Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiuto TornTv! + log hijack Opzioni
martina81
Inviato: Monday, December 30, 2013 9:33:58 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Aiuto per favore.
Oggi pomeriggio ho installato per errore Torntv che ho scoperto essere un malware. Ho provato a disinstallare il programma da installazione applicazioni e pareva tutto ok, dall'elenco è sparito, ma in realtà esiste ancora e se provo a disinstallarlo di nuovo non lo trova.
Ho fatto uno scan con super antispyware, ma niente, ho fatto girare malwarebytes e nada...
Solo con spyhunter 4 lo trova, ma se clicco per cancellarlo, mi manda alla pagina per acquistarlo e al momento non posso farlo.... c'è un modo per levarlo definitivamente? Io non so più che fare.....Pray
Vi allego anche il log di hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.31.44, on 30/12/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVAST Software\Avast\AvastUI.exe
C:\Programmi\Simpo PDF Creator Pro\SpcProSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\NETGEAR\WNA3100\WNA3100.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Simpo PDF Creator Pro Server] "C:\Programmi\Simpo PDF Creator Pro\SpcProSrv.exe"
O4 - HKLM\..\RunOnce: [20131224] C:\Programmi\AVAST Software\Avast\setup\emupdate\63396490-d776-4f4f-a4da-f0f2b72d1f4d.exe /check
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Smart Wizard NETGEAR WNA3100 .lnk = ?
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Marti\Menu Avvio\Programmi\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ska573~1.enh\psupport.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 7766 bytes
Sponsor
Inviato: Monday, December 30, 2013 9:33:58 PM

 
shapiro
Inviato: Monday, December 30, 2013 9:40:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao Martina esegui queste scansioni

Scarica adwcleaner
sul desktop
Chiudi tutti i browser (è importante che siano chiusi: IE,Firefox, Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
postalo nel forum



Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
martina81
Inviato: Monday, December 30, 2013 10:12:04 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Grazie!
Ecco questo è il log dopo lo scan con adwcleaner:

# AdwCleaner v3.016 - Report created 30/12/2013 at 22:09:34
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Marti - PC-MARTI
# Running from : C:\Documents and Settings\Marti\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\Marti\IMPOST~1\Temp\Searchqu.ini
File Found : C:\DOCUME~1\Marti\IMPOST~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\search.xml
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\WebSearch.xml
File Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\user.js
File Found : C:\Programmi\Mozilla Firefox\searchplugins\Search_Results.xml
Folder Found : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\Extensions\staged
Folder Found C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Dati applicazioni\SUrf aanD okeep
Folder Found C:\Documents and Settings\All Users\Dati applicazioni\YoutubeAdblocker
Folder Found C:\Documents and Settings\Marti\Dati applicazioni\iSafe
Folder Found C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\ConduitCommon
Folder Found C:\Documents and Settings\Marti\Dati applicazioni\OfferBox
Folder Found C:\Documents and Settings\Marti\Dati applicazioni\searchquband
Folder Found C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Conduit
Folder Found C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Vid-Saver
Folder Found C:\Programmi\1ClickDownload
Folder Found C:\Programmi\Conduit
Folder Found C:\Programmi\SearchYa!
Folder Found C:\Programmi\SUrf aanD okeep
Folder Found C:\Programmi\Vid-Saver
Folder Found C:\Programmi\WebSearch
Folder Found C:\Programmi\YoutubeAdblocker

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Offerbox
Key Found : HKCU\Software\searchya.com
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vid-Saver
Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033343391}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vid-Saver
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8c222d2b
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_c85f7519
Key Found : HKLM\Software\Offerbox
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Programmi\TornTV.com\TornTV Downloader.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v3.0.5 (it)

[ File : C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "WebSearch");
Line Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine", "WebSearch");
Line Found : user_pref("browser.startup.homepage", "hxxp://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41");
Line Found : user_pref("extensions.crossriderapp3491.adsOldValue", -1);
Line Found : user_pref("extensions.searchya.aflt", "foxtab");
Line Found : user_pref("extensions.searchya.autoRvrt", false);
Line Found : user_pref("extensions.searchya.cntry", "IT");
Line Found : user_pref("extensions.searchya.dfltLng", "");
Line Found : user_pref("extensions.searchya.dfltSrch", true);
Line Found : user_pref("extensions.searchya.dnsErr", true);
Line Found : user_pref("extensions.searchya.envrmnt", "production");
Line Found : user_pref("extensions.searchya.excTlbr", false);
Line Found : user_pref("extensions.searchya.hdrMd5", "29D56969A6EAE69618992A14A9317AF8");
Line Found : user_pref("extensions.searchya.hmpg", true);
Line Found : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736")[...]
Line Found : user_pref("extensions.searchya.id", "E0469AAB20BC4467");
Line Found : user_pref("extensions.searchya.instlDay", "15565");
Line Found : user_pref("extensions.searchya.instlRef", "ft-188");
Line Found : user_pref("extensions.searchya.isdcmntcmplt", true);
Line Found : user_pref("extensions.searchya.lastVrsnTs", "1.5.25.022:31:42");
Line Found : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.searchya.newTab", true);
Line Found : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736[...]
Line Found : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"34\",\"lastVrsn\":\"34\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.searchya.prdct", "searchya");
Line Found : user_pref("extensions.searchya.prtnrId", "searchya");
Line Found : user_pref("extensions.searchya.sg", "none");
Line Found : user_pref("extensions.searchya.smplGrp", "none");
Line Found : user_pref("extensions.searchya.srchPrvdr", "Search");
Line Found : user_pref("extensions.searchya.tlbrId", "base");
Line Found : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=8683397[...]
Line Found : user_pref("extensions.searchya.vrsn", "1.5.25.0");
Line Found : user_pref("extensions.searchya.vrsnTs", "1.5.25.022:31:42");
Line Found : user_pref("extensions.searchya.vrsni", "1.5.25.0");
Line Found : user_pref("extensions.searchya_i.newTab", true);
Line Found : user_pref("extensions.searchya_i.smplGrp", "none");
Line Found : user_pref("extensions.searchya_i.vrsnTs", "1.5.25.022:31:42");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Found : user_pref("keyword.URL", "hxxp://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q=");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10788 octets] - [30/12/2013 21:52:41]
AdwCleaner[R1].txt - [10695 octets] - [30/12/2013 22:09:34]
AdwCleaner[S0].txt - [362 octets] - [30/12/2013 21:53:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10815 octets] ##########
shapiro
Inviato: Monday, December 30, 2013 10:21:35 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

