Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo filelog Opzioni
massimob
Inviato: Thursday, December 06, 2012 9:24:14 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
salve a tutti, mi servirebbe cortesemente un controllo al filelog dato che il mio pc ha rallentato le sue funzioni.
un grazie anticipato, e nell'occasione faccio gli auguri di buone feste. cordiali saluti

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.18.32, on 06/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Users\maury\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\maury\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\msiexec.exe
D:\protezione\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fissa.com/it/?s=h&c=1101054697&suid=EmRvU03qr&d=6&pid=28
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll
R3 - URLSearchHook: MAX IT Atube Toolbar - {0e9c9453-038b-4c2d-999d-21e0d2aa7ce5} - C:\Program Files\MAX_IT_Atube\tbMAX_.dll
R3 - URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MAX IT Atube Toolbar - {0e9c9453-038b-4c2d-999d-21e0d2aa7ce5} - C:\Program Files\MAX_IT_Atube\tbMAX_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files\PHPNukeIT\tbPHPN.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Program Files\Search_USA\tbSear.dll
O3 - Toolbar: MAX IT Atube Toolbar - {0e9c9453-038b-4c2d-999d-21e0d2aa7ce5} - C:\Program Files\MAX_IT_Atube\tbMAX_.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\maury\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate1c9bd11597f6a50) (gupdate1c9bd11597f6a50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17725 bytes
Sponsor
Inviato: Thursday, December 06, 2012 9:24:14 PM

 
shapiro
Inviato: Thursday, December 06, 2012 10:57:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao Massimo per prima cosa devo ricordarti di tenerti lontano dal sito della Softonic meglio evitarlo, poi fai queste due scansioni hai molte toolbar da togliere

