Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Svchost use 100% of CPU due to tapisrv.dll [Closed]

Started by pleonipi , Dec 09 2012 05:09 PM

  • Please log in to reply

#1
pleonipi
Posted 09 December 2012 - 05:09 PM

pleonipi

    New Member

  • Member
  • Pip
  • 8 posts
Dear all, from few days I noticed that probably when using Wify, after a bit of time the system dropped down until being unsable. I noticed that one process svchost was taking very high percentage of cpu, I analized the ralated service and discovered that if TAPISRV is set to start manually it hangs up the system. When disabled, everything is ok 100%. I decided to live without "tapisrv", but today I discovered that eg entering telephone numbers into Outlook contacts is disabled in some functionalities when tapisrv is disabled.
W7 64bit prof, Kaspersky, run several antimalware with no result. OTL was run with tapisrv disabled.
Many thanks for your help.
pleonipi

OTL logfile created on: 12/9/2012 11:40:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Programmi originali\Antivirus\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

7.90 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 57.40% Memory free
15.80 Gb Paging File | 11.92 Gb Available in Paging File | 75.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 21.19 Gb Free Space | 7.55% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.14% Space Free | Partition Type: FAT32

Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/09 23:38:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Programmi originali\Antivirus\OTL\OTL.exe
PRC - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/16 18:28:36 | 006,974,360 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2012/07/10 00:42:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2012/05/03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/04/19 16:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/15 01:49:52 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/11/05 16:06:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/07/12 13:59:36 | 000,644,664 | ---- | M] (Netasq) -- C:\Program Files (x86)\Netasq\VPN Client\VpnConf.exe
PRC - [2010/07/12 13:59:32 | 000,193,080 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\Netasq\VPN Client\tgbike.exe
PRC - [2010/02/25 13:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/28 14:15:44 | 000,414,720 | ---- | M] (Bang & Olufsen a/s) -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\BeoTray.exe
PRC - [2010/01/28 14:15:22 | 001,601,024 | ---- | M] (Bang & Olufsen a/s) -- C:\PROGRAM FILES (X86)\BANG & OLUFSEN\BEOPORT\BEONETRADIO.EXE
PRC - [2010/01/28 14:11:24 | 001,119,744 | ---- | M] (Bang & Olufsen a/s) -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\BeoPlayer.exe
PRC - [2009/08/07 16:03:16 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 17:42:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/28 12:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\Windows\SysWOW64\MNSFramework.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/08 12:12:41 | 000,192,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\a9a9928a2adca3ae71f75df862fcf649\Vodafone.Model.Connection.ni.dll
MOD - [2012/12/08 12:12:41 | 000,034,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\73736618f6b64deed594a38c16dc36eb\Vodafone.UpdateManager.ni.dll
MOD - [2012/12/08 12:12:40 | 000,025,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\9efce6da1fcaeb4d5fbd7b26b1886808\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2012/12/08 12:12:39 | 000,876,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\54e548c7965b92b787f3b8a39e443ebf\Vodafone.View.Shared.ni.dll
MOD - [2012/12/08 12:12:38 | 000,606,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\00e1dd9433003239592fe9bbae9f2697\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2012/12/08 12:12:37 | 000,084,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\2d93f40e0396c2d3a912f66a484fa133\Vodafone.Core.Remoting.ni.dll
MOD - [2012/12/08 12:12:37 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d02a34cff230ee279dfa3144e1f8c64c\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2012/12/08 12:12:36 | 000,055,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\d89f1fe9dbc0be036d5e5fb3d9c95a55\Vodafone.TrafficOptimiser.ni.dll
MOD - [2012/12/08 12:12:36 | 000,030,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1741b42a2a3e5ab0da82c6e8d833d428\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2012/12/08 12:12:35 | 000,108,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\45df2d1c2eee18f2f4c1a57fde3e851f\Vodafone.LanWlanManager.ni.dll
MOD - [2012/12/08 12:12:34 | 000,392,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\f93f3618cf9e6c4ddf305de2341d9a51\Vodafone.MbbManagement.ni.dll
MOD - [2012/12/08 12:12:34 | 000,119,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\fd66abb10a27d11b1b3b36ed97388ae0\Interop.Shell32.ni.dll
MOD - [2012/12/08 12:12:34 | 000,081,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.MbnApi\08ca4b39256c8202388ed38b72eb5d7d\Interop.MbnApi.ni.dll
MOD - [2012/12/08 12:12:34 | 000,073,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\13d79e57a582b08294290c19b80809d5\Vodafone.Vpn.ni.dll
MOD - [2012/12/08 12:12:33 | 000,498,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\30436372d4bc95b37c010679ca795419\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2012/12/08 12:12:33 | 000,040,960 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\f8bf1aa3b6ebf2c2886b487e88bbec49\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2012/12/08 12:12:32 | 000,733,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\833ae7c45a65a1e52c4ef2bde93ebb46\Vodafone.WwanWrapper.ni.dll
MOD - [2012/12/08 12:12:32 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\27de387584331d62066dcbd2960614f6\Vodafone.ConnectionServices.ni.dll
MOD - [2012/12/08 12:12:31 | 000,022,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\4d17e1c5b127751092f149deeb4ddac4\Vodafone.Core.Interfaces.ni.dll
MOD - [2012/12/08 12:12:30 | 000,941,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\ca6b6f42956c9e67a0cfe298dae35313\Vodafone.BusinessLogic.ni.dll
MOD - [2012/12/08 12:12:29 | 000,049,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8f888dcf957e4f16a48430eabf88795b\Vodafone.Contracts.Adapter.ni.dll
MOD - [2012/12/08 12:12:29 | 000,047,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\c50d9109f51845cc9648dcfef8a03f03\Common.Logging.ni.dll
MOD - [2012/12/08 12:12:23 | 002,104,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\6a8b065a87f3c79e28e893fabeaecea7\Spring.Core.ni.dll
MOD - [2012/12/08 12:12:21 | 000,042,496 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\26236e7d7c1647368b7a133b6881e17d\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2012/12/08 12:12:19 | 001,304,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\6432f59dd365540d0dc856b667bcb2a1\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2012/12/08 12:12:17 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\d3bd34ae6541592c5ed357516cfb4a68\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2012/12/08 12:12:14 | 011,053,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\510f3dfd800b9ce42b0fe347251b3662\Infragistics2.Win.v9.2.ni.dll
MOD - [2012/12/08 12:12:06 | 000,871,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\ee217dcdf0faa5dd7ebd4fa71511fba5\Infragistics2.Shared.v9.2.ni.dll
MOD - [2012/12/08 12:12:04 | 007,137,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\2e4048a6114523262679e70ac45fed72\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2012/12/08 12:11:55 | 000,100,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\9539d632461da2165bdc9d99178dacf3\Vodafone.Core.Contracts.ni.dll
MOD - [2012/12/08 12:11:55 | 000,036,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\e997615bfbd4fbd465ddb8f448dcc10d\Vodafone.Contracts.Presenter.ni.dll
MOD - [2012/12/08 12:11:55 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1a56a5409ad4032e96121a5f7e45007b\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2012/12/08 12:11:54 | 000,131,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\f91fe68a3519d918c354b72012e4f639\Vodafone.Contracts.Model.ni.dll
MOD - [2012/12/08 12:11:54 | 000,105,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8b5377e783a3667a0f45a49aab213ddd\Vodafone.Contracts.View.ni.dll
MOD - [2012/12/08 12:11:53 | 000,089,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\4a02c139b1eeb68551bf2492ab6ffecd\Vodafone.Base.Internals.ni.dll
MOD - [2012/12/08 12:11:53 | 000,019,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\5d5810af08547afb7ce277e40154497d\Vodafone.Base.Factory.ni.dll
MOD - [2012/12/08 12:11:52 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e603b21d8bf76f2701858a3570b4add0\Vodafone.ConnectionManagement.ni.dll
MOD - [2012/12/08 12:11:52 | 000,093,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\625eb88d6251a680d6de47d38e7b5c05\Vodafone.Contracts.Common.ni.dll
MOD - [2012/12/08 12:11:51 | 000,350,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\0689f2f7becf4af1980c17b0d3268fbc\Vodafone.ReportingManager.ni.dll
MOD - [2012/12/08 12:11:51 | 000,031,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\c5329450983a0f0524ba1346947c0cd3\Vodafone.OutlookConnector.ni.dll
MOD - [2012/12/08 12:11:50 | 000,198,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\48882c5696d7cbd9412a2e4efddb7562\Vodafone.SmsContactManager.ni.dll
MOD - [2012/12/08 12:11:49 | 000,945,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\c70eceb0d58c8326a372494029d1c393\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2012/12/08 12:11:49 | 000,341,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\3fa98d093d3057d94cc8a6dc015b0a0b\Vodafone.CommonDialogs.ni.dll
MOD - [2012/12/08 12:11:47 | 000,080,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\e474254b1c373d62d9231b3972dfdbea\Vodafone.SmsProfileManager.ni.dll
MOD - [2012/12/08 12:11:46 | 000,326,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\26ca62c6f1ce4f83e04694e80fdc42bf\Vodafone.DataAccessor.ni.dll
MOD - [2012/12/08 12:11:46 | 000,056,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\2ee1d8aa52668cf4a67f4780e3461643\Vodafone.SettingsManager.ni.dll
MOD - [2012/12/08 12:11:45 | 002,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\b5e3489915948b4882b7a2fcd9a13236\MobileBroadbandResources.ni.dll
MOD - [2012/12/08 12:11:45 | 000,074,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\53e53f934448b7709a4543ed8dd0fb73\Vodafone.NtServiceMessaging.ni.dll
MOD - [2012/12/08 12:11:44 | 000,321,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\fab132f1bde2028f4dd9a1214c8d6081\Vodafone.Base.Win32.ni.dll
MOD - [2012/12/08 12:11:44 | 000,181,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\e37e2a4b9b3d42691c5d0b0f49ab6b3d\Vodafone.Common.ni.dll
MOD - [2012/12/08 12:11:44 | 000,019,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\c250db605a7689dac41457d8cec48e89\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2012/12/08 12:11:43 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\8ce812ef5fbbb38e7577018c751c9d0d\Vodafone.Data.ni.dll
MOD - [2012/12/08 12:11:43 | 000,158,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\cf14a6cfe5e367d6fdaeeaabc1c7a39a\Vodafone.Base.Contracts.ni.dll
MOD - [2012/12/08 12:11:42 | 001,368,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\795818c30402eff88226d87448b52d99\Vodafone.Platform.ni.dll
MOD - [2012/12/08 12:11:38 | 000,282,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\fbc6872de87fde538a6e1839a4a0f463\MobileBroadband.ni.exe
MOD - [2012/12/08 12:11:38 | 000,094,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\cd6add0e6fd0d86eed95d0f55181fbe8\Vodafone.LogEngine.ni.dll
MOD - [2012/11/17 17:06:20 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 17:05:16 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 15:58:30 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/17 15:58:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 15:58:08 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/17 15:58:08 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/17 15:57:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 15:57:55 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 15:57:33 | 012,503,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2353e2c6a47a65ecfd1b7164e1f058a\System.Windows.Forms.ni.dll
MOD - [2012/11/17 15:57:15 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/17 15:57:14 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/17 15:57:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 15:57:11 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 15:56:56 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 15:56:52 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 15:56:35 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2011/04/19 16:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2010/11/13 01:58:31 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/28 14:15:00 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\TranslationLookup.dll
MOD - [2010/01/28 14:14:48 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\Resources\BeoResource.ENG
MOD - [2009/10/22 23:51:58 | 000,163,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_it_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/29 16:10:06 | 000,300,600 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 18:46:05 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.PTB
MOD - [2009/02/27 18:39:01 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.ita
MOD - [2009/02/27 18:33:02 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.ESP
MOD - [2009/02/27 18:10:53 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.NLD
MOD - [2009/02/27 13:20:55 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/19 20:49:55 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/12 13:59:30 | 000,162,872 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysNative\TgbStarter.exe -- (TgbIke Starter)
SRV:64bit: - [2009/07/30 17:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/29 11:43:32 | 001,841,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 15:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/27 17:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/15 22:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/11/05 18:03:03 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/05 18:02:37 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/16 08:48:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 16:06:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/07 15:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/28 11:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/28 11:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/29 16:10:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\windows\SysWOW64\MNSFramework.exe -- (MNSFramework)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/10 22:38:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/11/05 18:02:39 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/10/31 19:07:12 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/10 00:42:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 16:22:42 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/23 19:31:36 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/18 15:43:26 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2011/04/18 15:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/04/18 15:43:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2011/04/18 15:43:24 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2011/04/05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/12/30 12:19:56 | 000,050,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuqbus.sys -- (GTUQBUS)
DRV:64bit: - [2010/12/30 12:19:56 | 000,025,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtscser.sys -- (GTSCSER)
DRV:64bit: - [2010/12/30 12:19:56 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2010/12/30 12:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010/07/12 13:59:24 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:64bit: - [2010/06/24 14:28:04 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/06/24 14:28:00 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/06/24 14:28:00 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/06/09 10:49:26 | 000,122,424 | ---- | M] (TheGreenBow) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\DfilterVPN.sys -- (TgbIpSec)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/04/07 11:46:56 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
DRV:64bit: - [2010/04/05 10:43:36 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/22 06:39:22 | 000,039,424 | ---- | M] (Bang & Olufsen A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\beopcusb.sys -- (beopcusb)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/29 21:00:52 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/29 14:30:26 | 000,015,392 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009/07/29 14:30:24 | 000,014,880 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009/07/29 14:30:22 | 000,055,840 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009/07/23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 14:45:56 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/23 21:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/15 03:02:00 | 000,044,672 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a38usb.sys -- (ACSSCR)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 06:36:24 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/05/18 22:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/20 17:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2009/04/08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 16:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/09 03:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/03/13 14:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008/03/13 14:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007/07/16 13:32:56 | 000,060,160 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/26 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\leoni_p\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_itFR488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/29 23:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]