esegui anche otl

devi ripetere la scansione con adwcleaner e cliccare su Clean
martina81
Inviato: Monday, December 30, 2013 10:39:53 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
lo faccio, ma mi si blocca... è la terza volta che mi tocca riavviare a mano!
I due file che mi da otl li carico sul sito wikisend?
shapiro
Inviato: Monday, December 30, 2013 10:41:58 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Commenta:
lo faccio, ma mi si blocca... è la terza volta che mi tocca riavviare a mano!



succede quando esegui adwcleaner? devi eseguire prima adwcleaner poi otl

i log puoi anche incollarli
martina81
Inviato: Monday, December 30, 2013 10:43:10 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Ho fatto così, ma quando vado si clean inizia e poi si blocca sempre.
Li incollo qui?
ciocca956
Inviato: Monday, December 30, 2013 10:44:06 PM
Rank: AiutAmico

Iscritto dal : 1/5/2012
Posts: 4,102
Martina ciao.
Hai XP col solo Service pack 2.
Devi installare il SP3 (finita la bonifica).
Qui il download: http://www.aiutamici.com/software?ID=80272
A.
shapiro
Inviato: Monday, December 30, 2013 10:47:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Ho fatto così, ma quando vado si clean inizia e poi si blocca sempre.


non si blocca, sta eseguendo la pulizia


si incollali
martina81
Inviato: Monday, December 30, 2013 10:49:40 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Mi spiego male io: mi dice Non risponde.

OTL logfile created on: 30/12/2013 22.24.51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marti\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 71,35% Memory free
3,72 Gb Paging File | 3,18 Gb Available in Paging File | 85,49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 298,09 Gb Total Space | 172,51 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 1,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-MARTI | User Name: Marti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Programmi\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmi\Simpo PDF Creator Pro\SpcProSrv.exe (Simpo Technologies)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe ()
PRC - C:\Programmi\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVAST Software\Avast\defs\13123001\algo.dll ()
MOD - C:\Programmi\AVAST Software\Avast\libcef.dll ()
MOD - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA ()
MOD - C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe ()
MOD - C:\Programmi\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Programmi\NETGEAR\WNA3100\WifiLib.dll ()
MOD - C:\Programmi\NETGEAR\WNA3100\WifiSvcLib.dll ()
MOD - C:\Programmi\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (JavaQuickStarterService) -- C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Programmi\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (WSWNA3100) -- C:\Programmi\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Programmi\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programmi\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
IE - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\..\SearchScopes,Backup.Old.DefaultScope =
IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736
IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..keyword.URL: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Programmi\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmi\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rkrmkbd@bxu-.edu: C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions [2013/12/30 15.54.47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\iayueafz@dimqqauuouu.co.uk: C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions [2013/12/30 15.54.47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/12/07 22.47.08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/12/21 15.10.36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\rkrmkbd@bxu-.edu: C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions [2013/12/30 15.54.47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\iayueafz@dimqqauuouu.co.uk: C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions [2013/12/30 15.54.47 | 000,000,000 | ---D | M]