scarica adwcleaner clicca su delete ( o elimina) e allega il log

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
massimob
Inviato: Sunday, December 09, 2012 5:12:52 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
salve shapiro ti mando il log di adwcleaner.
grazie a presto.
# AdwCleaner v2.011 - Logfile creato il 09/12/2012 alle 17:03:36
# Aggiornamento 02/12/2012 by Xplode
# Sistema Operativo : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Utente : maury - PC-MAURY
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\maury\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Ask.com
Cartella Eliminato : C:\Program Files\BabylonToolbar
Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\Program Files\Fast Browser Search
Cartella Eliminato : C:\Program Files\Iminent
Cartella Eliminato : C:\Program Files\MAX_IT_Atube
Cartella Eliminato : C:\Program Files\NCH
Cartella Eliminato : C:\Program Files\PHPNukeIT
Cartella Eliminato : C:\Program Files\Search_USA
Cartella Eliminato : C:\Program Files\SGPSA
Cartella Eliminato : C:\Program Files\Softonic-IT
Cartella Eliminato : C:\Program Files\Widestream6
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\Iminent
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\ProgramData\Trymedia
Cartella Eliminato : C:\Users\maury\AppData\Local\APN
Cartella Eliminato : C:\Users\maury\AppData\Local\AskToolbar
Cartella Eliminato : C:\Users\maury\AppData\Local\Babylon
Cartella Eliminato : C:\Users\maury\AppData\Local\Conduit
Cartella Eliminato : C:\Users\maury\AppData\Local\Softonic-IT
Cartella Eliminato : C:\Users\maury\AppData\Local\widestream6 Air
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\AskToolbar
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\MAX_IT_Atube
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\NCH
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\PHPNukeIT
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\Search_USA
Cartella Eliminato : C:\Users\maury\AppData\LocalLow\Softonic-IT
Cartella Eliminato : C:\Users\maury\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\maury\AppData\Roaming\FissaSearch
Cartella Eliminato : C:\Users\maury\AppData\Roaming\iWin
Cartella Eliminato : C:\Users\maury\AppData\Roaming\Mozilla\Firefox\Profiles\a3phgt45.default\extensions\@FissaPlugin
Cartella Eliminato : C:\Users\maury\AppData\Roaming\Mozilla\Firefox\Profiles\a3phgt45.default\extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\Users\maury\AppData\Roaming\Mozilla\Firefox\Profiles\a3phgt45.default\extensions\toolbar@ask.com
Cartella Eliminato : C:\Users\maury\AppData\Roaming\widestream
Cartella Eliminato : C:\Windows\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
Cartella Eliminato : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Eliminato : C:\Users\maury\AppData\Local\hcvprlga.bat
File Eliminato : C:\Users\maury\AppData\Local\hcvprlga.dat
File Eliminato : C:\Users\maury\AppData\Local\hcvprlga_nav.dat
File Eliminato : C:\Users\maury\AppData\Local\hcvprlga_navps.dat
File Eliminato : C:\Users\maury\AppData\Local\ykwyc.dat
File Eliminato : C:\Users\maury\AppData\Local\ykwyc_nav.dat
File Eliminato : C:\Users\maury\AppData\Local\ykwyc_navps.dat
File Eliminato : C:\Users\maury\AppData\Roaming\Mozilla\Firefox\Profiles\a3phgt45.default\searchplugins\Askcom.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN
Chiave Eliminata : HKCU\Software\AppDataLow\AskToolbarInfo
Chiave Eliminata : HKCU\Software\AppDataLow\Software\AskToolbar
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\MAX_IT_Atube
Chiave Eliminata : HKCU\Software\AppDataLow\Software\NCH
Chiave Eliminata : HKCU\Software\AppDataLow\Software\PHPNukeIT
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Search_USA
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Softonic-IT
Chiave Eliminata : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminata : HKCU\Software\Ask.com
Chiave Eliminata : HKCU\Software\AskToolbar
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\FissaSearch
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D}
Chiave Eliminata : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Chiave Eliminata : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MAX_IT_Atube Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NCH Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHPNukeIT Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search_USA Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchTheWebARP
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-IT Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48405D3D-2674-4CD8-B1EF-9A719443BD3F}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E3393495-8103-46A0-8181-270273EDDD60}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48405D3D-2674-4CD8-B1EF-9A719443BD3F}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3393495-8103-46A0-8181-270273EDDD60}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Softonic-IT
Chiave Eliminata : HKCU\Software\Spointer
Chiave Eliminata : HKCU\Software\WideStream
Chiave Eliminata : HKCU\Toolbar
Chiave Eliminata : HKLM\Software\APN
Chiave Eliminata : HKLM\Software\AskToolbar
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\BabylonToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\b
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BHO.PSHelper
Chiave Eliminata : HKLM\SOFTWARE\Classes\BHO.PSHelper.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0F61678D-579B-48E3-A29A-E1AC9A5B5D6C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{48405D3D-2674-4CD8-B1EF-9A719443BD3F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{89FB596D-B819-4234-9171-FEBE10831DDD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{BAD5390A-65C8-4662-9DB3-FA7F679711CF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CFD18783-ABF5-4FB3-944D-15CBEE79181A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E3393495-8103-46A0-8181-270273EDDD60}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2137658
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chiave Eliminata : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\FissaSearch
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\Software\MAX_IT_Atube
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48405D3D-2674-4CD8-B1EF-9A719443BD3F}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3393495-8103-46A0-8181-270273EDDD60}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0F61678D-579B-48E3-A29A-E1AC9A5B5D6C}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89FB596D-B819-4234-9171-FEBE10831DDD}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BAD5390A-65C8-4662-9DB3-FA7F679711CF}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFD18783-ABF5-4FB3-944D-15CBEE79181A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MAX_IT_Atube Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeIT Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search_USA Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-IT Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
Chiave Eliminata : HKLM\Software\NCH
Chiave Eliminata : HKLM\Software\PHPNukeIT
Chiave Eliminata : HKLM\Software\Search_USA
Chiave Eliminata : HKLM\Software\Softonic-IT
Chiave Eliminata : HKLM\Software\Tarma Installer
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.19328

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.fissa.com/it/?s=h&c=1101054697&suid=EmRvU03qr&d=6&pid=28 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=107763&mntrId=2446dbda00000000000000238b127a7a --> hxxp://www.google.com

-\\ Mozilla Firefox v2.0 (en-US)

Nome Profilo : default
File : C:\Users\maury\AppData\Roaming\Mozilla\Firefox\Profiles\a3phgt45.default\prefs.js

Eliminata : user_pref("browser.search.defaultenginename", "Ask.com");
Eliminata : user_pref("browser.search.selectedEngine", "Ask.com");
Eliminata : user_pref("browser.startup.homepage", "hxxp://www.qword.com/?s=3");
Eliminata : user_pref("browser.search.order.1", "Ask.com");
Eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Eliminata : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=16050&locale=i[...]
Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\maury\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.58] : icon_url = "hxxp://www.ask.com/favicon.ico",
Eliminata [l.61] : keyword = "ask.com",
Eliminata [l.64] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=16050&locale=it_IT&[...]
Eliminata [l.65] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