[2012/07/16 08:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions
[2011/08/06 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/11/04 04:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Firefox\Profiles\68plkaoc.default\extensions
[2012/11/04 04:59:26 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\firefox\profiles\68plkaoc.default\extensions\[email protected]
[2012/11/18 02:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 12:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/18 20:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/29 23:37:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
File not found (No name found) -- C:\USERS\LEONI_P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68PLKAOC.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012/08/17 22:30:00 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Controllo URL Kaspersky = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Tastiera Virtuale = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Anti-Banner = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/05/31 21:56:22 | 000,000,797 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.0.0.246 exchange.artemide.fr
O2:64bit: - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\Netasq\VPN Client\vpnconf.exe (Netasq)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Beoplayertray] C:\Program Files (x86)\Bang & Olufsen\BeoPort\Beotray.exe (Bang & Olufsen a/s)
O4 - HKLM..\Run: [BEW-INTRANET-FR-30SessionManager] "C:\Program Files (x86)\OrangeBusinessServices\BEW\SessionManager\SessionManager.exe" File not found
O4 - HKLM..\Run: [bit4id store register] C:\windows\SysWow64\bit4cnsp.dll (bit4id srl (http://www.bit4id.com))
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SSLEmptyCache] C:\windows\system32\SSLEmptyCache.exe File not found
O4 - HKCU..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [QMNS] C:\Program Files (x86)\Mobile Net Switch\QMNS.exe (RH Computing)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - Startup: C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync for Outlook.lnk = C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe (IT-Services Thomas Holz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Siti attendibili)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemide.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A1C872-134F-40E9-B388-44DBFFC5FB0D}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7684519B-3552-4A94-8105-26B05F597DBB}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816}: NameServer = 83.224.70.93 83.224.66.134
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell - "" = AutoRun
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell - "" = AutoRun
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/09 14:24:54 | 000,000,000 | ---D | C] -- C:\03dfd92d64c68b3bed2ef39a
[2012/12/09 11:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/12/08 12:12:38 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012/12/08 12:12:37 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2012/12/08 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/12/08 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2012/12/02 22:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/02 22:14:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/02 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Local\SvchostViewer
[2012/12/01 00:47:26 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/11/27 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/17 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\Favorites - Copia
[2012/11/14 09:19:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/10 22:40:52 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Roaming\TrueCrypt
[2012/11/10 22:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/11/10 22:38:35 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\windows\SysNative\drivers\truecrypt.sys
[2012/11/10 22:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/11/11 15:34:12 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[2010/11/05 16:21:58 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010/11/05 16:21:57 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010/11/05 16:21:57 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2010/11/05 16:21:57 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/08 12:15:44 | 001,842,632 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/08 12:15:44 | 000,811,436 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2012/12/08 12:15:44 | 000,715,748 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/08 12:15:44 | 000,173,620 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2012/12/08 12:15:44 | 000,143,124 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/08 12:10:14 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/12/08 12:10:06 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 12:10:05 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 11:52:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/08 11:52:35 | 2069,049,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 01:10:03 | 002,314,792 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/08 01:09:41 | 868,118,156 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/24 16:17:35 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/11/10 22:38:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\windows\SysNative\drivers\truecrypt.sys
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/08 12:10:14 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/11/18 02:45:53 | 000,001,427 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/18 02:45:53 | 000,001,353 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/11/17 16:07:20 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 16:05:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/16 08:58:23 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012/05/25 20:28:06 | 000,075,776 | ---- | C] () -- C:\windows\SysWow64\WS2Fix.exe
[2012/05/25 20:28:05 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\dumphive.exe
[2012/05/25 20:28:05 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\swsc.exe
[2012/05/18 01:26:21 | 000,000,068 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\.directory
[2012/05/18 00:58:16 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/05/18 00:58:16 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\UserTile.png
[2012/05/18 00:58:16 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\GhostObjGAFix.xml
[2012/05/18 00:56:04 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\WebpageIcons.db
[2012/05/18 00:48:04 | 000,002,870 | ---- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/18 00:48:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\.zreglib
[2012/03/18 13:29:45 | 000,000,138 | ---- | C] () -- C:\windows\WININIT.INI
[2012/02/18 21:44:54 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2011/10/23 20:02:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\au3305adc.dll
[2011/10/23 20:02:06 | 000,000,067 | ---- | C] () -- C:\windows\Apollo DVD Copy.INI
[2011/10/23 19:20:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\locked-.zreglib.xfrn
[2011/08/27 21:59:48 | 000,025,600 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/18 14:39:56 | 000,226,364 | ---- | C] () -- C:\ProgramData\locked-DeviceManager.xml.rc4.wsyv
[2011/02/20 11:15:41 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-UserTile.png.lpnu
[2011/02/13 16:26:02 | 000,000,036 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\housecall.guid.cache
[2011/02/06 20:31:39 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-GhostObjGAFix.xml.icpo
[2011/02/06 13:34:23 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\locked-WebpageIcons.db.vsml
[2011/01/22 01:12:53 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Microsoft Excel 97-2003.ADR.dyho
[2011/01/22 01:12:45 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/01/04 12:24:18 | 000,000,075 | ---- | C] () -- C:\windows\winDecrypt.INI
[2010/12/19 21:06:50 | 000,069,185 | ---- | C] () -- C:\windows\SysWow64\bit4cnsp-uninst.exe
[2010/12/19 19:26:38 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/12/18 15:34:14 | 000,000,056 | ---- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\ProgramData\locked-Synth Textures.wpdy
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Sync Services.lpnu
[2010/12/18 15:17:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/18 15:17:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\locked-Textures.xnay
[2010/12/18 14:50:09 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini
[2010/12/18 13:44:57 | 000,010,752 | ---- | C] () -- C:\windows\SysWow64\BASSMOD.dll
[2010/12/18 03:42:18 | 000,015,840 | ---- | C] () -- C:\windows\SysWow64\Machnm1.exe
[2010/11/30 11:30:42 | 000,002,094 | ---- | C] () -- C:\Users\leoni_p\vpn greenBow.tgb
[2010/11/18 11:21:15 | 000,002,870 | ---- | C] () -- C:\ProgramData\locked-ntuser.pol.licg
[2010/11/05 16:21:57 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010/11/05 16:21:57 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/19 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\4Team
[2012/11/04 11:53:32 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\AndrosaSoft
[2010/12/21 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Autodesk
[2012/05/20 00:48:23 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Azureus
[2011/02/13 01:06:03 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Bandoo
[2012/12/09 03:15:21 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\BeoMediaDatabase
[2012/07/17 22:03:28 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Credential Manager
[2012/05/20 00:48:23 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\DAEMON Tools Lite
[2012/05/18 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Dropbox
[2012/11/18 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\DVDVideoSoft
[2012/11/18 11:27:59 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/18 00:58:08 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\ESM-Tools
[2010/12/19 18:50:16 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\EZOutlookSync Pro
[2011/02/22 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\F-Secure
[2012/06/12 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\FileZilla
[2012/05/17 21:15:16 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Fowail
[2010/12/18 01:42:11 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Hulubulu
[2010/11/18 11:23:31 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Infineon
[2012/06/15 00:00:36 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Itsth
[2012/06/08 22:33:48 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\JGsoft
[2012/10/12 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Leadertech
[2010/12/19 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Lombardia Integrata
[2011/05/08 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Nikon
[2012/05/11 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Nokia
[2011/02/28 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Nokia Ovi Suite
[2012/02/24 12:18:55 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Nokia Suite
[2011/11/15 22:33:37 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\PC Suite
[2012/05/16 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Saesak
[2012/05/18 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\searchqutb
[2010/11/18 11:22:21 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\TeamViewer
[2011/08/06 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\TomTom
[2012/11/24 13:03:13 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\TrueCrypt
[2011/05/19 00:33:53 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Vodafone
[2012/09/08 15:47:51 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Winprint HylaFAX Reloaded
[2012/10/12 13:10:00 | 000,000,000 | ---D | M] -- C:\Users\leoni_p\AppData\Roaming\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9FF7C773
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4FF9FD44

< End of report >
  • 0

Advertisements

#2
godawgs
Posted 14 December 2012 - 01:06 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello pleonipi, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

It has been several days since your original post so I would like to see some updated scans.
OTL needs to be run from the desktop so we're gonna remove the program from the Antivirus\OTL folder and download a fresh copy to the desktop.


Step-1.

Please re-open Posted Image.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
This will delete OTL and all the files it created.


Step-2.

Posted Image OTL Custom Scan

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
%systemdrive%*.js
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users and Include 64bit Scans at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. the Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-4.

Run RogueKiller

  • Download RogueKiller.
  • Click the 64bits(x64) link and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • DO Not delete anything at this point.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • Right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The RKreport.txt log
5. The AdwCleaner[R1].txt log
  • 0

#3
pleonipi
Posted 16 December 2012 - 09:10 AM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 12/16/2012 3:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.84% Memory free
15.80 Gb Paging File | 12.72 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 18.05 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32

Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/16 15:47:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2012/07/31 03:19:26 | 000,041,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/16 18:28:36 | 006,974,360 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2012/07/10 00:42:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2012/05/03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/04/19 16:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/09 11:25:06 | 004,346,720 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe
PRC - [2011/01/15 01:49:52 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/15 11:05:10 | 004,019,040 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync\Easy2Sync.exe
PRC - [2010/07/12 13:59:36 | 000,644,664 | ---- | M] (Netasq) -- C:\Program Files (x86)\Netasq\VPN Client\VpnConf.exe
PRC - [2010/07/12 13:59:32 | 000,193,080 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\Netasq\VPN Client\tgbike.exe
PRC - [2010/02/25 13:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/28 14:15:44 | 000,414,720 | ---- | M] (Bang & Olufsen a/s) -- C:\PROGRAM FILES (X86)\BANG & OLUFSEN\BEOPORT\BEOTRAY.EXE
PRC - [2010/01/28 14:11:24 | 001,119,744 | ---- | M] (Bang & Olufsen a/s) -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\BeoPlayer.exe
PRC - [2009/08/07 16:03:16 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 17:42:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/28 12:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\Windows\SysWOW64\MNSFramework.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/08 12:12:41 | 000,192,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\a9a9928a2adca3ae71f75df862fcf649\Vodafone.Model.Connection.ni.dll
MOD - [2012/12/08 12:12:41 | 000,034,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\73736618f6b64deed594a38c16dc36eb\Vodafone.UpdateManager.ni.dll
MOD - [2012/12/08 12:12:40 | 000,025,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\9efce6da1fcaeb4d5fbd7b26b1886808\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2012/12/08 12:12:39 | 000,876,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\54e548c7965b92b787f3b8a39e443ebf\Vodafone.View.Shared.ni.dll
MOD - [2012/12/08 12:12:38 | 000,606,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\00e1dd9433003239592fe9bbae9f2697\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2012/12/08 12:12:37 | 000,084,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\2d93f40e0396c2d3a912f66a484fa133\Vodafone.Core.Remoting.ni.dll
MOD - [2012/12/08 12:12:37 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d02a34cff230ee279dfa3144e1f8c64c\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2012/12/08 12:12:36 | 000,055,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\d89f1fe9dbc0be036d5e5fb3d9c95a55\Vodafone.TrafficOptimiser.ni.dll
MOD - [2012/12/08 12:12:36 | 000,030,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1741b42a2a3e5ab0da82c6e8d833d428\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2012/12/08 12:12:35 | 000,108,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\45df2d1c2eee18f2f4c1a57fde3e851f\Vodafone.LanWlanManager.ni.dll
MOD - [2012/12/08 12:12:34 | 000,392,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\f93f3618cf9e6c4ddf305de2341d9a51\Vodafone.MbbManagement.ni.dll
MOD - [2012/12/08 12:12:34 | 000,119,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\fd66abb10a27d11b1b3b36ed97388ae0\Interop.Shell32.ni.dll
MOD - [2012/12/08 12:12:34 | 000,081,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.MbnApi\08ca4b39256c8202388ed38b72eb5d7d\Interop.MbnApi.ni.dll
MOD - [2012/12/08 12:12:34 | 000,073,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\13d79e57a582b08294290c19b80809d5\Vodafone.Vpn.ni.dll
MOD - [2012/12/08 12:12:33 | 000,498,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\30436372d4bc95b37c010679ca795419\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2012/12/08 12:12:33 | 000,040,960 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\f8bf1aa3b6ebf2c2886b487e88bbec49\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2012/12/08 12:12:32 | 000,733,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\833ae7c45a65a1e52c4ef2bde93ebb46\Vodafone.WwanWrapper.ni.dll
MOD - [2012/12/08 12:12:32 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\27de387584331d62066dcbd2960614f6\Vodafone.ConnectionServices.ni.dll
MOD - [2012/12/08 12:12:31 | 000,022,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\4d17e1c5b127751092f149deeb4ddac4\Vodafone.Core.Interfaces.ni.dll
MOD - [2012/12/08 12:12:30 | 000,941,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\ca6b6f42956c9e67a0cfe298dae35313\Vodafone.BusinessLogic.ni.dll
MOD - [2012/12/08 12:12:29 | 000,049,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8f888dcf957e4f16a48430eabf88795b\Vodafone.Contracts.Adapter.ni.dll
MOD - [2012/12/08 12:12:29 | 000,047,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\c50d9109f51845cc9648dcfef8a03f03\Common.Logging.ni.dll
MOD - [2012/12/08 12:12:23 | 002,104,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\6a8b065a87f3c79e28e893fabeaecea7\Spring.Core.ni.dll
MOD - [2012/12/08 12:12:21 | 000,042,496 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\26236e7d7c1647368b7a133b6881e17d\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2012/12/08 12:12:19 | 001,304,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\6432f59dd365540d0dc856b667bcb2a1\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2012/12/08 12:12:17 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\d3bd34ae6541592c5ed357516cfb4a68\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2012/12/08 12:12:14 | 011,053,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\510f3dfd800b9ce42b0fe347251b3662\Infragistics2.Win.v9.2.ni.dll
MOD - [2012/12/08 12:12:06 | 000,871,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\ee217dcdf0faa5dd7ebd4fa71511fba5\Infragistics2.Shared.v9.2.ni.dll
MOD - [2012/12/08 12:12:04 | 007,137,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\2e4048a6114523262679e70ac45fed72\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2012/12/08 12:11:55 | 000,100,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\9539d632461da2165bdc9d99178dacf3\Vodafone.Core.Contracts.ni.dll
MOD - [2012/12/08 12:11:55 | 000,036,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\e997615bfbd4fbd465ddb8f448dcc10d\Vodafone.Contracts.Presenter.ni.dll
MOD - [2012/12/08 12:11:55 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1a56a5409ad4032e96121a5f7e45007b\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2012/12/08 12:11:54 | 000,131,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\f91fe68a3519d918c354b72012e4f639\Vodafone.Contracts.Model.ni.dll
MOD - [2012/12/08 12:11:54 | 000,105,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8b5377e783a3667a0f45a49aab213ddd\Vodafone.Contracts.View.ni.dll
MOD - [2012/12/08 12:11:53 | 000,089,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\4a02c139b1eeb68551bf2492ab6ffecd\Vodafone.Base.Internals.ni.dll
MOD - [2012/12/08 12:11:53 | 000,019,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\5d5810af08547afb7ce277e40154497d\Vodafone.Base.Factory.ni.dll
MOD - [2012/12/08 12:11:52 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e603b21d8bf76f2701858a3570b4add0\Vodafone.ConnectionManagement.ni.dll
MOD - [2012/12/08 12:11:52 | 000,093,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\625eb88d6251a680d6de47d38e7b5c05\Vodafone.Contracts.Common.ni.dll
MOD - [2012/12/08 12:11:51 | 000,350,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\0689f2f7becf4af1980c17b0d3268fbc\Vodafone.ReportingManager.ni.dll
MOD - [2012/12/08 12:11:51 | 000,031,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\c5329450983a0f0524ba1346947c0cd3\Vodafone.OutlookConnector.ni.dll
MOD - [2012/12/08 12:11:50 | 000,198,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\48882c5696d7cbd9412a2e4efddb7562\Vodafone.SmsContactManager.ni.dll
MOD - [2012/12/08 12:11:49 | 000,945,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\c70eceb0d58c8326a372494029d1c393\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2012/12/08 12:11:49 | 000,341,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\3fa98d093d3057d94cc8a6dc015b0a0b\Vodafone.CommonDialogs.ni.dll
MOD - [2012/12/08 12:11:47 | 000,080,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\e474254b1c373d62d9231b3972dfdbea\Vodafone.SmsProfileManager.ni.dll
MOD - [2012/12/08 12:11:46 | 000,326,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\26ca62c6f1ce4f83e04694e80fdc42bf\Vodafone.DataAccessor.ni.dll
MOD - [2012/12/08 12:11:46 | 000,056,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\2ee1d8aa52668cf4a67f4780e3461643\Vodafone.SettingsManager.ni.dll
MOD - [2012/12/08 12:11:45 | 002,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\b5e3489915948b4882b7a2fcd9a13236\MobileBroadbandResources.ni.dll
MOD - [2012/12/08 12:11:45 | 000,074,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\53e53f934448b7709a4543ed8dd0fb73\Vodafone.NtServiceMessaging.ni.dll
MOD - [2012/12/08 12:11:44 | 000,321,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\fab132f1bde2028f4dd9a1214c8d6081\Vodafone.Base.Win32.ni.dll
MOD - [2012/12/08 12:11:44 | 000,181,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\e37e2a4b9b3d42691c5d0b0f49ab6b3d\Vodafone.Common.ni.dll
MOD - [2012/12/08 12:11:44 | 000,019,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\c250db605a7689dac41457d8cec48e89\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2012/12/08 12:11:43 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\8ce812ef5fbbb38e7577018c751c9d0d\Vodafone.Data.ni.dll
MOD - [2012/12/08 12:11:43 | 000,158,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\cf14a6cfe5e367d6fdaeeaabc1c7a39a\Vodafone.Base.Contracts.ni.dll
MOD - [2012/12/08 12:11:42 | 001,368,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\795818c30402eff88226d87448b52d99\Vodafone.Platform.ni.dll
MOD - [2012/12/08 12:11:38 | 000,282,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\fbc6872de87fde538a6e1839a4a0f463\MobileBroadband.ni.exe
MOD - [2012/12/08 12:11:38 | 000,094,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\cd6add0e6fd0d86eed95d0f55181fbe8\Vodafone.LogEngine.ni.dll
MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/17 17:06:20 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 17:05:16 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 15:58:30 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/17 15:58:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 15:58:08 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/17 15:58:08 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/17 15:57:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 15:57:55 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 15:57:33 | 012,503,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2353e2c6a47a65ecfd1b7164e1f058a\System.Windows.Forms.ni.dll
MOD - [2012/11/17 15:57:15 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/17 15:57:14 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/17 15:57:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 15:57:11 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 15:56:56 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 15:56:52 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 15:56:35 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2011/04/19 16:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2010/11/13 01:58:31 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/28 14:15:00 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\TranslationLookup.dll
MOD - [2010/01/28 14:14:48 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\Resources\BeoResource.ENG
MOD - [2009/10/22 23:51:58 | 000,163,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_it_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/29 16:10:06 | 000,300,600 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 18:46:05 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.PTB
MOD - [2009/02/27 18:39:01 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.ita
MOD - [2009/02/27 18:33:02 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.ESP
MOD - [2009/02/27 18:10:53 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.NLD
MOD - [2009/02/27 13:20:55 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/19 20:49:55 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/12 13:59:30 | 000,162,872 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysNative\TgbStarter.exe -- (TgbIke Starter)
SRV:64bit: - [2009/07/30 17:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/29 11:43:32 | 001,841,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 15:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/27 17:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/15 22:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/11/05 18:03:03 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/05 18:02:37 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/16 08:48:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 16:06:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/07 15:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/28 11:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/28 11:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/29 16:10:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\windows\SysWOW64\MNSFramework.exe -- (MNSFramework)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/10 22:38:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/11/05 18:02:39 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/10/31 19:07:12 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/10 00:42:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 16:22:42 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/23 19:31:36 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/18 15:43:26 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2011/04/18 15:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/04/18 15:43:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2011/04/18 15:43:24 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2011/04/05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/12/30 12:19:56 | 000,050,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuqbus.sys -- (GTUQBUS)
DRV:64bit: - [2010/12/30 12:19:56 | 000,025,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtscser.sys -- (GTSCSER)
DRV:64bit: - [2010/12/30 12:19:56 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2010/12/30 12:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010/07/12 13:59:24 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:64bit: - [2010/06/24 14:28:04 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/06/24 14:28:00 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/06/24 14:28:00 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/06/09 10:49:26 | 000,122,424 | ---- | M] (TheGreenBow) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\DfilterVPN.sys -- (TgbIpSec)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/04/07 11:46:56 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
DRV:64bit: - [2010/04/05 10:43:36 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/22 06:39:22 | 000,039,424 | ---- | M] (Bang & Olufsen A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\beopcusb.sys -- (beopcusb)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/29 21:00:52 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/29 14:30:26 | 000,015,392 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009/07/29 14:30:24 | 000,014,880 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009/07/29 14:30:22 | 000,055,840 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009/07/23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 14:45:56 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/23 21:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/15 03:02:00 | 000,044,672 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a38usb.sys -- (ACSSCR)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 06:36:24 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/05/18 22:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/20 17:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2009/04/08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 16:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/09 03:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/03/13 14:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008/03/13 14:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007/07/16 13:32:56 | 000,060,160 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/26 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2269050


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\leoni_p\Downloads
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.it
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_itFR488
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/29 23:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]