[2013/02/01 23.21.34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Extensions
[2013/12/30 15.54.47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions
[2013/11/16 12.37.25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\extensions\staged
[2013/01/06 14.26.22 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\conduit.xml
[2013/01/20 14.41.53 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\Search.xml
[2012/09/20 17.37.45 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\Search_Results.xml
[2013/11/16 12.38.15 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\WebSearch.xml
[2013/10/08 14.06.20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTI\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\OIT2YUHS.DEFAULT\EXTENSIONS\D019FEBE-EB2B-4057-A3F2-7DEF88F2C9CD@1CCED8EC-0FFE-43EA-B4B2-FBCE5DE8E9A4.COM
[2013/10/25 15.56.26 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAMMI\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/04 15.28.06 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAMMI\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAMMI\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2006/09/10 12.15.22 | 000,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2008/09/19 18.07.44 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2012/09/20 17.37.45 | 000,002,519 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\Search_Results.xml
[2008/03/29 08.17.30 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2007/12/10 11.20.36 | 000,000,649 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Conduit Chrome Approve TB Plugin (Enabled) = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ncdghcmanhfigpijjllopocpcnjffkhl\2.5.0.1_0\plugins/ChromeApproveTBPlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ncdghcmanhfigpijjllopocpcnjffkhl\2.5.0.1_0\Search/plugins/npConduitNewTabPlugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Bejeweled 2 = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\akphcmbagmeiogjbadpijeijneplndlm\0.1.0.6_0\
CHR - Extension: Sketch Mobile = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\bbilecdmpppjehlkpmdnnhaidegpacpc\0.0.2.10_0\
CHR - Extension: Greeting Card Maker = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\benkgplfnlmgnpooclhbngibhmconcnn\1.0.2_0\
CHR - Extension: Whats Per Cena = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\bklodekjdjjkfhlaffopemibfjckfime\4.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Super Mario World = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cnfnchdgmgkgkpbkpgppebiodnihaadh\0.1.0.6_0\
CHR - Extension: Ricerca Google = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Crash Bandicoot Online = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\copoaaffjmndhhefnhlaehnhjkdjaecm\1_0\
CHR - Extension: Greeting Cards = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cplbaodiencgfjkcikaehcbigkebjepo\9_0\
CHR - Extension: Bomomo = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln\1_0\
CHR - Extension: YoutubeAdblocker = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fjnpplpjcbkcebcmopfgmnikgjapjdgl\1.0\
CHR - Extension: break it = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fljbialljmnhabpmemfmifpcmkcejkdl\3.6_0\
CHR - Extension: Heart's Medicine - Season One = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\gpofnhlceocigjnconfjocmmahbmfnej\1.0.0.3_0\
CHR - Extension: Classic = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Delicious - Emily's Holiday Season = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\hlfepkbmhoompmkjfplhnkcpdngcmodc\1.0.0.0_0\
CHR - Extension: Girls Games = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\iacapkljelalaojlbbelljaoecgbmcgh\2.2_0\
CHR - Extension: Bejeweled 2 Deluxe = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0\
CHR - Extension: Bejeweled 2 Deluxe = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0\.bak
CHR - Extension: Google Wallet = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Bejeweled 3 = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\onmcdiilacdmbmeimljopoipdmjhbajo\1.1_0\
CHR - Extension: Bejeweled 3 = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\onmcdiilacdmbmeimljopoipdmjhbajo\1.1_0\.bak
CHR - Extension: Bug Village = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pabppflkalbniedjechdomdnofnogcfh\1.3.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/30 21.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Simpo PDF Creator Pro Server] C:\Programmi\Simpo PDF Creator Pro\SpcProSrv.exe (Simpo Technologies)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-682003330-308236825-725345543-1003..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-682003330-308236825-725345543-1003..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Smart Wizard NETGEAR WNA3100 .lnk = C:\Programmi\NETGEAR\WNA3100\WNA3100.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Marti\Menu Avvio\Programmi\IMVU\Run IMVU.lnk File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29A5E443-8988-4EE8-B66F-BFC46F3BEC57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A93ACD99-4F9E-46D5-BA38-F4694E25A439}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5AB11DB-C8EC-4820-AE53-D8279A26E3AC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\ska573~1.enh\psupport.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 19.58.55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 10.43.08 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2006/01/21 14.00.50 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/01/21 14.00.50 | 000,007,952 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{a1466795-3938-11e0-a198-00173191079c}\Shell - "" = AutoRun
O33 - MountPoints2\{a1466795-3938-11e0-a198-00173191079c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a6fe3755-11ea-11e0-9390-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a6fe3755-11ea-11e0-9390-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006/01/21 14.00.50 | 000,253,952 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/12/30 21.48.53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/30 21.48.35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marti\Desktop\OTL.exe
[2013/12/30 18.49.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\Malwarebytes
[2013/12/30 18.49.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2013/12/30 18.49.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2013/12/30 18.49.14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/30 18.49.14 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2013/12/30 18.40.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\HiJackThis
[2013/12/30 18.40.27 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2013/12/30 18.16.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\iSafe
[2013/12/30 17.36.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\SpyHunter
[2013/12/30 17.36.30 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/12/30 17.36.30 | 000,000,000 | ---D | C] -- C:\Programmi\Enigma Software Group
[2013/12/30 17.36.03 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2013/12/30 10.51.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Documenti\NannyMania
[2013/12/30 10.50.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Nanny Mania
[2013/12/30 10.34.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Documenti\PDFs Output
[2013/12/30 10.34.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Simpo PDF Creator Pro
[2013/12/30 10.34.16 | 004,255,192 | ---- | C] (Two Pilots) -- C:\WINDOWS\SpcPro_PDFLib.dll
[2013/12/30 10.34.12 | 000,000,000 | ---D | C] -- C:\Programmi\Simpo PDF Creator Pro
[2013/12/30 10.32.37 | 006,108,571 | ---- | C] (Simpo Technologies ) -- C:\Documents and Settings\Marti\Desktop\spdfcreator_setup.exe
[2013/12/30 10.16.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Desktop\[ Ebook - ITA ] Il signore degli anelli
[2013/12/29 13.47.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\cerasus
[2013/12/28 13.37.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\cerasus.media
[2013/12/28 01.46.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Mystery Stories-Island of Hope
[2013/12/28 01.46.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Mystery Stories-Island of Hope
[2013/12/28 01.46.36 | 000,000,000 | ---D | C] -- C:\Programmi\Mystery Stories-Island of Hope
[2013/12/24 17.30.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\My Games
[2013/12/24 17.14.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Firaxis Games
[2013/12/24 17.14.20 | 000,000,000 | ---D | C] -- C:\Programmi\Firaxis Games
[2013/12/15 13.53.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Honeybee
[2013/12/15 13.53.24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Honeybee
[2013/12/15 13.53.23 | 000,000,000 | ---D | C] -- C:\Programmi\Honeybee
[2013/12/15 13.41.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\Bloom
[2013/12/15 13.40.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Bloom
[2013/12/15 13.40.52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Bloom
[2013/12/15 13.40.52 | 000,000,000 | ---D | C] -- C:\Programmi\Bloom
[2013/11/23 13.48.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\GameHouse
[2013/11/23 13.48.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Delicious Emilys Tea Garden
[2013/11/23 13.46.13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Delicious Emilys Tea Garden
[2013/11/23 13.46.13 | 000,000,000 | ---D | C] -- C:\Programmi\Delicious Emilys Tea Garden
[2013/11/18 19.28.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Blood Ties
[2013/11/17 17.45.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\BloodTies
[2013/11/17 17.36.10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Blood Ties
[2013/11/17 17.36.10 | 000,000,000 | ---D | C] -- C:\Programmi\Blood Ties
[2013/11/17 17.35.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Star Defender 4
[2013/11/17 17.35.55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Star Defender 4
[2013/11/17 17.35.54 | 000,000,000 | ---D | C] -- C:\Programmi\Star Defender 4
[2013/11/17 17.35.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\The Great Tree
[2013/11/17 17.35.33 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Great Tree
[2013/11/17 17.35.33 | 000,000,000 | ---D | C] -- C:\Programmi\The Great Tree
[2013/11/17 17.32.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2013/11/17 17.31.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\The Sims Carnival - BumperBlast
[2013/11/17 17.30.42 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Sims Carnival - BumperBlast
[2013/11/17 17.30.42 | 000,000,000 | ---D | C] -- C:\Programmi\The Sims Carnival - BumperBlast