-\\ Chromium vnstall: 18772

File : C:\Users\maury\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [29792 octets] - [09/12/2012 17:03:36]

########## EOF - C:\AdwCleaner[S1].txt - [29853 octets] ##########
shapiro
Inviato: Sunday, December 09, 2012 5:59:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


serve anche la scansione con otl

allegalo non copiarlo
massimob
Inviato: Sunday, December 09, 2012 6:47:32 PM

Rank: AiutAmico

Iscritto dal : 12/13/2005
Posts: 162
shapiro ti ho spedito tutti e due i log di "otl", speriamo che vada bene cosi.
grazie.



OTL logfile created on: 09/12/2012 17.14.26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maury\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 41,79% Memory free
6,19 Gb Paging File | 4,23 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 21,05 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 25,14 Gb Free Space | 17,89% Space Free | Partition Type: NTFS

Computer Name: PC-MAURY | User Name: maury | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\maury\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Users\maury\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Acer\Acer VCM\acp2HID.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files\Acer\Acer VCM\AcerControl.dll ()


========== Services (SafeList) ==========

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IGBASVC) -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()


========== Driver Services (SafeList) ==========

DRV - (ONDAusbvoice) -- system32\DRIVERS\ONDAusbvoice.sys File not found
DRV - (ONDAusbser6k) -- system32\DRIVERS\ONDAusbser6k.sys File not found
DRV - (ONDAusbnmea) -- system32\DRIVERS\ONDAusbnmea.sys File not found
DRV - (ONDAusbnet) -- system32\DRIVERS\ONDAusbnet.sys File not found
DRV - (ONDAusbmdm6k) -- system32\DRIVERS\ONDAusbmdm6k.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (auzeantt) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E8 2C 80 2D 24 CB 01 [binary data]
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Trova Rapido: "URL" = http://www.trovarapido.com/?t=Q090825882&s=b&keywords={searchTerms}
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\{55AE5E02-9EAC-4137-9559-B5408187DEE5}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT304
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\{74F13B24-ADB7-4422-9719-44C37E913792}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={F1EC9B96-34E3-4c9d-B5D2-3C6AD2B41281}
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\SearchScopes\Yahoo!: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\maury\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/07 22.43.39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/07 22.43.39 | 000,000,000 | ---D | M]

