrent] C:\Programmi\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\ANTONELLA\Menu Avvio\Programmi\Esecuzione automatica\D-Link Dial-Up PPP Connection.lnk = File not found
O4 - Startup: C:\Documents and Settings\ANTONELLA\Menu Avvio\Programmi\Esecuzione automatica\Start Firewall.lnk = C:\WINDOWS\system32\net.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235325704140 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35F708AD-746B-4862-9AD9-37271FC32F86}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ANTONELLA\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ANTONELLA\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/17 10.31.04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{754a9e5f-2af3-11de-9f1d-0019dbce9d77}\Shell\AutoRun\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dcibot.exe
O33 - MountPoints2\{754a9e5f-2af3-11de-9f1d-0019dbce9d77}\Shell\open\command - "" = M:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dcibot.exe
O33 - MountPoints2\{fff0bd8d-15e7-11df-9f6c-0019dbce9d77}\Shell\AutoRun\command - "" = L:\pozuda/malena.exe
O33 - MountPoints2\{fff0bd8d-15e7-11df-9f6c-0019dbce9d77}\Shell\explore\command - "" = L:\pozuda/malena.exe
O33 - MountPoints2\{fff0bd8d-15e7-11df-9f6c-0019dbce9d77}\Shell\open\command - "" = L:\pozuda/malena.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/11/03 16.02.56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 16.01.40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ANTONELLA\Desktop\OTL.exe
[2013/11/02 21.31.26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ANTONELLA\Recent
[2013/11/02 21.29.22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/02 21.18.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANTONELLA\Desktop\Dati precedenti di Firefox
[2013/11/02 19.31.39 | 000,000,000 | ---D | C] -- C:\Programmi\Enigma Software Group
[2013/11/02 19.30.47 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2013/11/02 19.05.02 | 000,000,000 | ---D | C] -- C:\Programmi\Uninstaller
[2013/10/16 14.17.16 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2013/10/16 14.16.58 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/16 14.16.58 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/16 14.16.51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/16 14.16.51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/16 14.16.51 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/16 14.16.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[2013/10/09 16.54.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Tracker Software
[2013/10/09 16.53.05 | 000,000,000 | ---D | C] -- C:\Programmi\Tracker Software
[2013/10/09 16.52.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Package Cache
[2013/10/09 11.50.23 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/09/18 13.33.20 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ANTONELLA\Desktop\*.tmp files -> C:\Documents and Settings\ANTONELLA\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/11/03 16.06.15 | 000,186,500 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/11/03 16.05.42 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 16.05.39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/03 16.01.35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ANTONELLA\Desktop\OTL.exe
[2013/11/03 15.59.17 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\ANTONELLA\Desktop\adwcleaner.exe
[2013/11/03 15.53.00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/03 15.50.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/03 13.15.11 | 142,121,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/11/02 21.54.03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/02 19.18.03 | 000,715,281 | ---- | M] () -- C:\Documents and Settings\ANTONELLA\Desktop\bookmarks.html
[2013/10/26 22.29.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/19 21.37.54 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\ANTONELLA\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/16 14.16.41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/16 14.16.40 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/16 14.16.40 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/16 14.16.40 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/16 14.16.40 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/16 14.15.58 | 000,479,616 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/10/16 14.15.58 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/16 14.15.58 | 000,079,950 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/10/16 14.15.58 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/10 17.14.12 | 001,029,088 | ---- | M] () -- C:\Documents and Settings\ANTONELLA\Desktop\img167.jpg
[2013/10/09 13.02.58 | 000,119,599 | ---- | M] () -- C:\Documents and Settings\ANTONELLA\Desktop\Domanda di preiscrizione II° Annualità.pdf
[2013/10/09 12.50.25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/09 12.50.25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/09 12.50.23 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ANTONELLA\Desktop\*.tmp files -> C:\Documents and Settings\ANTONELLA\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/03 15.59.18 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Desktop\adwcleaner.exe
[2013/11/02 19.18.02 | 000,715,281 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Desktop\bookmarks.html
[2013/10/10 17.14.11 | 001,029,088 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Desktop\img167.jpg
[2013/10/09 13.03.05 | 000,119,599 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Desktop\Domanda di preiscrizione II° Annualità.pdf
[2009/12/12 11.33.32 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\default.rss
[2009/02/22 21.53.37 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\ANTONELLA\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/02/22 19.41.06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18.13.52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/18 11.34.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2012
[2013/10/10 05.43.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/11/14 11.50.22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/08/18 11.34.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2010/10/23 21.54.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
[2013/10/10 05.42.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Package Cache
[2009/10/28 11.05.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PhotoJoy
[2013/11/02 21.33.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2009/02/22 17.15.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2010/03/03 19.14.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\x-formation
[2009/11/01 18.47.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/21 16.16.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\AISoftware
[2011/09/17 16.49.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Convivea
[2010/01/29 19.24.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Dev-Cpp
[2009/03/02 12.24.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\EPSON
[2010/10/20 18.41.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\GetRightToGo
[2010/10/23 21.50.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\NCH Swift Sound
[2010/10/20 18.50.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\SmartDraw
[2013/10/09 16.54.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Tracker Software
[2013/11/03 16.06.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\uTorrent
[2009/11/08 11.08.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\Windows Live Writer
[2010/03/03 19.14.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\x-formation
[2012/09/10 09.11.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ANTONELLA\Dati applicazioni\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5C321E34