[2013/11/16 12.49.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Desktop\Fabrizio De André
[2013/11/16 12.38.16 | 000,000,000 | ---D | C] -- C:\Programmi\WebSearch
[2013/11/16 12.37.38 | 000,000,000 | ---D | C] -- C:\Programmi\Sk.Enhancer
[2013/11/16 12.37.26 | 000,000,000 | ---D | C] -- C:\Programmi\YoutubeAdblocker
[2013/11/16 12.37.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\YoutubeAdblocker
[2013/11/16 12.37.05 | 000,000,000 | ---D | C] -- C:\Programmi\SUrf aanD okeep
[2013/11/16 12.37.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SUrf aanD okeep
[2013/11/16 12.36.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\2bacfa8e3abab46f
[2013/11/16 12.36.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\InstallMate
[2013/11/16 10.32.53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Enchanted Cavern
[2013/11/16 10.32.53 | 000,000,000 | ---D | C] -- C:\Programmi\Enchanted Cavern
[2013/11/16 10.13.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\TunesNINJA
[2013/11/16 10.13.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\IncomingFiles
[2013/11/14 14.15.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\Gogii Games
[2013/11/14 14.15.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Gogii Games
[2013/11/14 14.13.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Book of Legends
[2013/11/14 14.13.24 | 000,000,000 | ---D | C] -- C:\Programmi\Book of Legends
[2013/11/12 21.29.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\Friday's games
[2013/11/12 21.29.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Natalie Brooks The Treasures of the Lost Kingdom
[2013/11/04 18.33.51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/11/04 18.33.51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/11/04 18.33.51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/11/04 18.33.51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/11/04 18.33.50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/11/04 18.33.50 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/11/04 18.33.49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2013/11/04 18.33.49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/11/04 18.33.48 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013/11/04 18.33.48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013/11/04 18.33.48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013/11/04 18.33.47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013/11/04 18.33.47 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013/11/04 18.33.46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013/11/04 18.33.45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013/11/04 18.33.45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013/11/04 18.33.44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013/11/04 18.33.44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013/11/04 18.33.43 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013/11/04 18.33.43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2013/11/04 18.33.43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2013/11/04 18.33.42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2013/11/04 18.33.42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2013/11/04 18.33.42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2013/11/04 18.33.41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2013/11/04 18.33.41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2013/11/04 18.33.40 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2013/11/04 18.33.40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2013/11/04 18.33.40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2013/11/04 18.33.39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2013/11/04 18.33.39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2013/11/04 18.33.39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2013/11/04 18.33.38 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2013/11/04 18.33.38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2013/11/04 18.33.37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2013/11/04 18.33.37 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2013/11/04 18.33.37 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2013/11/04 18.33.36 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2013/11/04 18.33.36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2013/11/04 18.33.36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2013/11/04 18.33.35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2013/11/04 18.33.35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2013/11/04 18.33.34 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2013/11/04 18.33.34 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2013/11/04 18.33.34 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2013/11/04 17.13.33 | 000,000,000 | ---D | C] -- C:\Programmi\Pianeta Segreto
[2013/11/04 17.13.21 | 000,000,000 | ---D | C] -- C:\Programmi\Utherverse Digital Inc
[2013/11/01 19.55.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Gogii
[2013/11/01 19.54.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Nanny Mania 2 - Goes to Hollywood
[2013/11/01 19.54.36 | 000,000,000 | ---D | C] -- C:\Programmi\Nanny Mania 2 - Goes to Hollywood
[2013/11/01 10.30.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Desktop\Ricette
[2013/11/01 02.13.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Dati applicazioni\Ancient Quest of Saqqarah__bfg
[2013/11/01 02.13.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marti\Menu Avvio\Programmi\Ancient Quest of Saqqarah
[2013/11/01 02.13.06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Ancient Quest of Saqqarah
[2013/11/01 02.13.05 | 000,000,000 | ---D | C] -- C:\Programmi\Ancient Quest of Saqqarah
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/12/30 22.30.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/30 22.18.45 | 000,503,722 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/12/30 22.18.45 | 000,455,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/30 22.18.45 | 000,090,058 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/12/30 22.18.45 | 000,075,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/30 22.15.31 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/30 22.14.57 | 000,065,581 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/12/30 22.14.35 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 22.14.28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/30 22.09.00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 21.48.49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marti\Desktop\OTL.exe
[2013/12/30 21.48.07 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\adwcleaner.exe
[2013/12/30 21.41.10 | 000,001,242 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-308236825-725345543-1003UA.job
[2013/12/30 21.31.27 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\HiJackThis.lnk
[2013/12/30 20.09.00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/30 18.49.18 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/30 18.48.20 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marti\Desktop\mbam-setup-1.75.0.1300.exe
[2013/12/30 18.48.20 | 000,010,255 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Consigli_Aiutamici.htm
[2013/12/30 17.41.00 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-308236825-725345543-1003Core.job
[2013/12/30 17.36.37 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\SpyHunter.lnk
[2013/12/30 14.51.23 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Nanny Mania.lnk
[2013/12/30 14.45.01 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/30 10.34.18 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Simpo PDF Creator Pro.lnk
[2013/12/30 10.33.32 | 006,108,571 | ---- | M] (Simpo Technologies ) -- C:\Documents and Settings\Marti\Desktop\spdfcreator_setup.exe
[2013/12/30 10.27.35 | 000,492,419 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Trilogia delle terre perdute 1 - Le Lande Di Ghiaccio (Ita Libro).epub
[2013/12/30 10.27.27 | 000,453,933 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Le Lande Di Fuoco (Ita Libro).epub
[2013/12/30 10.27.20 | 000,675,529 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Le lame del Cacciatore 02 - Il Cacciatore solitario_by Abyssinian.epub
[2013/12/30 10.27.02 | 000,595,407 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore 4 - I sentieri delle Tenebre 02 - L'ora di Wulfgar.epub
[2013/12/30 10.26.48 | 000,640,968 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R. A. Salvatore - Le Lame Del Cacciatore (Ita Libro).epub
[2013/12/30 10.25.49 | 000,495,067 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Trilogia delle terre perdute 2 - Le Lande D'Argento (Ita Libro).epub
[2013/12/28 01.46.48 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Mystery Stories Island of Hope.lnk
[2013/12/24 17.14.25 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avvia Sid Meier's Civilization 4.lnk
[2013/12/21 15.10.37 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2013/12/15 13.53.30 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play Honeybee !!.lnk
[2013/12/15 13.40.56 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play Bloom !!.lnk
[2013/12/15 13.40.56 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Crack Reg For Bloom.lnk
[2013/12/11 17.31.58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 17.31.58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/06 12.46.07 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Google Chrome.lnk
[2013/11/28 23.11.07 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Book of Legends.zip
[2013/11/23 13.48.04 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Delicious Emilys Tea Garden.lnk
[2013/11/23 11.23.34 | 000,012,113 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\invitati amici.odt
[2013/11/18 19.28.47 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play Blood Ties.lnk
[2013/11/17 17.35.57 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play Star Defender 4.lnk
[2013/11/17 17.35.37 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play The Great Tree.lnk
[2013/11/17 17.31.04 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Play The Sims Carnival - BumperBlast.lnk
[2013/11/14 14.17.24 | 025,701,320 | ---- | M] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\AlexGordonAff_78653.exe
[2013/11/14 14.17.03 | 001,311,504 | ---- | M] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\recfree.exe
[2013/11/12 21.29.29 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Natalie Brooks The Treasures of the Lost Kingdom.lnk
[2013/11/08 16.43.01 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2013/11/05 20.06.17 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Dropbox.lnk
[2013/11/01 19.54.57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Nanny Mania 2 - Goes to Hollywood.lnk
[2013/11/01 02.13.07 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Marti\Desktop\Ancient Quest of Saqqarah.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/30 21.47.53 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\adwcleaner.exe
[2013/12/30 18.49.18 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/30 18.40.28 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\HiJackThis.lnk
[2013/12/30 17.36.37 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\SpyHunter.lnk
[2013/12/30 10.50.42 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Nanny Mania.lnk
[2013/12/30 10.46.00 | 001,208,638 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\SALVATORE R.A. - Il Mare delle Spade - PoD 03_by Abyssinian.epub
[2013/12/30 10.45.37 | 001,259,800 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\SALVATORE R.A. La Lama Silente.epub
[2013/12/30 10.44.22 | 001,246,223 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\L'ora di Wulfgar.epub
[2013/12/30 10.34.40 | 000,088,064 | ---- | C] () -- C:\WINDOWS\PreConvertPro.dll
[2013/12/30 10.34.18 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Simpo PDF Creator Pro.lnk
[2013/12/30 10.27.35 | 000,492,419 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Trilogia delle terre perdute 1 - Le Lande Di Ghiaccio (Ita Libro).epub
[2013/12/30 10.27.27 | 000,453,933 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Le Lande Di Fuoco (Ita Libro).epub
[2013/12/30 10.27.20 | 000,675,529 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Le lame del Cacciatore 02 - Il Cacciatore solitario_by Abyssinian.epub
[2013/12/30 10.27.02 | 000,595,407 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore 4 - I sentieri delle Tenebre 02 - L'ora di Wulfgar.epub
[2013/12/30 10.26.48 | 000,640,968 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R. A. Salvatore - Le Lame Del Cacciatore (Ita Libro).epub
[2013/12/30 10.25.49 | 000,495,067 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\R.A. Salvatore - Trilogia delle terre perdute 2 - Le Lande D'Argento (Ita Libro).epub
[2013/12/28 01.46.48 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Mystery Stories Island of Hope.lnk
[2013/12/24 17.14.25 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avvia Sid Meier's Civilization 4.lnk
[2013/12/15 13.53.30 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play Honeybee !!.lnk
[2013/12/15 13.40.56 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play Bloom !!.lnk
[2013/12/15 13.40.56 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Crack Reg For Bloom.lnk
[2013/11/28 23.11.07 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Book of Legends.zip
[2013/11/23 13.48.04 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Delicious Emilys Tea Garden.lnk
[2013/11/23 11.19.01 | 000,012,113 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\invitati amici.odt
[2013/11/18 19.28.47 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play Blood Ties.lnk
[2013/11/17 17.35.57 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play Star Defender 4.lnk
[2013/11/17 17.35.37 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play The Great Tree.lnk
[2013/11/17 17.31.04 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Play The Sims Carnival - BumperBlast.lnk
[2013/11/17 17.28.59 | 723,998,720 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Last 26 Bigfish Games + Indianboy + All Precracked.iso
[2013/11/13 17.01.14 | 025,701,320 | ---- | C] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\AlexGordonAff_78653.exe
[2013/11/13 17.00.35 | 001,311,504 | ---- | C] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\recfree.exe
[2013/11/12 21.29.29 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Natalie Brooks The Treasures of the Lost Kingdom.lnk
[2013/11/01 19.54.57 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Nanny Mania 2 - Goes to Hollywood.lnk
[2013/11/01 02.13.07 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Marti\Desktop\Ancient Quest of Saqqarah.lnk
[2013/10/25 15.43.43 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/10/25 15.43.42 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/09/04 15.20.49 | 000,168,303 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2012/09/04 15.20.49 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2012/08/13 21.33.03 | 000,384,835 | ---- | C] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\speeddial.crx
[2012/07/12 21.16.20 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/06/22 11.01.32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012/05/13 18.46.49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/02/08 19.18.12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/04/02 19.41.59 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Marti\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/15 20.21.36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/30 21.00.00 | 001,483,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/30 21.00.00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/30 21.00.00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/30 15.53.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\2bacfa8e3abab46f
[2013/01/12 14.01.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ashampoo
[2013/10/25 15.44.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2013/10/30 21.56.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Big Fish
[2012/02/25 00.24.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\blg
[2012/09/21 21.20.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2013/04/03 10.55.55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DSS
[2012/11/25 13.00.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EA Core
[2012/11/24 12.46.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Electronic Arts
[2012/08/08 20.12.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Flood Light Games
[2012/02/22 22.55.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
[2013/11/23 13.48.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GameHouse
[2013/11/01 19.55.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Gogii
[2013/11/14 14.15.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Gogii Games
[2013/11/16 12.36.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InstallMate
[2012/02/14 21.06.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MumboJumbo
[2012/02/13 22.56.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MysteryChronicles
[2013/02/08 23.28.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Origin
[2011/11/08 21.25.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
[2012/02/24 23.38.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Redrum
[2011/11/08 19.07.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Sandlot Games
[2012/02/09 22.45.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SulusGames
[2013/12/30 20.07.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SUrf aanD okeep
[2013/12/09 17.27.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2011/02/15 20.22.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
[2013/12/30 20.07.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\YoutubeAdblocker
[2011/02/15 20.23.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Vodafone
[2012/02/09 22.49.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Aisle 5 Games, Inc
[2013/11/01 02.18.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Ancient Quest of Saqqarah__bfg
[2013/08/20 21.03.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\AnvsoftPdfTools
[2013/01/12 14.03.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Ashampoo
[2013/10/26 11.17.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\AVAST Software
[2013/12/30 15.58.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\BitTorrent
[2012/02/25 00.24.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\blg
[2013/11/17 17.45.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\BloodTies
[2013/12/15 13.42.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Bloom
[2013/12/29 13.47.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\cerasus
[2013/12/28 13.37.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\cerasus.media
[2013/12/23 14.06.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Dropbox
[2012/02/06 15.51.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\FirstColony
[2012/08/08 20.12.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Flood Light Games
[2013/11/12 21.29.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Friday's games
[2012/02/01 09.16.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Gamelab
[2013/11/14 14.15.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Gogii Games
[2013/11/16 10.13.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\IncomingFiles
[2013/12/30 18.16.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\iSafe
[2013/12/24 17.30.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\My Games
[2012/05/26 13.57.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\OfferBox
[2012/05/24 22.20.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\OpenOffice.org
[2012/06/15 14.14.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Oracle
[2012/11/24 12.49.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Origin
[2012/02/09 22.50.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\PlayFirst
[2012/09/27 17.15.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\searchquband
[2013/11/04 17.50.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\SecondLife
[2012/02/17 18.48.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\SerpentOfIsis
[2012/02/09 22.45.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\SulusGames
[2013/11/16 10.13.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\TunesNINJA
[2011/11/07 23.46.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\uTorrent
[2012/07/12 21.44.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\VampireSagaHL
[2011/02/15 20.23.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\Vodafone
[2012/08/08 21.24.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:3C282BEA
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:72D2E2A0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FDC41D2C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A0FEE87
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:12D2EB9C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5A1A3CC5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D48500F8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2BC498A4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:EEB25EAE