[2011/08/18 15.07.03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maury\AppData\Roaming\mozilla\Extensions
[2011/08/18 15.07.03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maury\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/07/05 14.24.27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maury\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/12/09 17.04.06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maury\AppData\Roaming\mozilla\Firefox\Profiles\a3phgt45.default\extensions
[2010/07/05 14.16.49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maury\AppData\Roaming\mozilla\Firefox\Profiles\a3phgt45.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/01/13 22.10.17 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\maury\AppData\Roaming\mozilla\Firefox\Profiles\a3phgt45.default\extensions\ChoiceGuard@Microsoft
[2009/08/25 14.23.50 | 000,002,370 | ---- | M] () -- C:\Users\maury\AppData\Roaming\mozilla\firefox\profiles\a3phgt45.default\searchplugins\Trova Rapido.xml
[2008/12/12 18.56.19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/12 17.57.04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=16050&locale=it_IT&apn_uid=218D4AC6-EC41-4A50-B102-0D59DBB064E2&apn_ptnrs=OF&apn_sauid=13074C63-738D-47CB-B42E-76A9CBFAE86F&apn_dtid=VIN005YYIT&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Talkpal Scriptable Plugin for Mozilla (Enabled) = C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\maury\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\maury\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2006/09/18 22.41.30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000..\Run: [Facebook Update] C:\Users\maury\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4123135755-2403480350-4181657236-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{198710FC-58B1-4C0E-AC09-E1E572A1AEC2}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF4A143B-D579-4A71-999D-963E701D5E04}: DhcpNameServer = 62.13.173.92 62.13.173.93
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\maury\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\maury\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/11 17.01.03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c0dbb1f-e973-11dd-991c-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0dbb1f-e973-11dd-991c-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0c0dbbc5-e973-11dd-991c-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0dbbc5-e973-11dd-991c-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1fdb24fa-4beb-11e0-bceb-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{1fdb24fa-4beb-11e0-bceb-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{33c3eb79-0fd2-11de-9664-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{33c3eb79-0fd2-11de-9664-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{525fb8aa-d2b1-11dd-a764-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{525fb8aa-d2b1-11dd-a764-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{525fb8dc-d2b1-11dd-a764-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{525fb8dc-d2b1-11dd-a764-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{73653560-e8b5-11dd-af8b-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{73653560-e8b5-11dd-af8b-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dd96165c-5b8b-11de-b882-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{dd96165c-5b8b-11de-b882-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e006c2e0-0f3b-11de-9557-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{e006c2e0-0f3b-11de-9557-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e006c319-0f3b-11de-9557-00238b127a7a}\Shell - "" = AutoRun
O33 - MountPoints2\{e006c319-0f3b-11de-9557-00238b127a7a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012/12/09 17.02.19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\maury\Desktop\OTL.exe
[2012/12/06 12.37.19 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/06 12.37.19 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/06 12.37.19 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/27 16.55.24 | 000,106,560 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/11/27 16.50.49 | 000,199,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/11/27 16.50.48 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/11/27 16.50.36 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/11/27 16.44.51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/11/15 19.17.37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 19.14.42 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/10/17 12.13.19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/17 12.11.02 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/17 12.11.00 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/12/09 17.13.52 | 000,662,846 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/12/09 17.13.51 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/09 17.13.51 | 000,120,326 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/12/09 17.13.51 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/09 17.09.14 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/09 17.08.55 | 000,002,299 | ---- | M] () -- C:\Users\maury\AppData\Roaming\acervcmtmp.ini
[2012/12/09 17.08.35 | 000,118,283 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/09 17.07.25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/12/09 17.07.03 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 17.07.02 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/12/09 17.06.34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 17.06.34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 17.06.15 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/12/09 17.06.09 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 17.04.50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/09 17.02.34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\maury\Desktop\OTL.exe
[2012/12/09 17.02.19 | 000,540,743 | ---- | M] () -- C:\Users\maury\Desktop\adwcleaner.exe
[2012/12/09 17.00.59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1966CEFA-5143-4222-93F2-B4BB796179CD}.job
[2012/12/09 13.39.00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/12/09 12.03.02 | 000,001,178 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4123135755-2403480350-4181657236-1000UA.job
[2012/12/08 21.03.01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4123135755-2403480350-4181657236-1000Core.job
[2012/11/27 16.50.48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/19 19.00.16 | 000,374,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/15 21.13.01 | 000,002,337 | ---- | M] () -- C:\Users\maury\Desktop\Skype.lnk
