Visto che mi comparivano dei banner pubblicitari, ho fatto un pò di controlli e Malawarebytes mi ha trovato un pò di robaccia:
Scan Date: 08/09/2014
Scan Time: 16:06:26
Logfile: MAL.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.08.04
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrea
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321295
Time Elapsed: 12 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.exe, 5748, Delete-on-Reboot, [89abb6354a31f3437fc2921ce21f2ad6]
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe, 3524, Delete-on-Reboot, [9e9607e49cdf83b3b988bef0b24fed13]
Modules: 0
(No malicious items detected)
Registry Keys: 26
PUP.Optional.ClearThink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ClearThink, Quarantined, [89abb6354a31f3437fc2921ce21f2ad6],
PUP.Optional.ClearThink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ClearThink, Quarantined, [9e9607e49cdf83b3b988bef0b24fed13],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [3ef6519a5d1ee2543d38b502729060a0],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [3ef6519a5d1ee2543d38b502729060a0],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{06E035F9-C6B3-4AE7-A839-BA68791F5499}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8972B0D-B0FB-4158-A567-365283693AD6}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8972B0D-B0FB-4158-A567-365283693AD6}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{06E035F9-C6B3-4AE7-A839-BA68791F5499}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64, Quarantined, [0a2a995299e28aac903941bd907213ed],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ClearThink, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\ClearThink, Quarantined, [aa8afcefb2c993a37e087de555afa45c],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ClearThink, Quarantined, [64d0d01b205b112592f55c06bf45d32d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9c989556f388ea4c642dad7baa59a759],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [54e049a284f789adfef446f8f11319e7],
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, Quarantined, [54e049a284f789adfef446f8f11319e7]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink, Delete-on-Reboot, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin, Delete-on-Reboot, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [052f05e6a8d3c96d001510abe61c1fe1],
Files: 31
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.exe, Delete-on-Reboot, [89abb6354a31f3437fc2921ce21f2ad6],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe, Delete-on-Reboot, [9e9607e49cdf83b3b988bef0b24fed13],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThinkbho.dll, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi, Quarantined, [191b87643a4149ed2f0a6198818128d8],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys, Quarantined, [0a2a995299e28aac903941bd907213ed],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThink.ico, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\0, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\7za.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThinkUninstall.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.InstallState, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\7za.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\BrowserAdapterS.7z, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b7364.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowseG.zip, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\sqlite3.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.InstallState, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}64.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.Bromon.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BroStats.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserAdapterS.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.CompatibilityChecker.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FeSvc.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FFUpdate.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.IEUpdate.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.PurBrowseG.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
Rogue.Multiple, C:\ProgramData\374311380\BIT41A0.tmp, Quarantined, [052f05e6a8d3c96d001510abe61c1fe1],
Physical Sectors: 0
(No malicious items detected)
allora ho seguito la procedura del forum e ho fatto girare
AWD# AdwCleaner v3.309 - Rapporto creato 08/09/2014 in 16:43:05
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Andrea - ANDREA-PC
# In esecuzione da : C:\Users\Andrea\Downloads\adwcleaner_3.309.exe
# Opzione : Pulisci
***** [ Servizi ] *****
***** [ File / Cartelle ] *****
Cartella Eliminato : C:\Inbox
Cartella Eliminato : C:\Program Files (x86)\SiteLookup
File Eliminato : C:\Users\Andrea\AppData\Local\Temp\Uninstall.exe
File Eliminato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\user.js
***** [ Compiti ] *****
***** [ Collegamenti ] *****
***** [ Registro ] *****
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 it)
[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1130 octets] - [27/07/2014 18:09:54]
AdwCleaner[R1].txt - [1580 octets] - [08/09/2014 16:40:02]
AdwCleaner[S0].txt - [1199 octets] - [27/07/2014 18:10:46]
AdwCleaner[S1].txt - [1516 octets] - [08/09/2014 16:43:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1576 octets] ##########
Poi
OTLOTL logfile created on: 08/09/2014 16:46:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,52% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 162,53 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive D: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 232,88 Gb Total Space | 57,31 Gb Free Space | 24,61% Space Free | Partition Type: NTFS
Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2014/09/08 16:42:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL(1).exe
PRC - [2014/07/29 22:35:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/25 15:51:18 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/07/25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/06/16 18:42:42 | 003,431,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
PRC - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
========== Modules (No Company Name) ========== MOD - [2014/07/29 22:34:45 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/06/04 15:17:12 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
MOD - [2014/05/14 23:21:50 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/04/03 22:19:40 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/03 21:55:19 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/04/02 23:13:30 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/02 23:13:25 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/02 23:13:17 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/02 23:13:12 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/02 23:13:10 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/02 23:13:04 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/02 23:13:04 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/02 23:13:00 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/02 23:12:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/02 23:12:55 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/02 23:12:54 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/02 23:12:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
MOD - [2010/01/14 22:31:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\KHKEY.dll
MOD - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
MOD - [2005/10/24 16:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll
========== Services (SafeList) ========== SRV:
64bit: - [2014/07/25 15:51:10 | 018,956,064 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:
64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:
64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/09/02 08:08:33 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/29 22:35:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2007/02/02 14:58:04 | 000,153,088 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2014/09/08 16:22:21 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:
64bit: - [2014/07/25 15:51:10 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:
64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:
64bit: - [2014/03/31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:
64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2012/08/27 19:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:
64bit: - [2012/08/27 19:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:
64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/12/01 08:52:58 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp24msdrv.sys -- (rp24msdrv)
DRV:
64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/03/29 11:17:56 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:
64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:
64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:
64bit: - [2007/06/11 14:25:10 | 000,051,328 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:
64bit: - [2007/05/24 14:27:16 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:
64bit: - [2007/04/24 13:20:34 | 000,143,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:
64bit: - [2007/03/01 16:53:38 | 000,087,808 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:
64bit: - [2007/01/22 10:43:26 | 000,055,296 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:
64bit: - [2006/11/20 17:56:04 | 000,044,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:
64bit: - [2006/10/11 16:31:00 | 000,050,688 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:
64bit: - [2005/07/12 14:43:00 | 000,028,160 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2011/09/16 10:36:34 | 000,148,976 | ---- | M] (CyberLink Corp.) [2014/06/15 22:01:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/09/14 15:48:19 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\Downloads\Real Temp\WinRing0x64.sys -- (WinRing0_1_2_0)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://it.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 78 78 2A E1 4D CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3m
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.40
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7Bcc6cc772-f121-49e0-b1f0-c26583cb0c5e%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 22:34:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 22:34:33 | 000,000,000 | ---D | M]
[2014/04/01 22:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2014/09/08 16:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions
[2014/09/07 09:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/08/20 17:55:29 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/09/07 21:27:05 | 000,000,000 | ---D | M] ("Website Counselor") -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
[2014/04/05 15:02:10 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2014/08/04 09:41:56 | 000,000,000 | ---D | M] (Italian dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2014/06/17 23:03:28 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
[2014/09/07 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles47l2pwhg.default\extensions
[2014/09/07 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles47l2pwhg.default\extensions\staged
[2014/04/27 18:03:36 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\translator@zoli.bod.xpi
[2014/04/27 15:11:52 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2014/09/03 08:10:57 | 000,541,661 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/08/20 17:55:28 | 000,156,032 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014/07/25 11:41:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/22 16:51:14 | 000,023,774 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{d358dc61-498f-3de1-4d99-deacebaa276f}.xpi