< End of report >
martina81
Inviato: Monday, December 30, 2013 10:50:29 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
OTL Extras logfile created on: 30/12/2013 22.24.51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marti\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 71,35% Memory free
3,72 Gb Paging File | 3,18 Gb Available in Paging File | 85,49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 298,09 Gb Total Space | 172,51 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 1,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-MARTI | User Name: Marti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programmi\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programmi\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programmi\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13106:TCP" = 13106:TCP:*:Enabled:Emule_tcp
"43507:UDP" = 43507:UDP:*:Enabled:Emule_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\BitTorrent\BitTorrent.exe" = C:\Programmi\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Winamp\winamp.exe" = C:\Programmi\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programmi\Electronic Arts\EADM\Core.exe" = C:\Programmi\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programmi\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\HP Software Update\HPWUCli.exe" = C:\Programmi\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programmi\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Programmi\SecondLifeViewer\SLVoice.exe" = C:\Programmi\SecondLifeViewer\SLVoice.exe:*:Enabled:SLVoice
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Marti\Desktop\SecondLifeViewer\SLVoice.exe" = C:\Documents and Settings\Marti\Desktop\SecondLifeViewer\SLVoice.exe:*:Enabled:SLVoice
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Marti\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Marti\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Programmi\TornTV.com\TornTV Downloader.exe" = C:\Programmi\TornTV.com\TornTV Downloader.exe:*:Disabled:TorntvDownloader