[2012/07/16 08:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions
[2011/08/06 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/11/04 04:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Firefox\Profiles\68plkaoc.default\extensions
[2012/11/04 04:59:26 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\firefox\profiles\68plkaoc.default\extensions\[email protected]
[2012/11/18 02:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 12:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/18 20:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/29 23:37:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
File not found (No name found) -- C:\USERS\LEONI_P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68PLKAOC.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012/08/17 22:30:00 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Controllo URL Kaspersky = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Tastiera Virtuale = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Anti-Banner = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/05/31 21:56:22 | 000,000,797 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.0.0.246 exchange.artemide.fr
O2:64bit: - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\Netasq\VPN Client\vpnconf.exe (Netasq)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Beoplayertray] C:\Program Files (x86)\Bang & Olufsen\BeoPort\Beotray.exe (Bang & Olufsen a/s)
O4 - HKLM..\Run: [BEW-INTRANET-FR-30SessionManager] "C:\Program Files (x86)\OrangeBusinessServices\BEW\SessionManager\SessionManager.exe" File not found
O4 - HKLM..\Run: [bit4id store register] C:\windows\SysWow64\bit4cnsp.dll (bit4id srl (http://www.bit4id.com))
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SSLEmptyCache] C:\windows\system32\SSLEmptyCache.exe File not found
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [QMNS] C:\Program Files (x86)\Mobile Net Switch\QMNS.exe (RH Computing)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync for Outlook.lnk = C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe (IT-Services Thomas Holz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..Trusted Ranges: Range1 ([https] in Siti attendibili)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemide.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A1C872-134F-40E9-B388-44DBFFC5FB0D}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC}: NameServer = 151.99.125.1,172.16.20.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7684519B-3552-4A94-8105-26B05F597DBB}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816}: NameServer = 83.224.66.134 83.224.70.93
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell - "" = AutoRun
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell - "" = AutoRun
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 15:47:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/13 20:48:51 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2012/12/12 21:44:01 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/12 21:44:01 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/12 21:43:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/12 21:43:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/12 21:43:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/12 21:43:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/12 21:43:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/12 21:43:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/12 21:43:46 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/12 21:43:46 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/12 21:43:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/12 21:43:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/12 21:43:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/12 21:43:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/12 21:43:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/12 21:43:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/12 21:43:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/12 21:43:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/12 21:43:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/12 21:43:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/12 21:43:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/12 21:43:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/12 21:43:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/12 21:43:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/12 21:43:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/12 21:43:38 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/12 21:43:38 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/12 21:43:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/12 21:43:38 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/12 21:43:38 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/12 21:43:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/12 21:43:38 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/12 21:43:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/12 21:43:38 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/12 21:43:38 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/12 21:43:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/12 21:43:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/12 21:43:37 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/12 21:43:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/12 11:52:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/12 11:52:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/12 11:52:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/12 11:52:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/12 11:52:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/12 11:52:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/12/12 11:52:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/12/12 11:52:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/12/12 11:52:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/12 11:52:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/12/12 11:52:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/12/12 11:52:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/12/12 11:52:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/12/12 11:52:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/12/12 11:52:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/12/12 11:52:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/12/12 11:52:07 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/12 11:52:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012/12/12 11:50:34 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/12 11:50:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/12 11:50:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/12 11:50:34 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/12 11:50:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/12 11:50:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/12 11:50:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/11 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/09 11:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/12/08 12:12:37 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2012/12/08 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/12/08 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2012/12/02 22:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/02 22:14:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/02 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Local\SvchostViewer
[2012/12/01 00:47:26 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/11/30 14:02:31 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/30 14:02:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/30 14:02:31 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/27 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/17 16:07:18 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 16:07:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/17 16:06:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/17 16:06:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/17 16:06:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/17 16:06:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\Favorites - Copia
[2012/11/17 16:04:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/17 16:04:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/17 16:04:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/17 16:04:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/17 16:04:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/17 16:04:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/17 16:04:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/17 16:04:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/17 16:04:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/17 05:36:06 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2012/11/17 05:36:05 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2012/11/17 05:36:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2012/11/17 05:36:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2012/11/17 05:36:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2012/11/17 05:36:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2012/11/17 05:36:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2012/11/17 05:36:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2012/11/17 05:36:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2012/11/17 05:36:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2012/11/17 05:36:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2012/11/17 05:36:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2012/11/17 05:35:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/17 05:35:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2010/11/11 15:34:12 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[2010/11/05 16:21:58 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010/11/05 16:21:57 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010/11/05 16:21:57 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2010/11/05 16:21:57 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/16 15:49:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:49:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:47:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/16 15:41:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/16 15:41:23 | 2069,049,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/16 14:38:03 | 000,545,819 | ---- | M] () -- C:\Users\leoni_p\Desktop\AdwCleaner.exe
[2012/12/16 14:36:01 | 000,745,984 | ---- | M] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/13 20:51:36 | 002,314,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/12 21:28:50 | 1133,789,870 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/12/08 12:15:44 | 001,842,632 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/08 12:15:44 | 000,811,436 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2012/12/08 12:15:44 | 000,715,748 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/08 12:15:44 | 000,173,620 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2012/12/08 12:15:44 | 000,143,124 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/08 12:10:14 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/11/24 16:17:35 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/16 14:37:52 | 000,545,819 | ---- | C] () -- C:\Users\leoni_p\Desktop\AdwCleaner.exe
[2012/12/16 14:35:55 | 000,745,984 | ---- | C] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/12 21:43:49 | 000,204,105 | ---- | C] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/12 21:43:49 | 000,004,675 | ---- | C] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/12 21:43:45 | 000,004,675 | ---- | C] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/12 21:43:42 | 000,004,148 | ---- | C] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/12 21:43:38 | 000,204,105 | ---- | C] () -- C:\windows\SysNative\winrm.vbs
[2012/12/08 12:10:14 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/11/18 02:45:53 | 000,001,427 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/18 02:45:53 | 000,001,353 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/11/17 16:07:20 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 16:05:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/16 08:58:23 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012/05/18 01:26:21 | 000,000,068 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\.directory
[2012/05/18 00:58:16 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/05/18 00:58:16 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\UserTile.png
[2012/05/18 00:58:16 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\GhostObjGAFix.xml
[2012/05/18 00:56:04 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\WebpageIcons.db
[2012/05/18 00:48:04 | 000,002,870 | ---- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/18 00:48:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\.zreglib
[2012/03/18 13:29:45 | 000,000,138 | ---- | C] () -- C:\windows\WININIT.INI
[2012/02/18 21:44:54 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2011/10/23 20:02:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\au3305adc.dll
[2011/10/23 20:02:06 | 000,000,067 | ---- | C] () -- C:\windows\Apollo DVD Copy.INI
[2011/10/23 19:20:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\locked-.zreglib.xfrn
[2011/08/27 21:59:48 | 000,025,600 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/18 14:39:56 | 000,226,364 | ---- | C] () -- C:\ProgramData\locked-DeviceManager.xml.rc4.wsyv
[2011/02/20 11:15:41 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-UserTile.png.lpnu
[2011/02/13 16:26:02 | 000,000,036 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\housecall.guid.cache
[2011/02/06 20:31:39 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-GhostObjGAFix.xml.icpo
[2011/02/06 13:34:23 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\locked-WebpageIcons.db.vsml
[2011/01/22 01:12:53 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Microsoft Excel 97-2003.ADR.dyho
[2011/01/22 01:12:45 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/01/04 12:24:18 | 000,000,075 | ---- | C] () -- C:\windows\winDecrypt.INI
[2010/12/19 21:06:50 | 000,069,185 | ---- | C] () -- C:\windows\SysWow64\bit4cnsp-uninst.exe
[2010/12/19 19:26:38 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/12/18 15:34:14 | 000,000,056 | ---- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\ProgramData\locked-Synth Textures.wpdy
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Sync Services.lpnu
[2010/12/18 15:17:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/18 15:17:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\locked-Textures.xnay
[2010/12/18 14:50:09 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini
[2010/12/18 13:44:57 | 000,010,752 | ---- | C] () -- C:\windows\SysWow64\BASSMOD.dll
[2010/12/18 03:42:18 | 000,015,840 | ---- | C] () -- C:\windows\SysWow64\Machnm1.exe
[2010/11/30 11:30:42 | 000,002,094 | ---- | C] () -- C:\Users\leoni_p\vpn greenBow.tgb
[2010/11/18 11:21:15 | 000,002,870 | ---- | C] () -- C:\ProgramData\locked-ntuser.pol.licg
[2010/11/05 16:21:57 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010/11/05 16:21:57 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/08/21 14:09:40 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< %systemdrive%*.js >

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/14 02:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/10/22 23:51:55 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\windows\SysNative\it-IT\services.exe.mui
[2009/10/22 23:51:55 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/10/22 23:52:15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\windows\SysNative\it-IT\services.msc
[2009/10/22 23:51:57 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2009/10/22 23:52:15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2009/10/22 23:51:57 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINSOCK.H >
[2010/04/19 19:44:40 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1\Include\WinSock.h

< MD5 for: WSHELPER.DLL >
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< type c:\diskreport.txt /c >
Microsoft DiskPart versione 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
Nel computer LEONI_PORT_HP
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 b Nessun su
Volume 1 D DVD-ROM 0 b Nessun su
Volume 2 G DVD-ROM 0 b Nessun su
Volume 3 SYSTEM NTFS Partizione 300 Mb Integro Sistema
Volume 4 C NTFS Partizione 280 Gb Integro Avvio
Volume 5 HP_RECOVERY NTFS Partizione 15 Gb Integro
Volume 6 E HP_TOOLS FAT32 Partizione 2043 Mb Integro

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9FF7C773
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4FF9FD44

< End of report >
OTL Extras logfile created on: 12/16/2012 3:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.84% Memory free
15.80 Gb Paging File | 12.72 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 18.05 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32

Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0360D148-D14A-4D92-824F-8026A8578FB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A054957-C3F2-413C-8EA1-538B874BB752}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11045C0A-A66D-4EC3-A8C6-F8C033877068}" = lport=500 | protocol=17 | dir=in | name=vpn client phase1 |
"{30ECB22A-E9D8-46FD-B2A3-45A6ECCD21FF}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{36E05EF0-DA64-41D1-9A6E-124FECBD62B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58FF25A5-F82A-4F5C-BF7B-05CC042109E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B1A9EF3-10ED-487B-B89E-D152B17B0652}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CD1B0A0-8005-4B4E-9CB2-70C74789FD3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{641EB505-B286-4431-9F0A-E1A8B4E0D15E}" = rport=445 | protocol=6 | dir=out | app=system |
"{68C22AE8-C158-439D-8558-00B17716BDEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C79E423-92FE-45F3-A15E-87596C6D7C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C9A523E-C8E5-412D-AC9A-BEEB19DBD645}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{6FD9C20B-FC6E-4B4B-A70B-79AF1A021A8E}" = lport=4500 | protocol=17 | dir=in | name=thegreenbow ipsec vpn client phase2 |
"{85F1A541-78E8-4506-950C-D8E1A060FF41}" = lport=500 | protocol=17 | dir=in | name=thegreenbow ipsec vpn client phase1 |
"{92341280-36B8-4EBC-A070-0BF5D4E5E304}" = lport=4500 | protocol=17 | dir=in | name=vpn client phase2 |
"{966D5D43-CF07-41D5-A4B0-70DE00AF4FAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF33B8C3-0636-43D9-954A-2A1676FC01A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B017287D-C740-4F26-98B3-FB64BEEEA194}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5046302-B821-4BDC-A35B-984D13839916}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEF0ECD8-1433-4515-9264-5BDDA3459456}" = lport=139 | protocol=6 | dir=in | app=system |
"{C39F08F8-2364-406D-AEE0-0C3F51422CBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D31B533F-B114-4795-885D-122E6097E357}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8377EA0-07F9-41D3-9495-D2BFC65B6F05}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD8357B0-6812-4C7B-8848-BB0C9BC9339B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC7F00B0-31C7-48A9-B6E9-0E7F22323F4D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC8B63FB-5974-4DF9-B3FA-0C9A8D5D73D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAFA41BF-51A0-42C4-B9FF-DE0A814AE49A}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB6F4553-7FEA-42EC-89FB-BCAA7BC49A3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD952BCD-D12A-42DF-AE69-CBCE30B5C481}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031269A0-31CC-4DB8-816B-FDA3DE97A6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05F414F8-DA24-42E2-9AF6-F83CA28021EF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{0C10FE58-E172-4F83-9DB0-0E48F837013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CF1FD9D-0E7F-4316-B0D2-D625FA7EB7C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{0EC18283-3C50-4C0F-A050-19265FA82502}" = protocol=1 | dir=in | [email protected],-28543 |
"{373E0C58-ED52-4183-82A3-7A37D8C32C45}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{4B308B17-CF7A-478F-983A-DFDD3933926D}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{54FA8C84-4B3F-4BE4-B7A4-49984B23C56E}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{59DED287-5619-4731-BD3F-28DF330440C8}" = protocol=1 | dir=out | [email protected],-28544 |
"{5C7D82A6-D42A-4D5D-B356-379A73BB9471}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DF78FDF-6F65-4137-9724-F954DB17E313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E5479C2-C16B-4AEB-819F-383468C9D66A}" = protocol=58 | dir=out | [email protected],-28546 |
"{673D68FE-5F29-4D4D-8E13-82DDC6300DC5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6A5DD366-CBF6-42C8-AF2E-B55A3C6110A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DA648C8-95B1-457C-8514-D198BB843FCB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{7F6F8805-63DB-4570-87A0-12119C81198A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{85A088E5-1AFD-4DAE-99BE-EAF754A520B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe |
"{97A434F7-4BC1-43FB-877A-077FBC4A8F2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{984FACD7-1D28-4DDF-BEF6-B484461DC7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{B0CEB918-2E15-4BA8-ABE9-3EB8E09BB5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B2BD620E-F48B-4408-911C-B39CECAE091D}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{B3DEB82C-4B65-459A-999C-6CA9F1238C62}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC114EF8-5E23-42FE-80E6-3E13BE203BDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD3FE719-24D6-4ACB-AEA2-15C126312858}" = protocol=58 | dir=in | [email protected],-28545 |
"{C7605574-26FA-461C-AE09-7EC5539E6909}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe |
"{DBCBE589-77B4-4238-ADB3-AB3772659BDD}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{E5F60DB6-D832-453A-AB21-26D7B936B5A6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E68FCD08-8F21-4864-A4A9-A5E58F136F48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA42C3C4-A411-428D-81C7-0F3E64C13E20}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"TCP Query User{0E48D412-2E73-4C3F-B80D-D96B5C4A0242}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"TCP Query User{4E12482C-ECB7-471D-A449-A9FBEEF702DB}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"TCP Query User{74D3486C-F31A-49F9-BBD6-7C1CA5CA2EE6}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"TCP Query User{89141E51-9801-455F-9BB1-316700EAED1C}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"TCP Query User{A0CF513D-23B9-4A9E-8F44-68248B95B321}C:\easy stand alone\esa.exe" = protocol=6 | dir=in | app=c:\easy stand alone\esa.exe |
"TCP Query User{B564937A-A0A0-4574-92E9-57DC68D404C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B6D2ACF4-13D1-4650-8361-903CE6ECB381}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{CFD90F68-E70F-4DC0-9DD1-99D95D4CE780}C:\users\leoni_p\emule\incoming\emule\emule.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\emule\incoming\emule\emule.exe |
"TCP Query User{DB175E3D-360F-46E6-967E-E26D0DA068DB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{DB86935C-3728-4163-AF00-B2871372FD29}C:\easy stand alone\esa.exe" = protocol=6 | dir=in | app=c:\easy stand alone\esa.exe |
"TCP Query User{FED0A250-0E82-4BCB-A23D-3E823393319E}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{FEEA6D38-3C6F-482F-AD6D-060BB5127444}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{0643494D-54D2-4853-B73F-459205981DCF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{132B14D0-A9E3-43F6-8AF7-B1AE0BDF0C29}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{204AA893-4AED-4D47-B0B2-072CDF339F23}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{219848E9-0E19-4B62-A998-CC970E103D93}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"UDP Query User{3128A1A4-CC82-497C-97A3-FF38CA7D99E0}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"UDP Query User{3CB30001-635C-4525-B9E8-172B68CA0AD8}C:\users\leoni_p\emule\incoming\emule\emule.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\emule\incoming\emule\emule.exe |
"UDP Query User{51BD96A2-1AAB-400B-8100-E6A9348AD85C}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"UDP Query User{552785E5-B164-4240-AAED-B8F49A93B6BC}C:\easy stand alone\esa.exe" = protocol=17 | dir=in | app=c:\easy stand alone\esa.exe |
"UDP Query User{7C97B567-4293-4949-B4E5-933E9F962407}C:\easy stand alone\esa.exe" = protocol=17 | dir=in | app=c:\easy stand alone\esa.exe |
"UDP Query User{92A8A85A-62F1-4D92-ABE2-A00B68A3B126}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{A31714D5-7E5D-4BAE-A3BC-B5F0F2AF8AE6}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"UDP Query User{D70AA9B1-C952-4328-9599-D3770DD0A6D8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Servizi di stampa Bonjour
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3A8140B4-D268-4A68-A198-E42A57F20B7A}" = Embedded Security for HP ProtectTools
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-8001-0410-0102-0060B0CE6BBA}" = AutoCAD 2010 - Italiano
"{5783F2D7-8001-0410-1102-0060B0CE6BBA}" = Language Pack di AutoCAD 2010 - Italiano
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5 Language Pack (ITA)
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C0F8FC99-54C8-4532-A5F0-827589F59D10}" = Drive Encryption for HP ProtectTools
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC61E3DE-5E30-3915-AB97-D07BBF185426}" = Microsoft .NET Framework 4.5 ITA Language Pack
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FFD65E82-A6FC-4144-92C2-DEA011249F9C}" = HP 3D DriveGuard
"3CAABDB4D5E19760A561BDB6506A3E8432AE8457" = Pacchetto driver Windows - Das USB (09/20/2010 1.6.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacchetto driver Windows - Nokia Modem (02/25/2011 7.01.0.9)
"A4AF5D1384433F821F1140811A66E5A17D9F8EAF" = Pacchetto driver Windows - Das (WinUSB) USB (2/1/2011 1.2.8)
"AutoCAD 2010 - Italiano" = AutoCAD 2010 - Italiano
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacchetto driver Windows - Nokia Modem (02/25/2011 4.7)
"EPSON Printer and Utilities" = Software per stampante EPSON
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HECI" = Intel® Management Engine Interface
"LSI Soft Modem" = LSI HDA Modem
"MESOL" = Tecnologia Intel® Active Management
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{072D23BC-32E0-4F51-9646-08C816B02FD4}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build )
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{524228C9-826F-4B58-9E47-4F2E5C7E9F45}" = SnagIt 8
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55DC2BEC-E75A-456F-A011-4540F5DE6D90}" = StuffIt Deluxe
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8A48DB0F-2FAE-4E85-BAEB-0E68270E7D73}" = HP User Guides 0104
"{8A7EDC20-073C-4D44-B73C-6ECD14AB6615}" = BeoPort
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_STANDARD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_STANDARD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2B7DE12-A197-416A-B44B-A5A39B169273}" = EASClient
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1040-7D70-BA7E-000000000004}" = Adobe Acrobat 9 Standard - Italiano, Español, Nederlands, Português
"{AC76BA86-1040-7D70-BA7E-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1040-7D70-BA7E-000000000004}{AC76BA86-1040-7D70-BA7E-000000000004}" = Adobe Acrobat 9 Standard - Italiano, Español, Nederlands, Português
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF61282C-B451-4225-99D8-618B377BC0C8}" = Adobe Photoshop CS3
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE282C23-5484-47FF-B2C1-EBEA5C891040}" = Nero 8 Ultra Edition HD
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DD724C-236E-4676-9EEF-4EB323BF76C0}" = HP ESU for Microsoft Windows 7
"{C9601EF7-606D-4873-94BD-8B149D5D1666}" = Mobile Net Switch
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1" = STP Viewer 2.3
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync for Files 1.42
"{EF702442-B623-4B6A-B41D-412584301725}_is1" = Easy2Sync for Outlook 4.04
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F76B2E7F-48CB-49A9-9286-7D0420CBD0A7}" = HP ProtectTools Security Manager
"{F7EC885B-6F58-45B2-9E6A-D4A957EB8333}_is1" = yDGpatch v1.2
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_081686a30873d046090c3ba1d992198" = Adobe Photoshop CS3
"Advanced Renamer_is1" = Advanced Renamer
"AI RoboForm" = AI RoboForm (All Users)
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bit4Id - CSP e PKCS#11 per la CRS Lombardia" = Bit4Id - PdL Cittadino per la CRS di Regione Lombardia - 1.2.13
"conduitEngine" = Conduit Engine
"CRS Manager_is1" = CRS Manager 3.1.3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Directory Lister_is1" = Directory Lister v0.9.1
"DivX Setup" = DivX Setup
"DRIVER ACR38U x64_is1" = DRIVER ACR38U x64
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy2Sync for Outlook" = Easy2Sync for Outlook
"Easy2Sync für Dateien" = Easy2Sync für Dateien
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.5.3
"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.7
"Google Chrome" = Google Chrome
"HP QuickLook 2_is1" = HP QuickLook 2
"InstallShield_{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"InstallShield_{55DC2BEC-E75A-456F-A011-4540F5DE6D90}" = StuffIt Deluxe
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"iPhoneSMSExport" = iPhoneSMSExport
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000
"Nokia PC Suite" = Nokia PC Suite
"Outlook Recovery Toolbox_is1" = Outlook Recovery Toolbox 1.3
"SAPGUI710" = SAP GUI 7.10
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TrueCrypt" = TrueCrypt
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.1
"VPN Client" = VPN Client
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR gestione archivi
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2012 6:03:27 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: splwow64.exe, versione:
6.1.7601.17777, timestamp: 0x4f35fbfe Nome del modulo che ha generato l'errore:
E_GU14LE.DLL, versione: 0.3.0.0, timestamp: 0x42dcb1c6 Codice eccezione: 0xc0000005
Offset
errore 0x000000000000a500 ID processo che ha generato l'errore: 0x888 Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cdd97da96b4ef1 Percorso dell'applicazione
che ha generato l'errore: C:\windows\splwow64.exe Percorso del modulo che ha generato
l'errore: C:\windows\system32\spool\DRIVERS\x64\3\E_GU14LE.DLL ID segnalazione:
eb5c7655-4570-11e2-bada-fe7bff76f6a8

Error - 12/13/2012 6:03:30 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: splwow64.exe, versione:
6.1.7601.17777, timestamp: 0x4f35fbfe Nome del modulo che ha generato l'errore:
E_GU14LE.DLL, versione: 0.3.0.0, timestamp: 0x42dcb1c6 Codice eccezione: 0xc0000005
Offset
errore 0x000000000000a500 ID processo che ha generato l'errore: 0x1018 Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cdd97daf4235cd Percorso dell'applicazione
che ha generato l'errore: C:\windows\splwow64.exe Percorso del modulo che ha generato
l'errore: C:\windows\system32\spool\DRIVERS\x64\3\E_GU14LE.DLL ID segnalazione:
ed0db2b7-4570-11e2-bada-fe7bff76f6a8

Error - 12/14/2012 7:38:00 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842827
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Errore nel
file manifesto o dei criteri "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
riga 2. Non sono consentiti più elementi requestedPrivileges nel manifesto.

Error - 12/14/2012 7:38:34 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Errore nel file manifesto o
dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/14/2012 7:38:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Errore nel file manifesto
o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 12/14/2012 7:38:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Errore nel file manifesto
o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 12/14/2012 4:34:54 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: iexplore.exe, versione:
8.0.7601.17514, timestamp: 0x4ce79912 Nome del modulo che ha generato l'errore:
MSVCR80.dll, versione: 8.0.50727.6195, timestamp: 0x4dcddbf3 Codice eccezione: 0xc000000d
Offset
errore 0x0001e898 ID processo che ha generato l'errore: 0x14d4 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cdda38fa2fba9a Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Internet Explorer\iexplore.exe Percorso del modulo
che ha generato l'errore: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
ID
segnalazione: b70d978a-462d-11e2-bada-fe7bff76f6a8

Error - 12/14/2012 6:03:19 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = VmbService | ID = 0
Description = GetClient

Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15756

Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15756

[ Credential Manager Events ]
Error - 11/6/2012 7:03:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost

Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP

Error - 11/6/2012 7:03:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.

Error - 11/30/2012 8:51:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost

Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP

Error - 11/30/2012 8:51:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.

Error - 11/30/2012 8:51:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost

Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP

Error - 11/30/2012 8:51:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.

Error - 11/30/2012 8:51:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost

Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP

Error - 11/30/2012 8:51:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.

Error - 12/6/2012 3:55:35 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost

Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP

Error - 12/6/2012 3:55:35 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.

[ Hewlett-Packard Events ]
Error - 9/4/2011 10:26:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091104042629.xml
File not created by asset agent

Error - 9/11/2011 10:47:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091111044731.xml
File not created by asset agent

Error - 9/25/2011 10:03:22 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091125040319.xml
File not created by asset agent

Error - 10/2/2011 10:31:24 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101102043120.xml
File not created by asset agent

Error - 10/2/2011 10:31:27 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101102043124.xml
File not created by asset agent

Error - 10/9/2011 6:05:21 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =

Error - 11/6/2011 11:10:54 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Oggetto '/023a7995_310c_4c6c_8e56_ee935342039e/kuwsape2d+kkot6lj_pum9xq_5.rem'
disconnesso o non esistente sul server. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
it-IT RAM: 8092 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 5/20/2012 4:30:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 in System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) in System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) in System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) in System.Activator.CreateInstance(Type
type, Boolean nonPublic) in HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
in System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

in System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

in System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) in System.Activator.CreateInstance(Type type, Boolean nonPublic)

in HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: it-IT RAM: 8092 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 10/8/2012 2:39:53 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =

Error - 11/8/2012 5:32:21 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 9/16/2012 10:13:22 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 04:13:22 - Errore di connessione a Internet. 04:13:22 - Impossibile
contattare il server..

Error - 9/16/2012 10:14:10 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 04:14:09 - Errore di connessione a Internet. 04:14:09 - Impossibile
contattare il server..

Error - 9/16/2012 11:17:35 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 05:17:35 - Errore di connessione a Internet. 05:17:35 - Impossibile
contattare il server..

Error - 9/16/2012 11:18:23 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 05:18:22 - Errore di connessione a Internet. 05:18:22 - Impossibile
contattare il server..

Error - 9/17/2012 12:19:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:19:31 - Errore di connessione a Internet. 06:19:31 - Impossibile
contattare il server..

Error - 9/17/2012 12:20:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:20:18 - Errore di connessione a Internet. 06:20:18 - Impossibile
contattare il server..

Error - 9/18/2012 2:49:28 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 08:49:28 - Errore di connessione a Internet. 08:49:28 - Impossibile
contattare il server..

Error - 9/18/2012 2:50:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 08:49:57 - Errore di connessione a Internet. 08:49:57 - Impossibile
contattare il server..

Error - 9/28/2012 12:49:46 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:49:44 - Errore di connessione a Internet. 06:49:46 - Impossibile
contattare il server..

Error - 9/28/2012 12:50:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:49:59 - Errore di connessione a Internet. 06:49:59 - Impossibile
contattare il server..

[ OSession Events ]
Error - 3/7/2011 7:24:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1610
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/14/2011 11:45:55 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1585
seconds with 660 seconds of active time. This session ended with a crash.

Error - 4/27/2011 2:12:54 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/6/2011 2:59:15 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/14/2011 12:47:48 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3702
seconds with 2580 seconds of active time. This session ended with a crash.

Error - 5/14/2011 12:49:18 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/14/2011 4:24:42 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/4/2011 8:01:49 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 944
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/24/2012 7:49:05 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/18/2012 10:24:59 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 694
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/16/2012 10:41:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7000
Description = Il servizio HP ProtectTools Service non è stato avviato per il seguente
errore: %%1006

Error - 12/16/2012 10:41:59 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: SBRE

Error - 12/16/2012 10:42:49 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Elaborazione dei Criteri di gruppo non riuscita a causa di problemi
di connettività con un controller di dominio. Il problema potrebbe essere transitorio.
Se il computer si connette al controller di dominio e i Criteri di gruppo vengono
elaborati correttamente, verrà generato un messaggio di operazione riuscita. Se
dopo alcune ore tale messaggio non viene visualizzato, contattare l'amministratore.