< End of report >
lunanera-nera
Inviato: Sunday, November 03, 2013 5:35:12 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
Extras.txt



OTL Extras logfile created on: 03/11/2013 16.13.08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ANTONELLA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 77,04% Memory free
5,09 Gb Paging File | 4,39 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 200,20 Gb Total Space | 169,94 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive D: | 498,43 Gb Total Space | 38,67 Gb Free Space | 7,76% Space Free | Partition Type: NTFS

Computer Name: ANTONELLA | User Name: ANTONELLA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-790525478-1123561945-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Esplora con XnView] -- "C:\Programmi\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" = C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\PhotoJoy\Bin\PjApp.exe" = C:\Programmi\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy -- (IncrediMail, Ltd.)
"C:\Programmi\PhotoJoy\Bin\PjImp.exe" = C:\Programmi\PhotoJoy\Bin\PjImp.exe:*:Enabled:PhotoJoy -- (IncrediMail, Ltd.)
"C:\Programmi\PhotoJoy\Bin\PhotoJoy.exe" = C:\Programmi\PhotoJoy\Bin\PhotoJoy.exe:*:Enabled:PhotoJoy -- (IncrediMail, Ltd.)
"C:\Programmi\Bonjour\mDNSResponder.exe" = C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programmi\AVG\AVG9\avgemc.exe" = C:\Programmi\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgupd.exe" = C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgnsx.exe" = C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0f189610-84a8-4c75-a9a9-6fdf7708560b}" = mp3PRO Plug-in
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15482D1C-117B-4201-8D39-985A91ED8433}" = PhotoJoy
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{373CDA0D-A5B1-4BCB-8E74-C6337DC4A259}" = Microsoft .NET Framework 2.0 Language Pack - ITA
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74668fb3-37e3-4fc6-b7fc-f4e2d5a9a777}" = Blu-ray Disc Authoring Plug-in
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FF04586-B3AB-4117-855B-D9D9BBD2327C}" = Collage Maker
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95feaa01-f285-4b38-977f-30683b951539}" = Gracenote Plug-in
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9feb511c-0951-41eb-9d97-f4d697588ef1}" = DTS Plug-in
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.0 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C4EE60C6-515F-4BAE-AB76-2D54DBC0875D}" = Trust WB-1200p Mini Webcam
"{c8b14f75-3566-4eaa-8f17-cbb477cfe310}" = Nero BackItUp 4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{df5fbd56-b594-4086-85ad-50a801fc9f7d}" = Nero 9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E659E0EE-10E6-49B7-8696-60F38D0EB174}" = Sunbelt Kerio Personal Firewall
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{e8b7f519-3a70-4a10-acf7-7bdf7906f9bf}" = Nero MediaHome 4
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Supporto applicazioni Apple
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{fb083c35-7e4c-41f4-99ab-f6e010cb8d1b}" = Nero Move it
"AAA Photo Album_is1" = AAA Photo Album 2.10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diagram Designer" = Diagram Designer
"D-Link DSL-200 ADSL Modem" = D-Link DSL-200 ADSL Modem
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 3.20
"eMule Plus_is1" = eMule Plus 1.2d
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software per stampante EPSON
"EPSON Scanner" = EPSON Scan
"ESDX5000_CX4900 Guida utente" = ESDX5000_CX4900 Guida utente
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"FormatFactory" = FormatFactory 1.85
"GeoGebra" = GeoGebra
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{C4EE60C6-515F-4BAE-AB76-2D54DBC0875D}" = Trust WB-1200p Mini Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"Microsoft .NET Framework 2.0 Language Pack - ITA" = Microsoft .NET Framework 2.0 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 24.0 (x86 it)" = Mozilla Firefox 24.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoJoy" = PhotoJoy
"PhotoPad" = PhotoPad Image Editor
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video Converter
"Registry Mechanic_is1" = Registry Mechanic 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"uTorrent" = µTorrent
"VMidi" = vanBasco's Karaoke Player
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
"XnView_is1" = XnView 1.97.4
"Youtube Downloader_is1" = Youtube Downloader 4.51

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/12/2012 16.57.36 | Computer Name = ANTONELLA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo firefox.exe, versione 17.0.1.4715, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 23/01/2013 11.25.35 | Computer Name = ANTONELLA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore shell32.dll, versione 6.0.2900.6072, indirizzo
errore 0x0002b37f.

Error - 31/01/2013 16.27.20 | Computer Name = ANTONELLA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo firefox.exe, versione 18.0.1.4764, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 09/04/2013 12.06.58 | Computer Name = ANTONELLA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore spybotsd.exe, versione 1.6.2.46,
modulo che ha provocato l'errore spybotsd.exe, versione 1.6.2.46, indirizzo errore
0x000049ee.

Error - 12/04/2013 7.50.52 | Computer Name = ANTONELLA | Source = Windows Live Messenger | ID = 1000
Description =

Error - 17/09/2013 12.24.30 | Computer Name = ANTONELLA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo firefox.exe, versione 23.0.1.4974, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 02/11/2013 16.29.34 | Computer Name = ANTONELLA | Source = MsiInstaller | ID = 11721
Description = Prodotto: SpyHunter -- Errore 1721. Si è verificato un problema con
questo pacchetto di Windows Installer. Impossibile eseguire un programma necessario
a completare l'installazione. Contattare il personale di supporto o il fornitore
del pacchetto. Azione: , posizione: WiseCustomCall, comando: g1

[ OSession Events ]
Error - 02/06/2011 8.45.08 | Computer Name = ANTONELLA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/10/2013 0.43.06 | Computer Name = ANTONELLA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.5 dell'indirizzo IP della scheda di rete con indirizzo
0019DBCE9D77 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 26/10/2013 12.43.09 | Computer Name = ANTONELLA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.4 dell'indirizzo IP della scheda di rete con indirizzo
0019DBCE9D77 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 31/10/2013 16.17.04 | Computer Name = ANTONELLA | Source = W32Time | ID = 39452689
Description = Time providerNtpClient: si è verificato un errore durante la ricerca
DNS del peer configurato manualmente 'time.windows.com,0x1'. NtpClient ritenterà
la ricerca DNS fra 15 minuti. Errore Tentativo di operazione del socket verso un
host non raggiungibile. (0x80072751)

Error - 31/10/2013 16.17.04 | Computer Name = ANTONELLA | Source = W32Time | ID = 39452701
Description = Il time provider NtpClient è configurato per acquisire l'ora da una
o più origini dell'ora, ma nessuna origine dell'ora è accessibile attualmente e non
verrà eseguito alcun tentativo di contattare un'origine per 14 minuti. NtpClient
non dispone di alcuna origine di ora esatta.

Error - 01/11/2013 0.43.11 | Computer Name = ANTONELLA | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo
0019DBCE9D77 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 02/11/2013 16.54.23 | Computer Name = ANTONELLA | Source = Service Control Manager | ID = 7023
Description = Servizio HID Input Service terminato con l'errore: %%2

Error - 02/11/2013 16.54.25 | Computer Name = ANTONELLA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Lbd

Error - 03/11/2013 8.09.44 | Computer Name = ANTONELLA | Source = Service Control Manager | ID = 7023
Description = Servizio HID Input Service terminato con l'errore: %%2

Error - 03/11/2013 8.09.46 | Computer Name = ANTONELLA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Lbd

Error - 03/11/2013 11.05.56 | Computer Name = ANTONELLA | Source = Service Control Manager | ID = 7023
Description = Servizio HID Input Service terminato con l'errore: %%2