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220FB035-4744-483A-9A0B-41DF77061583}" = SpyHunter
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{4344E211-F621-3870-9A08-2F56C71BA0A7}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Italiano
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F91CF0E6-7B98-45DB-AE57-B6E09C40B364}" = OpenOffice.org 3.4
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ancient Quest of Saqqarah1.2" = Ancient Quest of Saqqarah
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.82
"avast" = avast! Free Antivirus
"BFGC" = Big Fish: Game Manager
"BitTorrent" = BitTorrent
"Blood Ties1.0" = Blood Ties
"Bloom1.0" = Bloom
"Book of Legends" = Book of Legends
"Delicious Emilys Tea Garden1.071" = Delicious Emilys Tea Garden
"eMule" = eMule
"Honeybee1.0" = Honeybee
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Kobo" = Kobo
"Lost in Reefs1.0" = Lost in Reefs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Mystery Stories-Island of Hope1.0" = Mystery Stories-Island of Hope
"Nanny Mania 2 - Goes to Hollywood" = Nanny Mania 2 - Goes to Hollywood
"Natalie Brooks The Treasures of the Lost Kingdom1.10" = Natalie Brooks The Treasures of the Lost Kingdom
"NVIDIA Drivers" = NVIDIA Drivers
"PDFMate PDF Converter_is1" = PDFMate PDF Converter 1.7.0
"Shop for HP Supplies" = Shop for HP Supplies
"Simpo PDF Creator Pro_is1" = Simpo PDF Creator Pro 3.2.0.0
"SP_8c222d2b" = SK.Helper 1.74
"SP_c85f7519" = Search Assistant WebSearch 1.74
"Star Defender 41.0" = Star Defender 4
"The Game of Life - Path to Success1.0" = The Game of Life - Path to Success
"The Great Tree1.0" = The Great Tree
"The Serpent of Isis1.1.0" = The Serpent of Isis
"The Sims Carnival - BumperBlast1.0" = The Sims Carnival - BumperBlast
"Vampire Saga - Welcome To Hell Lock ~ Just For Fun Games" = Vampire Saga - Welcome To Hell Lock ~ Just For Fun Games
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR gestione archivi

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/06/2013 11.32.09 | Computer Name = PC-MARTI | Source = PerfNet | ID = 2005
Description = Impossibile leggere i dati sulle prestazioni dal servizio server.
In questo esempio non verranno restituiti dati sulle prestazioni del server. Il
codice di errore restituito si trova nei dati DWORD 0, IOSB.Status è DWORD 1 e IOSB.Information
è DWORD 2.

Error - 03/06/2013 11.32.09 | Computer Name = PC-MARTI | Source = PerfNet | ID = 2006
Description = Impossibile leggere i dati sulle prestazioni delle code server dal
servizio server. In questo esempio non verranno restituiti dati sulle prestazioni
delle code server. Il codice di errore restituito si trova nei dati DWORD 0, IOSB.Status
è DWORD 1 e IOSB.Information è DWORD 2.

Error - 27/06/2013 12.58.18 | Computer Name = PC-MARTI | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 27/06/2013 12.58.18 | Computer Name = PC-MARTI | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 05/09/2013 15.31.08 | Computer Name = PC-MARTI | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 30/11/2013 13.32.14 | Computer Name = PC-MARTI | Source = WmiAdapter | ID = 4099
Description = Impossibile aprire il servizio.

[ System Events ]
Error - 28/11/2013 15.43.26 | Computer Name = PC-MARTI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.3 dell'indirizzo IP della scheda di rete con indirizzo
E0469AAB20BC è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 30/11/2013 13.32.14 | Computer Name = PC-MARTI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Scheda WMI Performance.

Error - 30/11/2013 13.32.14 | Computer Name = PC-MARTI | Source = Service Control Manager | ID = 7000
Description = Il servizio Scheda WMI Performance non è stato avviato per il seguente
errore: %%1053

Error - 02/12/2013 16.50.43 | Computer Name = PC-MARTI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.4 dell'indirizzo IP della scheda di rete con indirizzo
E0469AAB20BC è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 04/12/2013 6.27.20 | Computer Name = PC-MARTI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.5 dell'indirizzo IP della scheda di rete con indirizzo
E0469AAB20BC è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 06/12/2013 7.10.53 | Computer Name = PC-MARTI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.3 dell'indirizzo IP della scheda di rete con indirizzo
E0469AAB20BC è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 13/12/2013 9.09.43 | Computer Name = PC-MARTI | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.3 dell'indirizzo IP della scheda di rete con indirizzo
E0469AAB20BC è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 18/12/2013 8.49.28 | Computer Name = PC-MARTI | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file ''
sul volume 'HarddiskVolume1'. Il monitoraggio del volume è stato interrotto.


< End of report >
shapiro
Inviato: Monday, December 30, 2013 11:34:06 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Martina lo controllo domani, e' un po' lunghetto

se dovessi riuscire ad eseguire adwcleaner con l'opzione clean ripeti la scansione con otl
martina81
Inviato: Monday, December 30, 2013 11:43:17 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Non ti preoccupare, grazie mille!!!!
martina81
Inviato: Tuesday, December 31, 2013 2:05:12 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Nuovo log hijack dopo installazione SP3:

Log Hijack 2

Mentre mi si blocca di continuo adwcleaner al momento di pulire. Dopo 10 minuti compare sempre la scritta "Non risponde" e non posso far altro che riavviare a mano.
r16
Inviato: Tuesday, December 31, 2013 2:10:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
martina81 ha scritto:


Mentre mi si blocca di continuo adwcleaner al momento di pulire.

Prova usarlo in Modalità provvisoria.
shapiro
Inviato: Tuesday, December 31, 2013 7:48:14 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ora apri otl e copia questo nel box bianco poi premi run fix

allega il log che lascia il programma poi prova a rieseguire adwcleaner

Code:
:OTL
IE - HKLM\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41
IE - HKU\S-1-5-21-682003330-308236825-725345543-1003\..\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}: "URL" = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-188&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0A0A0BtBtD0B0CyEyEyCyBtN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=868339736
Value Found :
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\St
andardProfile\AuthorizedApplications\List [C:\Programmi\TornTV.com\TornTV
Downloader.exe]
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41"
FF - prefs.js..keyword.URL: "http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
[2013/11/16 12.38.15 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Marti\Dati applicazioni\Mozilla\Firefox\Profiles\oit2yuhs.default\searchplugins\WebSearch.xml
CHR - homepage: http://websearch.searchisbestmy.info/?pid=924&r=2013/11/16&hid=4538352337255398200&lg=EN&cc=IT&unqvl=41
2013/11/16 12.38.16 | 000,000,000 | ---D | C] -- C:\Programmi\WebSearch
2012/02/08 19.18.12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
2012/09/21 21.20.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
2013/12/30 20.07.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SUrf aanD okeep
2012/05/26 13.57.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\OfferBox
2012/09/27 17.15.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marti\Dati applicazioni\searchquband
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:3C282BEA
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:72D2E2A0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FDC41D2C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A0FEE87
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:12D2EB9C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5A1A3CC5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D48500F8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2BC498A4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:EEB25EAE

:Files
ipconfig /flushdns /c

:commands
[purity]
[start explorer]
[Reboot]


Disattiva temporaneamente l'antivirus


scarica Junkware Removal Tool
clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt


martina81
Inviato: Wednesday, January 01, 2014 2:46:06 PM

Rank: Member

Iscritto dal : 12/30/2013
Posts: 10
Grazie ancora e auguri! :-) Ha funzionato benissimo ora.

.txt2.txt]Adwcleaner

JRT

shapiro
Inviato: Wednesday, January 01, 2014 5:36:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


Martina esegui anche la procedura che ti ho postato con otl, il pc deve essere pulito del tutto dalle infezioni

Auguri anche a te
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.