Error - 12/16/2012 10:43:14 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 10:43:22 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058

Error - 12/16/2012 11:02:03 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-16 16:05:20
-----------------------------
16:05:20.994 OS Version: Windows x64 6.1.7601 Service Pack 1
16:05:20.994 Number of processors: 2 586 0x170A
16:05:20.994 ComputerName: LEONI_PORT_HP UserName: leoni_p
16:05:24.201 Initialize success
16:05:35.749 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:35.764 Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
16:05:35.764 Disk 0 MBR read successfully
16:05:35.780 Disk 0 MBR scan
16:05:35.780 Disk 0 Windows VISTA default MBR code
16:05:35.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:05:35.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287535 MB offset 616448
16:05:35.842 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589488128
16:05:35.858 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620945408
16:05:35.905 Disk 0 scanning C:\windows\system32\drivers
16:05:47.932 Service scanning
16:05:57.589 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
16:05:57.682 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
16:05:57.776 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
16:05:57.838 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:06:04.796 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
16:06:06.574 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
16:06:12.268 Modules scanning
16:06:12.284 Disk 0 trace - called modules:
16:06:12.299 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys sptd.sys hal.dll
16:06:12.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da5060]
16:06:12.315 3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa8007da4b10]
16:06:12.331 5 hpdskflt.sys[fffff88002d9f189] -> nt!IofCallDriver -> [0xfffffa8007b3fa40]
16:06:12.331 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007aea050]
16:06:12.377 Scan finished successfully
16:06:19.180 Disk 0 MBR has been saved successfully to "C:\Users\leoni_p\Desktop\MBR.dat"
16:06:19.180 The log file has been saved successfully to "C:\Users\leoni_p\Desktop\aswMBR.txt"


RogueKiller V8.4.0 _x64_ [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leoni_p [Admin rights]
Mode : Scan -- Date : 12/16/2012 16:08:15

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\Run : bit4id store register (RUNDLL32.EXE "C:\windows\system32\bit4cnsp.dll",RegisterMyPhysicalStore) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer) -> FOUND
[TASK][SUSP PATH] {1BEF4976-5F41-4C71-AD84-30479BF507C8} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {74F6F1F7-5A87-41CA-B5F2-EACA4136175B} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {9F6A86DE-25CF-442F-9049-6E5A887D4E10} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {B6B0549B-32DF-43F0-8EC5-04EF5184F500} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {C12F22FB-2496-484A-9020-40E64D4CBC12} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\2 Autocad 2004 -ITA + crack\setup.exe -> FOUND
[TASK][SUSP PATH] {C2CA03EE-1B85-4187-B7DC-DBCE0658A8DB} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {FA4B9978-3E0F-4919-821D-1D494EA1EABE} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
192.0.0.246 exchange.artemide.fr


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 13252fa7ec72350d38f2cca8a39c283e
[BSP] 21193f1c641b991d49956de9b5ef4a96 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 287535 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589488128 | Size: 15360 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620945408 | Size: 2043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12162012_02d1608.txt >>
RKreport[1]_S_12162012_02d1608.txt



# AdwCleaner v2.100 - Logfile creato il 16/12/2012 alle 16:09:08
# Aggiornamento 09/12/2012 by Xplode
# Sistema Operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Utente : leoni_p - LEONI_PORT_HP
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\leoni_p\Desktop\AdwCleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\Program Files (x86)\Conduit
Cartella Trovato : C:\Program Files (x86)\ConduitEngine
Cartella Trovato : C:\Program Files (x86)\DVDVideoSoftTB
Cartella Trovato : C:\Program Files (x86)\Fun4IM
Cartella Trovato : C:\Program Files (x86)\Windows Searchqu Toolbar
Cartella Trovato : C:\ProgramData\Anti-phishing Domain Advisor
Cartella Trovato : C:\ProgramData\blekko toolbars
Cartella Trovato : C:\ProgramData\Fun4IM
Cartella Trovato : C:\Users\leoni_p\AppData\Local\Conduit
Cartella Trovato : C:\Users\leoni_p\AppData\Local\ConduitEngine
Cartella Trovato : C:\Users\leoni_p\AppData\Local\Ilivid Player
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\Bandoo
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\boost_interprocess
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\Conduit
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\ConduitEngine
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\DVDVideoSoftTB
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\PriceGong
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\searchquband
Cartella Trovato : C:\Users\leoni_p\AppData\Roaming\Bandoo
Cartella Trovato : C:\Users\leoni_p\AppData\Roaming\SearchquTB
File Trovato : C:\windows\SysWOW64\conduitEngine.tmp

***** [Registro] *****

Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Trovata : HKCU\Software\AppDataLow\Software\conduitEngine
Chiave Trovata : HKCU\Software\AppDataLow\Software\conduitEngine
Chiave Trovata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Trovata : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Chiave Trovata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Trovata : HKCU\Software\AppDataLow\Software\searchqutb
Chiave Trovata : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Trovata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Trovata : HKCU\Software\AppDataLow\Toolbar
Chiave Trovata : HKCU\Software\Conduit
Chiave Trovata : HKCU\Software\conduitEngine
Chiave Trovata : HKCU\Software\conduitEngine
Chiave Trovata : HKCU\Software\DataMngr
Chiave Trovata : HKCU\Software\ilivid
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA5CD43D-446D-42A9-906E-3CACEDB3423F}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Trovata : HKLM\Software\Bandoo
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Chiave Trovata : HKLM\Software\Conduit
Chiave Trovata : HKLM\Software\conduitEngine
Chiave Trovata : HKLM\Software\conduitEngine
Chiave Trovata : HKLM\Software\DVDVideoSoftTB
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{64403F3A-10DD-4636-BD0B-416DB974EDAD}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64403F3A-10DD-4636-BD0B-416DB974EDAD}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA5CD43D-446D-42A9-906E-3CACEDB3423F}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14923BF3-A4CB-4428-B09A-93D7813E0F1E}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DF1DED9-B34B-4243-A511-987BDEA7AAD5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36F2C62A-B838-4BF0-95AF-D2036A8A0C36}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Trovata : HKLM\SOFTWARE\DataMngr
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registro Pulito.

-\\ Mozilla Firefox v [Impossibile rilevare la versione]

Nome Profilo : default
File : C:\Users\leoni_p\AppData\Roaming\Mozilla\Firefox\Profiles\68plkaoc.default\prefs.js

Trovata : user_pref("browser.search.defaultenginename", "Blekko");
Trovata : user_pref("browser.search.order.1", "Blekko");
Trovata : user_pref("browser.search.selectedEngine", "Blekko");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [14024 octets] - [16/12/2012 15:23:47]
AdwCleaner[R2].txt - [13988 octets] - [16/12/2012 16:09:08]

########## EOF - C:\AdwCleaner[R2].txt - [14049 octets] ##########
  • 0

#4
pleonipi
Posted 16 December 2012 - 09:13 AM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Many thanks for your help godawgs, I hope to have been able to set the alert when you answer me. I'll be abroad and try to check the amial regularly.
Many thanks
pleonipi
  • 0

#5
godawgs
Posted 16 December 2012 - 01:18 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Many thanks for your help godawgs,

You're welcome.

I hope to have been able to set the alert when you answer me.

I put a link in my original post telling you how to have the board notify you when the topic is replied to.

This is the first problem we need to work on:

From the OTL header:

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 18.05 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32


Hard-Drive Free Space Advice:

6.43% free space.

This is considered dangerously low. You are approaching the point where Windows won't be able to load. The fixes we will run requires enough overhead (free space) to move the information around on the hard drive, and I'm afaraid that the fixes may not run properly with such low free space.

A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise you to uninstall some software you do not need and / or move any documents/files/pictures/music files, etc to a form of removable media. This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.


Step-1.

Download the following program and run it to clear out the temp files.

Clear Cache/TempFiles
Posted Image Download TFC by OldTimer to your desktop
  • Please right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to several minutes. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
When you have gotten the free space at least to 15%, let me know and we will continue.
  • 0

#6
pleonipi
Posted 17 December 2012 - 02:50 PM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good morning goodawgs, now free space is 25%. Let me know how I can continue. Please remind that during all tests tapisrv was always disabled, otherwise the system will slow down in a few minutes.
BR and many thanks
pleonipi
  • 0

#7
godawgs
Posted 18 December 2012 - 03:39 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Many thanks for your help godawgs

You are welcome.

There are a lot of nasties on your computer.

You have the following Peer-to-Peer program(s) installed:

eMule

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.


Step-1.

Malicious program uninstalls and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Conduit Engine
eMule

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\program files (x86)\emule
C:\users\leoni_p\emule\incoming\emule

2. Close Windows Explorer.


Step-2.

Run RogueKiller

  • Quit all programs and close all browsers.
  • Double click the RogueKiller.exe. file to run the program.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2269050
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
O2 - BHO: (no name) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell - "" = AutoRun
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell - "" = AutoRun
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Get me a new OTL scan please. The directions have changed so there won't be a Extras.txt log generated with this scan.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
SSLEmptyCache.exe
/md5stop


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users and Include 64bit Scans at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreports.txt logs
2. The OTL fixes log
3. The new OTL.txt log
4. The FSS.txt log
5. How is the computer running now?
  • 0

#8
godawgs
Posted 22 December 2012 - 10:19 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
godawgs
Posted 22 December 2012 - 05:03 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#10
pleonipi
Posted 23 December 2012 - 12:28 PM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
RogueKiller V8.4.0 _x64_ [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leoni_p [Admin rights]
Mode : Scan -- Date : 12/23/2012 18:31:58

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\Run : bit4id store register (RUNDLL32.EXE "C:\windows\system32\bit4cnsp.dll",RegisterMyPhysicalStore) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer) -> FOUND
[TASK][SUSP PATH] {1BEF4976-5F41-4C71-AD84-30479BF507C8} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {74F6F1F7-5A87-41CA-B5F2-EACA4136175B} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {9F6A86DE-25CF-442F-9049-6E5A887D4E10} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {B6B0549B-32DF-43F0-8EC5-04EF5184F500} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {C12F22FB-2496-484A-9020-40E64D4CBC12} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\2 Autocad 2004 -ITA + crack\setup.exe -> FOUND
[TASK][SUSP PATH] {C2CA03EE-1B85-4187-B7DC-DBCE0658A8DB} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {FA4B9978-3E0F-4919-821D-1D494EA1EABE} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (192.0.0.248,151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (192.0.0.248,151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
192.0.0.246 exchange.artemide.fr


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 13252fa7ec72350d38f2cca8a39c283e
[BSP] 21193f1c641b991d49956de9b5ef4a96 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 287535 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589488128 | Size: 15360 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620945408 | Size: 2043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12232012_02d1831.txt >>
RKreport[1]_S_12232012_02d1831.txt



RogueKiller V8.4.0 _x64_ [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leoni_p [Admin rights]
Mode : Remove -- Date : 12/23/2012 18:32:47

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\Run : bit4id store register (RUNDLL32.EXE "C:\windows\system32\bit4cnsp.dll",RegisterMyPhysicalStore) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer) -> DELETED
[TASK][SUSP PATH] {1BEF4976-5F41-4C71-AD84-30479BF507C8} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> DELETED
[TASK][SUSP PATH] {74F6F1F7-5A87-41CA-B5F2-EACA4136175B} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> DELETED
[TASK][SUSP PATH] {9F6A86DE-25CF-442F-9049-6E5A887D4E10} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> DELETED
[TASK][SUSP PATH] {B6B0549B-32DF-43F0-8EC5-04EF5184F500} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> DELETED
[TASK][SUSP PATH] {C12F22FB-2496-484A-9020-40E64D4CBC12} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\2 Autocad 2004 -ITA + crack\setup.exe -> DELETED
[TASK][SUSP PATH] {C2CA03EE-1B85-4187-B7DC-DBCE0658A8DB} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> DELETED
[TASK][SUSP PATH] {FA4B9978-3E0F-4919-821D-1D494EA1EABE} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (192.0.0.248,151.99.125.1,172.16.20.15) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (192.0.0.248,151.99.125.1,172.16.20.15) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
192.0.0.246 exchange.artemide.fr


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 13252fa7ec72350d38f2cca8a39c283e
[BSP] 21193f1c641b991d49956de9b5ef4a96 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 287535 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589488128 | Size: 15360 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620945408 | Size: 2043 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12232012_02d1832.txt >>
RKreport[1]_S_12232012_02d1831.txt ; RKreport[2]_D_12232012_02d1832.txt