< End of report >
lunanera-nera
Inviato: Sunday, November 03, 2013 5:35:43 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
eccoli e grazie dell'aiuto
shapiro
Inviato: Sunday, November 03, 2013 5:46:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


mentre controllo

Disattiva temporaneamente l'antivirus

scarica Junkware Removal Tool

clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt

Postalo nel forum e fammi sapere se riscontri sempre il problema

lunanera-nera
Inviato: Sunday, November 03, 2013 5:57:32 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
uso avg gratuito e credo di non riuscire a disattivarlo. non leggo l'opzione disattiva....
shapiro
Inviato: Sunday, November 03, 2013 6:18:24 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


Apri il programma AVG facendo doppio clic sull'icona a 4 colori nella traybar di Windows
doppio clic sul componente Resident Shield
Togli la spunta dal controllo "Resident Shield Attiva"
Clicca sul bottone >>> Salva le modifiche

Attenzione ! Non dimenticare di riattivare le funzionalità del componente Resident Shield dopo aver eseguito le attività che ne richiedevano la disattivazione altrimenti il computer rimane esposto a rischi di infezione.
cbbusto
Inviato: Sunday, November 03, 2013 6:27:55 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
lunanera-nera ha scritto:
uso avg gratuito e credo di non riuscire a disattivarlo. non leggo l'opzione disattiva....


Di AVG hai una versione molto vecchia la 9 ora siamo alla 14, ti consiglio di aggiornarlo. Ciao
Shapiro scusa lintromissione.
lunanera-nera
Inviato: Sunday, November 03, 2013 6:50:44 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
allora questo è il peport che mi avevi chiesto ma con l'avg inserito (vedo solo ora che avevi trovato la soluzione ... ma comunque su explòorer sembra risolto su firefox invece in alcune schede resta lo start ecc
ditemi se lo volete riffatto quest'ultimo senza antivirus.
cbusto provvederò appena possibile grazie ad entrambi

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by ANTONELLA on 03/11/2013 at 18.02.38,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5B725BC8-C263-4783-BE79-D3A812FBB42B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C898C3A5-7496-46BB-9368-686F14043A48}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD28C976-9686-49CB-9911-62B792EA4870}



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Programmi\Mozilla Firefox\searchplugins\avg_igeared.xml"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2013 at 18.24.25,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lunanera-nera
Inviato: Sunday, November 03, 2013 6:51:58 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
quando apro la prima pagina non mi da la presenza poi con l'apertura delle sottomenu delle pagine che cerco mi ritrovo lo start
cbbusto
Inviato: Sunday, November 03, 2013 7:24:26 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
lunanera-nera ha scritto:
quando apro la prima pagina non mi da la presenza poi con l'apertura delle sottomenu delle pagine che cerco mi ritrovo lo start


q.one8 è un motore di ricerca e per eliminarlo, In Firefox vai nella finestra di ricerca clicca sull'icona che vedi e poi vai in Gestione motori di ricerca, vedi tutti i motori installati dovresti trovare q.one8 clic sopra e poi rimuovi OK esci, così si dovrebbe eliminare. Lo start che dici dovrebbe essere questo: start.qone8.com
Poi attendi le istruzioni di shapiro. Ciao
lunanera-nera
Inviato: Sunday, November 03, 2013 7:53:24 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
cbbusto ha scritto:
lunanera-nera ha scritto:
quando apro la prima pagina non mi da la presenza poi con l'apertura delle sottomenu delle pagine che cerco mi ritrovo lo start


q.one8 è un motore di ricerca e per eliminarlo, In Firefox vai nella finestra di ricerca clicca sull'icona che vedi e poi vai in Gestione motori di ricerca, vedi tutti i motori installati dovresti trovare q.one8 clic sopra e poi rimuovi OK esci, così si dovrebbe eliminare. Lo start che dici dovrebbe essere questo: start.qone8.com
Poi attendi le istruzioni di shapiro. Ciao



non c'è tra i motori di ricerca
lunanera-nera
Inviato: Sunday, November 03, 2013 8:01:57 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 451
ragazzi mi pare che non lo faccia più. me lo faceva su questa pagina ma mia figlia si è accorta che me lo scrive come nome del post.
quindi aspetto notizie da voi ma mi pare che il problema sia risolto che ne pensate?
shapiro
Inviato: Sunday, November 03, 2013 8:05:12 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
naviga un po' e se non riscontri piu' il fastidioso problema torna per le pulizie finali


weeee chi si rivede Drool ciao r16 Applause
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.