[2014/04/30 23:28:58 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/07/29 22:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/07/29 22:35:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/07/28 15:32:30 | 000,450,720 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:
64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:
64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:
64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3:
64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:
64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A701AD69-608A-46AF-A726-53D6CAAC8E74}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell - "" = AutoRun
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell\AutoRun\command - "" = G:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (搀渀挀氀攀愀渀㘀㐀⸀攀砀攀)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2014/09/08 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/09/07 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\ElevatedDiagnostics
[2014/09/07 21:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2014/09/07 21:25:49 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\WebExtend
[2014/09/04 10:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/04 10:01:57 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems
[2014/09/04 10:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2014/09/04 10:01:25 | 000,528,384 | ---- | C] (Ulead Systems, Inc.) -- C:\Users\Andrea\Documents\Ipe.exe
[2014/09/04 09:59:11 | 000,040,960 | ---- | C] (Ulead Systems, Inc.) -- C:\Windows\SysWow64\Ulead Photo Express ScreenSaver.scr
[2014/09/04 09:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead Photo Express 6
[2014/09/04 09:40:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2014/09/04 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2014/09/04 09:40:51 | 000,027,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ctl3dv2.dll
[2014/09/04 09:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[2014/08/29 14:31:08 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/26 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\Nuova cartella
[2014/08/18 22:18:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/08/14 18:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2014/08/13 23:52:14 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/13 23:52:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/13 23:52:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/13 23:52:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/13 23:52:12 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/13 23:52:12 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/13 23:51:55 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/13 23:51:55 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/13 09:56:18 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/13 09:56:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/13 09:56:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/13 09:56:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/13 09:56:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/13 09:56:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/13 09:56:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/13 09:56:16 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/13 09:56:16 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/13 09:56:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/13 09:56:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/13 09:56:15 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/13 09:56:15 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/13 09:56:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/13 09:56:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/13 09:56:14 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/13 09:56:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/13 09:56:13 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/13 09:56:13 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/13 09:56:12 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/13 09:56:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/13 09:56:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/13 09:56:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/13 09:56:11 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/13 09:56:11 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/13 09:56:10 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/13 09:56:10 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/13 09:56:09 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/13 09:56:09 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/13 09:56:09 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/13 09:56:09 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/13 09:56:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/13 09:56:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/13 09:56:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/13 09:56:07 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/13 09:55:01 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/13 09:55:00 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/13 09:55:00 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/13 09:55:00 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/13 09:55:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/13 09:55:00 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/13 09:49:49 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/13 09:49:48 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/13 09:49:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2014/09/08 16:50:37 | 001,661,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/08 16:50:37 | 000,741,386 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/09/08 16:50:37 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/08 16:50:37 | 000,147,440 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/09/08 16:50:37 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/08 16:44:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/08 16:44:09 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/08 16:33:17 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/08 16:33:17 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/08 16:22:21 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/08 15:56:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/08 11:41:20 | 000,825,815 | ---- | M] () -- C:\Users\Andrea\Desktop\Report Joy Carasco.pdf
[2014/09/08 11:30:56 | 000,650,511 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0062_1.jpg
[2014/09/08 11:30:50 | 000,701,681 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0063.jpg
[2014/09/08 11:30:44 | 000,712,328 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0064.jpg
[2014/09/08 11:30:38 | 000,640,740 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0065.jpg
[2014/09/08 11:30:32 | 000,681,035 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0066.jpg
[2014/09/08 11:30:26 | 000,722,678 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0067.jpg
[2014/09/08 11:30:20 | 000,596,629 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0068.jpg
[2014/09/08 11:30:15 | 000,599,129 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0069.jpg
[2014/09/08 11:30:10 | 000,613,180 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0071.jpg
[2014/09/08 11:30:04 | 000,622,470 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0072.jpg
[2014/09/07 15:56:15 | 000,008,840 | ---- | M] () -- C:\Users\Andrea\Desktop\banner_andybell.gif
[2014/09/07 10:25:14 | 000,033,516 | ---- | M] () -- C:\Users\Andrea\Desktop\Badge Due Torri.JPG
[2014/09/07 10:13:56 | 000,193,941 | ---- | M] () -- C:\Users\Andrea\Desktop\Badge_Dasso_Andrea.jpg
[2014/09/06 16:10:37 | 000,558,418 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0062.jpg
[2014/09/05 19:20:02 | 000,888,106 | ---- | M] () -- C:\Users\Andrea\Desktop\Western.std
[2014/09/05 13:07:03 | 000,020,074 | ---- | M] () -- C:\Users\Andrea\Desktop\Poldo.JPG
[2014/09/05 09:08:10 | 001,865,318 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 5 settembre.pdf
[2014/09/05 08:08:05 | 000,431,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/04 22:31:54 | 000,080,543 | ---- | M] () -- C:\Users\Andrea\Desktop\Fronte Volantino.JPG
[2014/09/04 10:04:47 | 001,910,597 | ---- | M] () -- C:\Users\Andrea\Desktop\Volantino modificato giallo.JPG
[2014/09/04 09:59:23 | 000,000,196 | ---- | M] () -- C:\Windows\ulead32.ini
[2014/09/04 09:59:11 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Ulead Photo Express 6.0.lnk
[2014/09/02 08:08:32 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/02 08:08:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/31 17:58:37 | 000,420,390 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0061.jpg
[2014/08/31 11:43:27 | 000,271,663 | ---- | M] () -- C:\Users\Andrea\Desktop\Carta Identità Andrea Dasso.pdf
[2014/08/29 20:20:55 | 001,604,471 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 29 agosto.pdf
[2014/08/28 18:44:23 | 000,025,525 | ---- | M] () -- C:\Users\Andrea\Desktop\BwI8VN-CcAA0pRL.jpg
[2014/08/27 22:14:22 | 000,128,583 | ---- | M] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso.pdf
[2014/08/27 22:14:03 | 000,337,628 | ---- | M] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso Con Foto.pdf
[2014/08/27 11:48:24 | 000,989,443 | ---- | M] () -- C:\Users\Andrea\Desktop\Cedola Finson.pdf
[2014/08/26 15:00:04 | 000,386,342 | ---- | M] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_1_And_2-[cdcovers_cc]-front.jpg
[2014/08/26 14:57:55 | 000,387,177 | ---- | M] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_3_And_4-[cdcovers_cc]-front.jpg
[2014/08/23 04:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 20:47:51 | 001,220,732 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 22 agosto.pdf
[2014/08/21 23:44:50 | 000,047,976 | ---- | M] () -- C:\Users\Andrea\Desktop\Moe2.jpg
[2014/08/15 08:10:24 | 002,705,117 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 15 agosto.pdf
[2014/08/12 16:40:34 | 000,052,565 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercatini 3.pdf
[2014/08/12 16:40:30 | 000,019,977 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini 3.odt
[2014/08/12 00:23:32 | 000,109,415 | ---- | M] () -- C:\Users\Andrea\Desktop\Irina Facebook.png
[2014/08/11 17:05:00 | 000,054,967 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercatini 2.pdf
[2014/08/11 17:04:53 | 000,020,139 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini 2.odt
[2014/08/11 08:52:57 | 000,045,000 | ---- | M] () -- C:\Users\Andrea\Desktop\But2W-kIYAE1bBH.jpg
[2014/08/10 20:29:53 | 000,818,925 | ---- | M] () -- C:\Users\Andrea\Desktop\Moe.png
[2014/08/10 20:17:09 | 000,016,216 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini.odt
[2014/08/10 20:16:56 | 000,047,110 | ---- | M] () -- C:\Users\Andrea\Desktop\Viaggio Mercatini.pdf
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]
========== Files Created - No Company Name ========== [2014/09/08 11:41:19 | 000,825,815 | ---- | C] () -- C:\Users\Andrea\Desktop\Report Joy Carasco.pdf
[2014/09/08 11:30:51 | 000,650,511 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0062_1.jpg
[2014/09/08 11:30:45 | 000,701,681 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0063.jpg
[2014/09/08 11:30:38 | 000,712,328 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0064.jpg
[2014/09/08 11:30:33 | 000,640,740 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0065.jpg
[2014/09/08 11:30:27 | 000,681,035 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0066.jpg
[2014/09/08 11:30:21 | 000,722,678 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0067.jpg
[2014/09/08 11:30:16 | 000,596,629 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0068.jpg
[2014/09/08 11:30:11 | 000,599,129 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0069.jpg
[2014/09/08 11:30:05 | 000,613,180 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0071.jpg
[2014/09/08 11:29:59 | 000,622,470 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0072.jpg
[2014/09/07 15:56:14 | 000,008,840 | ---- | C] () -- C:\Users\Andrea\Desktop\banner_andybell.gif
[2014/09/07 10:25:14 | 000,033,516 | ---- | C] () -- C:\Users\Andrea\Desktop\Badge Due Torri.JPG
[2014/09/07 10:13:55 | 000,193,941 | ---- | C] () -- C:\Users\Andrea\Desktop\Badge_Dasso_Andrea.jpg
[2014/09/06 16:10:33 | 000,558,418 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0062.jpg
[2014/09/05 13:07:02 | 000,020,074 | ---- | C] () -- C:\Users\Andrea\Desktop\Poldo.JPG
[2014/09/05 09:08:10 | 001,865,318 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 5 settembre.pdf
[2014/09/04 16:18:29 | 000,080,543 | ---- | C] () -- C:\Users\Andrea\Desktop\Fronte Volantino.JPG
[2014/09/04 10:04:40 | 001,910,597 | ---- | C] () -- C:\Users\Andrea\Desktop\Volantino modificato giallo.JPG
[2014/09/04 09:59:11 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Ulead Photo Express 6.0.lnk
[2014/09/04 09:41:11 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2014/08/31 17:58:34 | 000,420,390 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0061.jpg
[2014/08/31 11:43:27 | 000,271,663 | ---- | C] () -- C:\Users\Andrea\Desktop\Carta Identità Andrea Dasso.pdf
[2014/08/29 20:20:54 | 001,604,471 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 29 agosto.pdf
[2014/08/28 18:44:23 | 000,025,525 | ---- | C] () -- C:\Users\Andrea\Desktop\BwI8VN-CcAA0pRL.jpg
[2014/08/27 22:14:00 | 000,337,628 | ---- | C] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso Con Foto.pdf
[2014/08/27 11:48:24 | 000,989,443 | ---- | C] () -- C:\Users\Andrea\Desktop\Cedola Finson.pdf
[2014/08/27 11:13:18 | 000,888,106 | ---- | C] () -- C:\Users\Andrea\Desktop\Western.std
[2014/08/26 14:57:55 | 000,387,177 | ---- | C] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_3_And_4-[cdcovers_cc]-front.jpg
[2014/08/26 14:53:19 | 000,386,342 | ---- | C] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_1_And_2-[cdcovers_cc]-front.jpg
[2014/08/25 09:34:34 | 001,035,321 | ---- | C] () -- C:\Users\Andrea\Desktop\foto012.jpg
[2014/08/22 20:47:51 | 001,220,732 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 22 agosto.pdf
[2014/08/21 23:44:49 | 000,047,976 | ---- | C] () -- C:\Users\Andrea\Desktop\Moe2.jpg
[2014/08/15 08:10:23 | 002,705,117 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 15 agosto.pdf
[2014/08/12 16:40:33 | 000,052,565 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercatini 3.pdf
[2014/08/12 16:40:28 | 000,019,977 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini 3.odt
[2014/08/12 00:23:32 | 000,109,415 | ---- | C] () -- C:\Users\Andrea\Desktop\Irina Facebook.png
[2014/08/11 17:04:56 | 000,054,967 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercatini 2.pdf
[2014/08/11 17:04:50 | 000,020,139 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini 2.odt
[2014/08/11 08:52:55 | 000,045,000 | ---- | C] () -- C:\Users\Andrea\Desktop\But2W-kIYAE1bBH.jpg
[2014/08/10 20:29:53 | 000,818,925 | ---- | C] () -- C:\Users\Andrea\Desktop\Moe.png
[2014/08/10 20:17:07 | 000,016,216 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini.odt
[2014/08/10 20:16:54 | 000,047,110 | ---- | C] () -- C:\Users\Andrea\Desktop\Viaggio Mercatini.pdf
[2014/07/27 18:33:55 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2014/07/27 14:56:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/27 14:56:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/08 13:35:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/07/08 13:35:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/05/04 12:54:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/05/02 15:17:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2014/04/06 21:40:01 | 000,000,019 | ---- | C] () -- C:\Windows\CLOSEAPP.INI
[2014/04/06 19:29:55 | 000,000,273 | ---- | C] () -- C:\Windows\lgfwup.ini
[2014/04/06 19:13:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2014/04/06 19:13:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2014/04/06 19:12:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2014/04/06 19:12:24 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/04/06 19:08:16 | 000,022,420 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2014/04/06 19:07:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/06 19:07:57 | 000,017,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/04/02 19:02:43 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/04/01 23:11:31 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2014/04/01 23:11:31 | 000,016,212 | ---- | C] () -- C:\Windows\unins000.dat
[2014/04/01 22:16:55 | 001,635,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/01 21:58:52 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andrea on 08/09/2014 at 16:54:08,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/09/2014 at 17:00:40,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Poi ho passato Stinger e tutto era negativo
Fatto tutto questo (e messi in quarantena tutti i rifiuti) ho rifatto girare di nuovo Antimal e AWD che mi ha segnalato solo il prefs.js di Firefox... vi chiedo di darmi un occhio al log di Hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:22, on 08/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Users\Andrea\Downloads\adwcleaner_3.309.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8523 bytes