RogueKiller V8.4.0 _x64_ [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leoni_p [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/23/2012 18:36:55

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 62 / Fail 0
Start menu: Success 5 / Fail 0
User folder: Success 247 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 1 / Fail 0
My music: Success 20 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 98 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom1 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\CdRom2 -- 0x5 --> Skipped
[Z:] \Device\LanmanRedirector\;Z:0000000000097ef2\IMACPAOLA\CARTELLA PUBBLICA DI PAOLO LEONI -- 0x4 --> Skipped

Finished : << RKreport[3]_SC_12232012_02d1836.txt >>
RKreport[1]_S_12232012_02d1831.txt ; RKreport[2]_D_12232012_02d1832.txt ; RKreport[3]_SC_12232012_02d1836.txt



OTL logfile created on: 12/23/2012 6:48:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd

7.90 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.94% Memory free
15.80 Gb Paging File | 12.64 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 56.24 Gb Free Space | 20.03% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32
Drive Z: | 465.44 Gb Total Space | 32.89 Gb Free Space | 7.07% Space Free | Partition Type: NTFS

Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/23 18:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/16 18:28:36 | 006,974,360 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2012/07/10 00:42:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/04/19 16:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/09 11:25:06 | 004,346,720 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe
PRC - [2011/01/15 01:49:52 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/15 11:05:10 | 004,019,040 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync\Easy2Sync.exe
PRC - [2010/07/12 13:59:36 | 000,644,664 | ---- | M] (Netasq) -- C:\Program Files (x86)\Netasq\VPN Client\VpnConf.exe
PRC - [2010/07/12 13:59:32 | 000,193,080 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\Netasq\VPN Client\tgbike.exe
PRC - [2010/02/25 13:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/28 14:15:44 | 000,414,720 | ---- | M] (Bang & Olufsen a/s) -- C:\PROGRAM FILES (X86)\BANG & OLUFSEN\BEOPLAYER\BEOTRAY.EXE
PRC - [2010/01/28 14:11:24 | 001,119,744 | ---- | M] (Bang & Olufsen a/s) -- C:\Program Files (x86)\Bang & Olufsen\BeoPlayer\BeoPlayer.exe
PRC - [2009/08/07 16:03:16 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 17:42:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/28 12:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\Windows\SysWOW64\MNSFramework.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/08 12:12:41 | 000,192,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\a9a9928a2adca3ae71f75df862fcf649\Vodafone.Model.Connection.ni.dll
MOD - [2012/12/08 12:12:41 | 000,034,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\73736618f6b64deed594a38c16dc36eb\Vodafone.UpdateManager.ni.dll
MOD - [2012/12/08 12:12:40 | 000,025,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\9efce6da1fcaeb4d5fbd7b26b1886808\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2012/12/08 12:12:39 | 000,876,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\54e548c7965b92b787f3b8a39e443ebf\Vodafone.View.Shared.ni.dll
MOD - [2012/12/08 12:12:38 | 000,606,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\00e1dd9433003239592fe9bbae9f2697\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2012/12/08 12:12:37 | 000,084,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\2d93f40e0396c2d3a912f66a484fa133\Vodafone.Core.Remoting.ni.dll
MOD - [2012/12/08 12:12:37 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d02a34cff230ee279dfa3144e1f8c64c\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2012/12/08 12:12:36 | 000,055,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\d89f1fe9dbc0be036d5e5fb3d9c95a55\Vodafone.TrafficOptimiser.ni.dll
MOD - [2012/12/08 12:12:36 | 000,030,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1741b42a2a3e5ab0da82c6e8d833d428\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2012/12/08 12:12:35 | 000,108,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\45df2d1c2eee18f2f4c1a57fde3e851f\Vodafone.LanWlanManager.ni.dll
MOD - [2012/12/08 12:12:34 | 000,392,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\f93f3618cf9e6c4ddf305de2341d9a51\Vodafone.MbbManagement.ni.dll
MOD - [2012/12/08 12:12:34 | 000,119,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\fd66abb10a27d11b1b3b36ed97388ae0\Interop.Shell32.ni.dll
MOD - [2012/12/08 12:12:34 | 000,081,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.MbnApi\08ca4b39256c8202388ed38b72eb5d7d\Interop.MbnApi.ni.dll
MOD - [2012/12/08 12:12:34 | 000,073,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\13d79e57a582b08294290c19b80809d5\Vodafone.Vpn.ni.dll
MOD - [2012/12/08 12:12:33 | 000,498,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\30436372d4bc95b37c010679ca795419\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2012/12/08 12:12:33 | 000,040,960 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\f8bf1aa3b6ebf2c2886b487e88bbec49\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2012/12/08 12:12:32 | 000,733,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\833ae7c45a65a1e52c4ef2bde93ebb46\Vodafone.WwanWrapper.ni.dll
MOD - [2012/12/08 12:12:32 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\27de387584331d62066dcbd2960614f6\Vodafone.ConnectionServices.ni.dll
MOD - [2012/12/08 12:12:31 | 000,022,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\4d17e1c5b127751092f149deeb4ddac4\Vodafone.Core.Interfaces.ni.dll
MOD - [2012/12/08 12:12:30 | 000,941,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\ca6b6f42956c9e67a0cfe298dae35313\Vodafone.BusinessLogic.ni.dll
MOD - [2012/12/08 12:12:29 | 000,049,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8f888dcf957e4f16a48430eabf88795b\Vodafone.Contracts.Adapter.ni.dll
MOD - [2012/12/08 12:12:29 | 000,047,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\c50d9109f51845cc9648dcfef8a03f03\Common.Logging.ni.dll
MOD - [2012/12/08 12:12:23 | 002,104,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\6a8b065a87f3c79e28e893fabeaecea7\Spring.Core.ni.dll
MOD - [2012/12/08 12:12:21 | 000,042,496 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\26236e7d7c1647368b7a133b6881e17d\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2012/12/08 12:12:19 | 001,304,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\6432f59dd365540d0dc856b667bcb2a1\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2012/12/08 12:12:17 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\d3bd34ae6541592c5ed357516cfb4a68\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2012/12/08 12:12:14 | 011,053,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\510f3dfd800b9ce42b0fe347251b3662\Infragistics2.Win.v9.2.ni.dll
MOD - [2012/12/08 12:12:06 | 000,871,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\ee217dcdf0faa5dd7ebd4fa71511fba5\Infragistics2.Shared.v9.2.ni.dll
MOD - [2012/12/08 12:12:04 | 007,137,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\2e4048a6114523262679e70ac45fed72\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2012/12/08 12:11:55 | 000,100,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\9539d632461da2165bdc9d99178dacf3\Vodafone.Core.Contracts.ni.dll
MOD - [2012/12/08 12:11:55 | 000,036,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\e997615bfbd4fbd465ddb8f448dcc10d\Vodafone.Contracts.Presenter.ni.dll
MOD - [2012/12/08 12:11:55 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1a56a5409ad4032e96121a5f7e45007b\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2012/12/08 12:11:54 | 000,131,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\f91fe68a3519d918c354b72012e4f639\Vodafone.Contracts.Model.ni.dll
MOD - [2012/12/08 12:11:54 | 000,105,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8b5377e783a3667a0f45a49aab213ddd\Vodafone.Contracts.View.ni.dll
MOD - [2012/12/08 12:11:53 | 000,089,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\4a02c139b1eeb68551bf2492ab6ffecd\Vodafone.Base.Internals.ni.dll
MOD - [2012/12/08 12:11:53 | 000,019,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\5d5810af08547afb7ce277e40154497d\Vodafone.Base.Factory.ni.dll
MOD - [2012/12/08 12:11:52 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e603b21d8bf76f2701858a3570b4add0\Vodafone.ConnectionManagement.ni.dll
MOD - [2012/12/08 12:11:52 | 000,093,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\625eb88d6251a680d6de47d38e7b5c05\Vodafone.Contracts.Common.ni.dll
MOD - [2012/12/08 12:11:51 | 000,350,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\0689f2f7becf4af1980c17b0d3268fbc\Vodafone.ReportingManager.ni.dll
MOD - [2012/12/08 12:11:51 | 000,031,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\c5329450983a0f0524ba1346947c0cd3\Vodafone.OutlookConnector.ni.dll
MOD - [2012/12/08 12:11:50 | 000,198,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\48882c5696d7cbd9412a2e4efddb7562\Vodafone.SmsContactManager.ni.dll
MOD - [2012/12/08 12:11:49 | 000,945,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\c70eceb0d58c8326a372494029d1c393\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2012/12/08 12:11:49 | 000,341,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\3fa98d093d3057d94cc8a6dc015b0a0b\Vodafone.CommonDialogs.ni.dll
MOD - [2012/12/08 12:11:47 | 000,080,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\e474254b1c373d62d9231b3972dfdbea\Vodafone.SmsProfileManager.ni.dll
MOD - [2012/12/08 12:11:46 | 000,326,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\26ca62c6f1ce4f83e04694e80fdc42bf\Vodafone.DataAccessor.ni.dll
MOD - [2012/12/08 12:11:46 | 000,056,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\2ee1d8aa52668cf4a67f4780e3461643\Vodafone.SettingsManager.ni.dll
MOD - [2012/12/08 12:11:45 | 002,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\b5e3489915948b4882b7a2fcd9a13236\MobileBroadbandResources.ni.dll
MOD - [2012/12/08 12:11:45 | 000,074,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\53e53f934448b7709a4543ed8dd0fb73\Vodafone.NtServiceMessaging.ni.dll
MOD - [2012/12/08 12:11:44 | 000,321,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\fab132f1bde2028f4dd9a1214c8d6081\Vodafone.Base.Win32.ni.dll
MOD - [2012/12/08 12:11:44 | 000,181,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\e37e2a4b9b3d42691c5d0b0f49ab6b3d\Vodafone.Common.ni.dll
MOD - [2012/12/08 12:11:44 | 000,019,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\c250db605a7689dac41457d8cec48e89\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2012/12/08 12:11:43 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\8ce812ef5fbbb38e7577018c751c9d0d\Vodafone.Data.ni.dll
MOD - [2012/12/08 12:11:43 | 000,158,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\cf14a6cfe5e367d6fdaeeaabc1c7a39a\Vodafone.Base.Contracts.ni.dll
MOD - [2012/12/08 12:11:42 | 001,368,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\795818c30402eff88226d87448b52d99\Vodafone.Platform.ni.dll
MOD - [2012/12/08 12:11:38 | 000,282,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\fbc6872de87fde538a6e1839a4a0f463\MobileBroadband.ni.exe
MOD - [2012/12/08 12:11:38 | 000,094,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\cd6add0e6fd0d86eed95d0f55181fbe8\Vodafone.LogEngine.ni.dll
MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/17 17:06:20 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 17:05:16 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 15:58:30 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/17 15:58:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 15:58:08 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/17 15:58:08 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/17 15:57:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 15:57:55 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 15:57:33 | 012,503,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2353e2c6a47a65ecfd1b7164e1f058a\System.Windows.Forms.ni.dll
MOD - [2012/11/17 15:57:15 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/17 15:57:14 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/17 15:57:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 15:57:11 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 15:56:56 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 15:56:52 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 15:56:35 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/07/30 13:43:19 | 002,666,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2011/04/19 16:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2010/11/13 01:58:31 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/28 14:15:00 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPlayer\TranslationLookup.dll
MOD - [2010/01/28 14:14:48 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPlayer\Resources\BeoResource.ENG
MOD - [2009/10/22 23:51:58 | 000,163,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_it_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/29 16:10:06 | 000,300,600 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 18:46:05 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.PTB
MOD - [2009/02/27 18:40:00 | 001,433,600 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.ITA
MOD - [2009/02/27 18:39:01 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.ita
MOD - [2009/02/27 18:33:02 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.ESP
MOD - [2009/02/27 18:10:53 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.NLD
MOD - [2009/02/27 13:20:55 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/19 20:49:55 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/12 13:59:30 | 000,162,872 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysNative\TgbStarter.exe -- (TgbIke Starter)
SRV:64bit: - [2009/07/30 17:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/29 11:43:32 | 001,841,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 15:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/27 17:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/15 22:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/11/05 18:03:03 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/05 18:02:37 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/16 08:48:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 16:06:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/07 15:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/28 11:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/28 11:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/29 16:10:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\windows\SysWOW64\MNSFramework.exe -- (MNSFramework)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/10 22:38:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/11/05 18:02:39 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/10/31 19:07:12 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/10 00:42:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 16:22:42 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/23 19:31:36 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/18 15:43:26 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2011/04/18 15:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/04/18 15:43:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2011/04/18 15:43:24 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2011/04/05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/12/30 12:19:56 | 000,050,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuqbus.sys -- (GTUQBUS)
DRV:64bit: - [2010/12/30 12:19:56 | 000,025,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtscser.sys -- (GTSCSER)
DRV:64bit: - [2010/12/30 12:19:56 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2010/12/30 12:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010/07/12 13:59:24 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:64bit: - [2010/06/24 14:28:04 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/06/24 14:28:00 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/06/24 14:28:00 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/06/09 10:49:26 | 000,122,424 | ---- | M] (TheGreenBow) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\DfilterVPN.sys -- (TgbIpSec)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/04/07 11:46:56 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
DRV:64bit: - [2010/04/05 10:43:36 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/22 06:39:22 | 000,039,424 | ---- | M] (Bang & Olufsen A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\beopcusb.sys -- (beopcusb)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/29 21:00:52 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/29 14:30:26 | 000,015,392 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009/07/29 14:30:24 | 000,014,880 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009/07/29 14:30:22 | 000,055,840 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009/07/23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 14:45:56 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/23 21:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/15 03:02:00 | 000,044,672 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a38usb.sys -- (ACSSCR)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 06:36:24 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/05/18 22:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/20 17:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2009/04/08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 16:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/09 03:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/03/13 14:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2008/03/13 14:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2007/07/16 13:32:56 | 000,060,160 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/26 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\leoni_p\Downloads
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.it
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_itFR488
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons: [email protected]:0.7.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/29 23:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]