[2012/11/15 19.17.37 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 19.14.42 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/10 18.58.35 | 000,118,283 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/10 18.30.01 | 000,123,904 | ---- | M] () -- C:\Users\maury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 23.51.58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 23.51.58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 23.51.58 | 000,199,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/10/30 23.51.58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 23.51.58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/30 23.51.57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 23.51.56 | 000,106,560 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/10/30 23.51.56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 23.51.56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/10/30 23.51.07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23.50.59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/09 17.01.54 | 000,540,743 | ---- | C] () -- C:\Users\maury\Desktop\adwcleaner.exe
[2012/07/04 21.31.08 | 000,000,000 | ---- | C] () -- C:\Users\maury\AppData\Roaming\wklnhst.dat
[2011/05/12 18.04.22 | 000,124,556 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/02 23.30.50 | 001,144,147 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2011/05/02 23.27.54 | 003,935,545 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011/05/02 21.23.46 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/05/02 21.19.34 | 000,100,352 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011/05/02 21.19.20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/18 22.32.44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/03/18 22.29.56 | 000,181,248 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011/03/18 22.28.30 | 001,557,504 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011/03/18 22.27.08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011/03/18 22.26.44 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011/03/18 22.25.38 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011/03/18 22.25.24 | 000,141,312 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011/03/03 12.40.08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/03/03 12.39.56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 12.39.46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/03/03 12.39.34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/03/03 12.39.02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/03/03 12.38.54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/03/03 12.38.40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/03/03 12.38.10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 12.38.04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/03/03 12.37.50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011/03/03 12.37.40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/03/03 12.35.32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/03/03 12.35.26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/02/22 20.39.04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 20.37.30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/18 15.11.14 | 000,025,705 | ---- | C] () -- C:\Users\maury\AppData\Roaming\UserTile.png
[2008/12/13 21.35.40 | 000,000,088 | ---- | C] () -- C:\Users\maury\AppData\Local\tbfedi.bat
[2008/12/13 15.43.41 | 000,002,299 | ---- | C] () -- C:\Users\maury\AppData\Roaming\acervcmtmp.ini
[2008/12/02 15.43.03 | 000,001,356 | ---- | C] () -- C:\Users\maury\AppData\Local\d3d9caps.dat
[2008/12/02 15.39.20 | 000,118,283 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/02 15.39.07 | 000,118,283 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/01 20.11.32 | 000,123,904 | ---- | C] () -- C:\Users\maury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/31 17.52.22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/07/31 17.52.22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/08/20 16.37.36 | 000,000,000 | -HSD | M] -- C:\Users\maury\AppData\Roaming\.#
[2008/12/04 15.11.08 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Acer
[2008/07/31 17.52.22 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Acer GameZone Console
[2011/10/16 15.37.33 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Ashampoo
[2012/04/20 18.50.45 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Autodesk
[2011/08/16 15.48.14 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\AVG10
[2010/11/18 14.12.44 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Azureus
[2008/12/05 17.04.14 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Big Fish Games
[2008/12/13 23.09.59 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Canneverbe_Limited
[2012/06/25 18.47.06 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\DAEMON Tools Lite
[2009/08/20 12.16.47 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Datalayer
[2008/12/13 17.31.54 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\eSobi
[2008/12/11 09.17.21 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Gaijin Ent
[2008/12/12 19.49.13 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\GameHouse
[2008/12/27 19.03.15 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\GlarySoft
[2012/06/25 18.39.29 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\IObit
[2009/08/25 14.24.10 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\live-player
[2010/07/18 16.15.14 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\NCH Swift Sound
[2012/01/19 21.11.42 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Nokia
[2012/01/19 21.11.15 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\PC Suite
[2010/11/18 15.11.13 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\PeerNetworking
[2008/12/12 22.30.59 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\PlayFirst
[2011/11/16 23.08.05 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\PlayPond
[2011/07/13 13.21.34 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Publish Providers
[2010/07/18 15.45.10 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Recordpad
[2011/07/13 13.21.10 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Sony
[2011/11/20 17.42.37 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Sports Interactive
[2012/02/27 21.12.05 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\TeamViewer
[2012/07/04 21.31.13 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Template
[2011/08/18 15.06.43 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\TomTom
[2010/07/01 09.25.57 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\Uniblue
[2012/04/20 08.54.33 | 000,000,000 | ---D | M] -- C:\Users\maury\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:953FDC1A
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:4E6B8D68
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1D6B18F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C86B29EB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FC420CE6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C95B63DA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:861A898F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:708BB0FA
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A561576B
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FEBEC560
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:580E04D8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:9E22BBE8

< End of report >





OTL Extras logfile created on: 09/12/2012 17.14.26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maury\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 41,79% Memory free
6,19 Gb Paging File | 4,23 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 21,05 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 25,14 Gb Free Space | 17,89% Space Free | Partition Type: NTFS

Computer Name: PC-MAURY | User Name: maury | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4123135755-2403480350-4181657236-1000\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D78ACD8-5174-46D7-BBEE-054859E700DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22A742CF-7948-454F-A245-F75022004B14}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{29C251D1-E701-4E9A-B17C-F749A41CD25D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3AA444A7-19F7-424C-93B3-E8B85120F0BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4107BEB9-F298-48A8-93FC-077E690C1371}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{441691D8-3399-460A-9FB5-AA1B1B2550C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EFC4823-C2F2-4D7D-948A-E9067516E2C2}" = lport=6667 | protocol=6 | dir=in | name=mirc |
"{5686ECE2-A3B8-47C9-9F61-7F4E080BEB95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6E708977-A45C-4D5D-A348-7EA9604F9681}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75DDCEAB-EF1D-4089-A19A-6AA34B0EB4A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A4CC2F7-36C3-4F3B-97B4-62D7EE59108F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C95BAA6-AF7F-453E-86CF-819BF2C8BEA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A681D75C-8643-4EAB-8E6E-560679B1A730}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A6D30EB7-393D-4948-8DF6-96998BC93E3F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7475F19-2DAC-4D6C-83F0-91DDD8297BCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6C7083B-87C3-4285-A8E4-D40AB81C98E2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7E43A77-E87A-4381-AE9C-4A81B21A2F82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA225279-264E-4354-8B5B-8B8A37C878F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE260FFD-615A-44E9-A98F-6D6ED6D96090}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0FBBA35-60C6-4032-B8B9-39643CF2A928}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F427C660-B8E1-4D1A-B002-8EFD33D4AF6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A8FEC5-44DC-4DD8-B586-5C55A6332F6C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{07FE7BA7-4668-4518-B15D-15D3B696612C}" = protocol=6 | dir=in | app=c:\users\maury\downloads\facemoods.exe |
"{0A25D828-8CD8-4FA5-84F2-E02F9D8C1ECA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{0B85B455-85E6-45DE-8000-527F23303AED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0F812B6D-C574-4137-82BB-A3B8EF2FF869}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{17B795B1-9461-4B94-AC29-589A7540E4EC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{197524E8-956D-415C-A4B8-A56B092176D0}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AAED7BB-F3D0-48B1-8A85-AEEB3BD3D5B3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1AFB3819-9A0C-4335-BE97-534734FFB79C}" = dir=in | app=f:\setup\hpznui01.exe |
"{20312EE7-BE81-43B3-9232-CE516B3E7CEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{259C0454-5431-4CA0-98C0-CA91C430971E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28D4C9F3-2E55-4E6B-A562-72E4FB67C449}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{33675FBA-7042-47D3-979A-5E037457AB40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{39835E83-5D14-497D-8D41-2F9674A77476}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3CF2C154-F8AB-45FF-868F-CB430A6E79EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FB9E931-513E-48D1-80E9-098B2639A1C8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{468D2593-3670-4E74-81B0-5AC65EE682B1}" = dir=in | app=c:\users\maury\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{47408533-D7FE-4507-8BFC-555051B312D0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4B9A4869-8728-41FF-BB82-9CAC9CF8D5BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5A41FC6E-A4DC-4291-B770-61E821F557F5}" = protocol=6 | dir=out | app=system |
"{5C818E3C-916F-4361-942F-315F58443FF7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5F417D10-4645-4074-8B49-F94F394D958F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{644DDEDB-1A3C-440E-9380-D20370F98FD4}" = protocol=17 | dir=in | app=c:\users\maury\desktop\mp3convertersetup.exe |
"{64F5E76A-8875-45BA-95F9-FA43246D6B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65EF3B7E-F484-4380-B4F3-DBA5FC1D311A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{683ED7E4-A738-4E91-8AD2-5D2F30E1731A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{6A7A6249-8284-4C71-A330-DEC476ED578D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6BD4A549-6913-46B4-A308-84606C81313D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6DDF7FC4-B53F-4DD6-8883-423F0DDEFC6E}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{719F9CAF-6C8F-41FE-A165-0910710B5769}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{73BD75E1-BB3C-4EBE-98F7-4CAE606B724E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{7B2C2CB9-3A9A-462D-AD0E-21C4934A704C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7BC1A911-DB18-4F72-99E5-F9A00AD273D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{7D44E950-2500-4CCB-81F3-401DDBD9B505}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7DE8C8FC-448A-44BD-858B-7C56E41016B6}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{7E6C1A24-92E1-4092-8735-DF9AFD2CF7AE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8763456A-99E2-49C2-941E-8E53B9DE1CE4}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9590F07A-8DCF-49A6-8BF4-4C20E0551268}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{9E01FD19-7F51-46F7-901D-AC599997F2F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E28AF28-035C-49CF-A14A-E93F22F33A2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A1CC208A-EC49-4A48-B89E-71E6BF852808}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A201EE3F-BF41-461D-86CC-8477A5D849BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{A320A392-61F5-4929-BB44-15345EFCB2DA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A3D9DE8E-B349-4E51-B25F-FDD5689E1021}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A46C4E43-9B4F-4707-9BE4-8208EAC11E17}" = protocol=17 | dir=in | app=c:\users\maury\downloads\facemoods.exe |
"{A6D456D2-5E0B-409D-A5B0-398A96C4C707}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A8194743-FE88-4531-AB49-F6991F70D6AE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A902A243-55F5-42EF-9C71-BE33203C1854}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{AAA44B44-E5C3-44D0-AFB0-EA2A2EE1C05F}" = protocol=6 | dir=in | app=c:\users\maury\desktop\mp3convertersetup.exe |
"{AC33474E-C781-4745-8757-7E8451EB0CF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF27A98D-D520-4D83-8BC0-E70DD1C10F8D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B0019A41-B4B8-4110-A010-2A3A90612816}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B92EF3D0-B3FE-4CD0-A608-9A3E2EF5F8FB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BD96860D-91BE-4A96-B986-A1398B718D07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF6B2D9B-A8D1-45F2-8CF3-A8C8FC087BFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2E09CB1-0A65-45E8-AC32-78C5BCE3A6E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6A93465-568F-48B4-9A84-DD92D6B36694}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C91912F1-4D86-4ADD-94AC-9058ADEACFC5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C9F4E661-F9E4-4FFE-B412-71A720027C69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D36CE8DD-9CE3-4FAB-B466-6757F10A2A44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6A7BF95-AC45-4C2C-9D7B-CC86A449F37A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D6E6B9FE-ADE8-4829-8990-39E989560F6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D7D8A384-7D33-4357-855D-87C684053A82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D990840D-B3C3-4AD3-93F9-D1F625AB966C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{DF76A0B4-7C77-42A8-B533-5797E6B8CFE2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E95ABFCE-C8EE-4057-9AA2-88B5CEB5A0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F34C1BB7-1311-486B-A2EB-CE1EBB7D78EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F702B149-0413-4308-87AB-9C67C0A9FDD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAB88F1A-A7D3-4A34-B447-ACE97AA2214E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"TCP Query User{0830D48D-E59D-4FE7-9B28-BB251E5FA7CE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{207BB5B6-E562-43E4-BED1-B253E7D1E1DB}C:\users\maury\desktop\mirc italiano\mirc.exe" = protocol=6 | dir=in | app=c:\users\maury\desktop\mirc italiano\mirc.exe |
"TCP Query User{26F82410-A54C-4EF0-B518-A5076C55EC78}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{317A907F-4004-4B44-8D48-ADEF10E717FC}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{339226AE-3539-458A-BAA8-8C6A9FEEECDD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{578E6ADF-0FF9-4AB1-80AC-B154FD775F1D}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{62C47115-6899-45B7-90F7-5BDC745E842B}C:\users\maury\desktop\emule.exe" = protocol=6 | dir=in | app=c:\users\maury\desktop\emule.exe |
"TCP Query User{66EE15D7-7006-4806-9D0C-EAFF32FCA8E5}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{8E2285ED-772A-4D1B-9AE6-04B5A91E985F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A6F98098-BB68-40C2-A6E3-D6B0227CA502}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A987A82F-F1B3-401D-91C4-190F63BF0CB7}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{AF67263F-B560-4427-98CE-7BC053BB9AB2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C1A028CD-1195-4009-A5E6-C65A5B42FEE8}C:\users\maury\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\maury\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{C3DAC782-53F7-4C8F-B961-AE5802C6A9FA}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{C8F1DE91-1381-4C16-8589-DB624536171D}C:\users\maury\desktop\pes2011.exe" = protocol=6 | dir=in | app=c:\users\maury\desktop\pes2011.exe |
"TCP Query User{D040145D-3817-4A83-B50E-73E05DFC9A7C}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{F1983C74-1173-4613-9FA0-6BEBB8CB28C8}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"UDP Query User{1B4B9985-5E21-4E34-927F-5A57B187C8A9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{21AC7402-9AB7-4358-B19D-10C297328F43}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe |
"UDP Query User{2C9BF450-8EED-4AFA-B403-0B7A98B536F3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{31D3A465-AF18-4D5C-8902-A5C05B38B088}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{3ABAADEA-A9CF-46D4-B0A9-C5621C8601C8}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{3D327F6E-0B0B-4132-9B6E-4362150B2FBC}C:\users\maury\desktop\mirc italiano\mirc.exe" = protocol=17 | dir=in | app=c:\users\maury\desktop\mirc italiano\mirc.exe |
"UDP Query User{3DEBA162-1041-414B-9C51-89CC00E5874C}C:\users\maury\desktop\pes2011.exe" = protocol=17 | dir=in | app=c:\users\maury\desktop\pes2011.exe |
"UDP Query User{559B100C-A7E3-427E-9D69-6FC9E4A80CF9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{658099F7-FF41-4DD2-9DEE-F64652CE4B3B}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{6B943D73-253D-4068-A097-03588E052B97}C:\users\maury\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\maury\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{6CB84504-BB8B-4875-BCC1-B28A9D34F70F}E:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=e:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{792021AF-D62F-4A71-8BAA-04481355B76B}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{A03C6CF1-FC39-494D-AE6F-56B161B08F25}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B0DBF4AD-2A34-47D0-BB71-A016D073E01A}C:\users\maury\desktop\emule.exe" = protocol=17 | dir=in | app=c:\users\maury\desktop\emule.exe |
"UDP Query User{D41B600E-D500-4111-84E3-DC12CE6F59B6}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{E99FA3D9-9872-460A-8082-8D9489D8318E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F8D9AB78-F689-46A3-BEC2-4359EA3CB2D8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D4C4F7-E0A6-43B0-9BB9-5779A853FE7E}" = Windows Live Movie Maker
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AC11070-A1CB-11E0-A0DC-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}" = Microsoft Works
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_POWERPOINT_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_WORD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_WORD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F87E6-66CE-4419-BE0E-1A71F21EB8DB}" = Windows Live Toolbar
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A4467C16-B334-4473-AE7C-BD9229E632D9}" = Windows Live Family Safety
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0A04F7-2BBE-4323-B64C-1B71F2BDBF0D}" = Anteprima (Windows Live Toolbar)
"{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.2 - Italiano
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3EABECF-D820-4246-94B8-0CF300CA505A}" = Menu intelligenti (Windows Live Toolbar)
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4026284-E0B1-4AFC-8C3C-0B12510CFB09}" = LAGO Lucky Lindbergh 1.04
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2EB512B-1FA1-4BFF-A269-B279726EA2A8}" = Acer Dialer
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"aTube Catcher" = aTube Catcher
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"EF Englishtown Advanced Speech Recognition_is1" = EF Englishtown Advanced Speech Recognition versione 4.3.0.0
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Un secolo di Aviazione
"FormatFactory" = FormatFactory 2.60
"Glary Utilities_is1" = Glary Utilities 2.10.0.622
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"hcvprlga" = Favorit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.61.0.1400
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mp3-2-wav" = mp3-2-wav converter 1.14
"NVIDIA Drivers" = NVIDIA Drivers
"POWERPOINT" = Microsoft Office PowerPoint 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TutoreDattilo" = TutoreDattilo 7.14
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VMidi" = vanBasco's Karaoke Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WORD" = Microsoft Office Word 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/05/2011 12.15.24 | Computer Name = PC-maury | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 11/05/2011 12.15.24 | Computer Name = PC-maury | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 11/05/2011 12.15.24 | Computer Name = PC-maury | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 11/05/2011 12.15.24 | Computer Name = PC-maury | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 11/05/2011 12.15.24 | Computer Name = PC-maury | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Connessione in corso interrotta
forzatamente dall'host remoto.)

Error - 20/05/2011 5.31.41 | Computer Name = PC-maury | Source = WinMgmt | ID = 10
Description =

Error - 21/05/2011 8.04.55 | Computer Name = PC-maury | Source = WinMgmt | ID = 10
Description =

Error - 21/05/2011 12.50.59 | Computer Name = PC-maury | Source = WinMgmt | ID = 10
Description =

Error - 23/05/2011 4.21.31 | Computer Name = PC-maury | Source = WinMgmt | ID = 10
Description =

Error - 26/05/2011 17.05.54 | Computer Name = PC-maury | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08/12/2012 22.04.29 | Computer Name = PC-maury | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 09/12/2012 11.41.00 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 09/12/2012 11.41.10 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 09/12/2012 11.43.08 | Computer Name = PC-maury | Source = Service Control Manager | ID = 7011
Description =

Error - 09/12/2012 11.43.08 | Computer Name = PC-maury | Source = Service Control Manager | ID = 7011
Description =

Error - 09/12/2012 11.53.52 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 09/12/2012 11.54.12 | Computer Name = PC-maury | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 16.45.19 su 09/12/2012.

Error - 09/12/2012 11.54.03 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 09/12/2012 12.05.56 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 09/12/2012 12.06.08 | Computer Name = PC-maury | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.


< End of report >


shapiro
Inviato: Sunday, December 09, 2012 7:22:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

mi e' sembrato di vedere un'infezione riferita a una MountPoints .....fammi questa scansione facciamo prima

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.