[2012/07/16 08:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions
[2011/08/06 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/11/04 04:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Firefox\Profiles\68plkaoc.default\extensions
[2012/11/04 04:59:26 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\firefox\profiles\68plkaoc.default\extensions\[email protected]
[2012/11/18 02:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 12:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/18 20:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/29 23:37:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
File not found (No name found) -- C:\USERS\LEONI_P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68PLKAOC.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012/08/17 22:30:00 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Controllo URL Kaspersky = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Tastiera Virtuale = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Anti-Banner = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/05/31 21:56:22 | 000,000,797 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.0.0.246 exchange.artemide.fr
O2:64bit: - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\Netasq\VPN Client\vpnconf.exe (Netasq)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Beoplayertray] C:\Program Files (x86)\Bang & Olufsen\BeoPort\Beotray.exe (Bang & Olufsen a/s)
O4 - HKLM..\Run: [BEW-INTRANET-FR-30SessionManager] "C:\Program Files (x86)\OrangeBusinessServices\BEW\SessionManager\SessionManager.exe" File not found
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SSLEmptyCache] C:\windows\system32\SSLEmptyCache.exe File not found
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [QMNS] C:\Program Files (x86)\Mobile Net Switch\QMNS.exe (RH Computing)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync for Outlook.lnk = C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe (IT-Services Thomas Holz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..Trusted Ranges: Range1 ([https] in Siti attendibili)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemide.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A1C872-134F-40E9-B388-44DBFFC5FB0D}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC}: NameServer = 192.0.0.248,151.99.125.1,172.16.20.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7684519B-3552-4A94-8105-26B05F597DBB}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816}: NameServer = 83.224.66.134 83.224.70.93
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/23 18:48:36 | 000,697,911 | ---- | C] (Farbar) -- C:\Users\leoni_p\Desktop\FSS.exe
[2012/12/23 18:43:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/23 18:41:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/23 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\Desktop\RK_Quarantine
[2012/12/22 21:47:48 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/12/21 16:44:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/21 16:44:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/21 16:43:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/21 16:43:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/13 20:48:51 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2012/12/12 21:44:01 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/12 21:44:01 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/12 21:43:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/12 21:43:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/12 21:43:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/12 21:43:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/12 21:43:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/12 21:43:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/12 21:43:46 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/12 21:43:46 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/12 21:43:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/12 21:43:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/12 21:43:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/12 21:43:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/12 21:43:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/12 21:43:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/12 21:43:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/12 21:43:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/12 21:43:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/12 21:43:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/12 21:43:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/12 21:43:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/12 21:43:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/12 21:43:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/12 21:43:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/12 21:43:38 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/12 21:43:38 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/12 21:43:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/12 21:43:38 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/12 21:43:38 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/12 21:43:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/12 21:43:38 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/12 21:43:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/12 21:43:38 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/12 21:43:38 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/12 21:43:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/12 21:43:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/12 21:43:37 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/12 21:43:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/12 11:52:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/12 11:52:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/12/12 11:52:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/12/12 11:52:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/12/12 11:52:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/12 11:52:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/12/12 11:52:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/12/12 11:52:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/12/12 11:52:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/12/12 11:52:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/12/12 11:52:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/12/12 11:52:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/12/12 11:52:07 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/12 11:52:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012/12/12 11:50:34 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/12 11:50:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/12 11:50:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/12 11:50:34 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/12 11:50:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/12 11:50:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/12 11:50:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/11 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/09 11:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/12/08 12:12:37 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2012/12/08 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/12/08 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2012/12/02 22:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/02 22:14:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/02 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Local\SvchostViewer
[2012/11/30 14:02:31 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/30 14:02:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/30 14:02:31 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/27 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2010/11/11 15:34:12 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[2010/11/05 16:21:58 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010/11/05 16:21:57 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010/11/05 16:21:57 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2010/11/05 16:21:57 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/23 18:48:47 | 000,697,911 | ---- | M] (Farbar) -- C:\Users\leoni_p\Desktop\FSS.exe
[2012/12/23 18:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/23 18:31:01 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 18:31:01 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 18:30:03 | 000,745,984 | ---- | M] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/23 18:28:24 | 001,842,632 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/23 18:28:24 | 000,811,436 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2012/12/23 18:28:24 | 000,715,748 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/23 18:28:24 | 000,173,620 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2012/12/23 18:28:24 | 000,143,124 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/23 18:22:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/23 18:22:27 | 2069,049,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/22 23:07:27 | 000,000,505 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2012/12/21 19:46:14 | 002,314,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/19 01:52:49 | 863,673,744 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/12/17 21:44:29 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/08 12:10:14 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/23 18:29:59 | 000,745,984 | ---- | C] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/12 21:43:49 | 000,204,105 | ---- | C] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/12 21:43:49 | 000,004,675 | ---- | C] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/12 21:43:45 | 000,004,675 | ---- | C] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/12 21:43:42 | 000,004,148 | ---- | C] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/12 21:43:38 | 000,204,105 | ---- | C] () -- C:\windows\SysNative\winrm.vbs
[2012/12/08 12:10:14 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/07/16 08:58:23 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012/05/18 01:26:21 | 000,000,068 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\.directory
[2012/05/18 00:58:16 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/05/18 00:58:16 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\UserTile.png
[2012/05/18 00:58:16 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\GhostObjGAFix.xml
[2012/05/18 00:56:04 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\WebpageIcons.db
[2012/05/18 00:48:04 | 000,002,870 | ---- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/18 00:48:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\.zreglib
[2012/03/18 13:29:45 | 000,000,138 | ---- | C] () -- C:\windows\WININIT.INI
[2012/02/18 21:44:54 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2011/10/23 20:02:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\au3305adc.dll
[2011/10/23 20:02:06 | 000,000,067 | ---- | C] () -- C:\windows\Apollo DVD Copy.INI
[2011/10/23 19:20:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\locked-.zreglib.xfrn
[2011/08/27 21:59:48 | 000,025,600 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/18 14:39:56 | 000,226,364 | ---- | C] () -- C:\ProgramData\locked-DeviceManager.xml.rc4.wsyv
[2011/02/20 11:15:41 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-UserTile.png.lpnu
[2011/02/13 16:26:02 | 000,000,036 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\housecall.guid.cache
[2011/02/06 20:31:39 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-GhostObjGAFix.xml.icpo
[2011/02/06 13:34:23 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\locked-WebpageIcons.db.vsml
[2011/01/22 01:12:53 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Microsoft Excel 97-2003.ADR.dyho
[2011/01/22 01:12:45 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/01/04 12:24:18 | 000,000,075 | ---- | C] () -- C:\windows\winDecrypt.INI
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\ProgramData\locked-Synth Textures.wpdy
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Sync Services.lpnu
[2010/12/18 15:17:12 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/18 15:17:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\locked-Textures.xnay
[2010/11/30 11:30:42 | 000,002,094 | ---- | C] () -- C:\Users\leoni_p\vpn greenBow.tgb
[2010/11/18 11:21:15 | 000,002,870 | ---- | C] () -- C:\ProgramData\locked-ntuser.pol.licg
[2010/11/05 16:21:57 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010/11/05 16:21:57 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9FF7C773
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4FF9FD44

< End of report >
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f4e6547e-325b-403c-a3bb-ad29ed37a92f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d087c25-2509-11e2-8483-8617b8e95901}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d087c25-2509-11e2-8483-8617b8e95901}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33b4e451-2545-11e2-acb5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33b4e451-2545-11e2-acb5-806e6f6e6963}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35c92c60-1ae6-11e1-be06-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35c92c60-1ae6-11e1-be06-002713ab3df5}\ not found.
File I:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\ not found.
File I:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{524fb76c-2516-11e2-9423-a808342d6b9a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{524fb76c-2516-11e2-9423-a808342d6b9a}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571316ae-4125-11e2-aae4-0024815ee9c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571316ae-4125-11e2-aae4-0024815ee9c4}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{582795be-5c24-11e0-9922-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{582795be-5c24-11e0-9922-002713ab3df5}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{582795ee-5c24-11e0-9922-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{582795ee-5c24-11e0-9922-002713ab3df5}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58d57ca2-2801-11e2-b99e-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58d57ca2-2801-11e2-b99e-002713ab3df5}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74522359-85b3-11e1-bd08-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74522359-85b3-11e1-bd08-806e6f6e6963}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ed59088-40cb-11e2-a075-0024815ee9c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ed59088-40cb-11e2-a075-0024815ee9c4}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{839bc577-2687-11e2-974e-d8d38523d59e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{839bc577-2687-11e2-974e-d8d38523d59e}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962fd40b-2589-11e2-b2ea-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{962fd40b-2589-11e2-b2ea-002713ab3df5}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ef832f-24d1-11e2-b241-c178d371b341}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ef832f-24d1-11e2-b241-c178d371b341}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3e89906-1841-11e1-8db1-002713ab3df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3e89906-1841-11e1-8db1-002713ab3df5}\ not found.
File I:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5c4828c-22fa-11e2-8dad-887c749bd147}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5c4828c-22fa-11e2-8dad-887c749bd147}\ not found.
File H:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12232012_184350
Farbar Service Scanner Version: 23-12-2012
Ran by leoni_p (administrator) on 23-12-2012 at 19:22:00
Running from "C:\Users\leoni_p\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll
[2012-12-12 21:43] - [2012-08-21 14:09] - 0219136 ____A (Microsoft Corporation) 136760C1E9697BAF4ECDEAE5590A0806

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#11
pleonipi
Posted 23 December 2012 - 12:36 PM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Dear godawgs
I unistalled emule like suggested.
But I have to say you another thing.
Like probably you remind, I disabled the service tapisrv.dll, and doing that everything was ok, except the fact that some functionality eg in Outlook are didabled too (see my first email).
I found on some forum that the problem of tapisrv could be related to W7 fax, and I reminded that fax on my notebook has never worked, crashing the system (blue screen). So I uninstalled W7 Fax and enabled tapisrv.dll again, and everything seems to work ok.
Please note that in xext days probably I will not be able to connect to interner until 12/31.
Best regards and many wishes for an Holy Christmas and Happy new year.
pleonipi
  • 0

#12
godawgs
Posted 23 December 2012 - 09:40 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Dear godawgs
I unistalled emule like suggested.
But I have to say you another thing.
Like probably you remind, I disabled the service tapisrv.dll, and doing that everything was ok, except the fact that some functionality eg in Outlook are didabled too (see my first email).
I found on some forum that the problem of tapisrv could be related to W7 fax, and I reminded that fax on my notebook has never worked, crashing the system (blue screen). So I uninstalled W7 Fax and enabled tapisrv.dll again, and everything seems to work ok.
Please note that in xext days probably I will not be able to connect to interner until 12/31.
Best regards and many wishes for an Holy Christmas and Happy new year.
pleonipi

I realize that tapisrv.dll is related to windows fax. And I'm glad that uninstalling Windows Fax solved the problem with Office.
But the malware still needs to be removed from the computer. The Office issue didn't have anything to do with the malware on the system. Our normal procedure is to clear the malware, clean up the tools used and then work on the problems with the system if they still remain.
We are almost finished with cleaning the system.
I will keep the topic open through the holidays. Please let me know when you are back and we will continue.
Happy Holidays to you too. :)
  • 0

#13
pleonipi
Posted 10 January 2013 - 04:37 PM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Happy new year godawgs, I hope you are well.
I'm back at work, when you have time we can finish our work.
Many thanks and best regards
pleonipi
  • 0

#14
pleonipi
Posted 19 January 2013 - 05:32 PM

pleonipi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello Godawgs, happy new year ! Did you read my message on January 10th ?
Many thanks and best regards
pleonipi
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP