OTL logfile created on: 12/16/2012 3:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd
7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.84% Memory free
15.80 Gb Paging File | 12.72 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 18.05 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32
Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/12/16 15:47:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2012/07/31 03:19:26 | 000,041,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/07/30 14:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/16 18:28:36 | 006,974,360 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2012/07/10 00:42:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2012/05/03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/04/19 16:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/09 11:25:06 | 004,346,720 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe
PRC - [2011/01/15 01:49:52 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/15 11:05:10 | 004,019,040 | ---- | M] (IT-Services Thomas Holz) -- C:\Program Files (x86)\Easy2Sync\Easy2Sync.exe
PRC - [2010/07/12 13:59:36 | 000,644,664 | ---- | M] (Netasq) -- C:\Program Files (x86)\Netasq\VPN Client\VpnConf.exe
PRC - [2010/07/12 13:59:32 | 000,193,080 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\Netasq\VPN Client\tgbike.exe
PRC - [2010/02/25 13:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/28 14:15:44 | 000,414,720 | ---- | M] (Bang & Olufsen a/s) -- C:\PROGRAM FILES (X86)\BANG & OLUFSEN\BEOPORT\BEOTRAY.EXE
PRC - [2010/01/28 14:11:24 | 001,119,744 | ---- | M] (Bang & Olufsen a/s) -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\BeoPlayer.exe
PRC - [2009/08/07 16:03:16 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 17:42:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/28 12:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\Windows\SysWOW64\MNSFramework.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (No Company Name) ========== MOD - [2012/12/08 12:12:41 | 000,192,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\a9a9928a2adca3ae71f75df862fcf649\Vodafone.Model.Connection.ni.dll
MOD - [2012/12/08 12:12:41 | 000,034,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\73736618f6b64deed594a38c16dc36eb\Vodafone.UpdateManager.ni.dll
MOD - [2012/12/08 12:12:40 | 000,025,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\9efce6da1fcaeb4d5fbd7b26b1886808\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2012/12/08 12:12:39 | 000,876,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\54e548c7965b92b787f3b8a39e443ebf\Vodafone.View.Shared.ni.dll
MOD - [2012/12/08 12:12:38 | 000,606,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\00e1dd9433003239592fe9bbae9f2697\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2012/12/08 12:12:37 | 000,084,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\2d93f40e0396c2d3a912f66a484fa133\Vodafone.Core.Remoting.ni.dll
MOD - [2012/12/08 12:12:37 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d02a34cff230ee279dfa3144e1f8c64c\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2012/12/08 12:12:36 | 000,055,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\d89f1fe9dbc0be036d5e5fb3d9c95a55\Vodafone.TrafficOptimiser.ni.dll
MOD - [2012/12/08 12:12:36 | 000,030,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1741b42a2a3e5ab0da82c6e8d833d428\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2012/12/08 12:12:35 | 000,108,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\45df2d1c2eee18f2f4c1a57fde3e851f\Vodafone.LanWlanManager.ni.dll
MOD - [2012/12/08 12:12:34 | 000,392,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\f93f3618cf9e6c4ddf305de2341d9a51\Vodafone.MbbManagement.ni.dll
MOD - [2012/12/08 12:12:34 | 000,119,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\fd66abb10a27d11b1b3b36ed97388ae0\Interop.Shell32.ni.dll
MOD - [2012/12/08 12:12:34 | 000,081,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.MbnApi\08ca4b39256c8202388ed38b72eb5d7d\Interop.MbnApi.ni.dll
MOD - [2012/12/08 12:12:34 | 000,073,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\13d79e57a582b08294290c19b80809d5\Vodafone.Vpn.ni.dll
MOD - [2012/12/08 12:12:33 | 000,498,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\30436372d4bc95b37c010679ca795419\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2012/12/08 12:12:33 | 000,040,960 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\f8bf1aa3b6ebf2c2886b487e88bbec49\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2012/12/08 12:12:32 | 000,733,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\833ae7c45a65a1e52c4ef2bde93ebb46\Vodafone.WwanWrapper.ni.dll
MOD - [2012/12/08 12:12:32 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\27de387584331d62066dcbd2960614f6\Vodafone.ConnectionServices.ni.dll
MOD - [2012/12/08 12:12:31 | 000,022,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\4d17e1c5b127751092f149deeb4ddac4\Vodafone.Core.Interfaces.ni.dll
MOD - [2012/12/08 12:12:30 | 000,941,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\ca6b6f42956c9e67a0cfe298dae35313\Vodafone.BusinessLogic.ni.dll
MOD - [2012/12/08 12:12:29 | 000,049,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8f888dcf957e4f16a48430eabf88795b\Vodafone.Contracts.Adapter.ni.dll
MOD - [2012/12/08 12:12:29 | 000,047,104 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\c50d9109f51845cc9648dcfef8a03f03\Common.Logging.ni.dll
MOD - [2012/12/08 12:12:23 | 002,104,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\6a8b065a87f3c79e28e893fabeaecea7\Spring.Core.ni.dll
MOD - [2012/12/08 12:12:21 | 000,042,496 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\26236e7d7c1647368b7a133b6881e17d\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2012/12/08 12:12:19 | 001,304,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\6432f59dd365540d0dc856b667bcb2a1\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2012/12/08 12:12:17 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\d3bd34ae6541592c5ed357516cfb4a68\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2012/12/08 12:12:14 | 011,053,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\510f3dfd800b9ce42b0fe347251b3662\Infragistics2.Win.v9.2.ni.dll
MOD - [2012/12/08 12:12:06 | 000,871,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\ee217dcdf0faa5dd7ebd4fa71511fba5\Infragistics2.Shared.v9.2.ni.dll
MOD - [2012/12/08 12:12:04 | 007,137,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\2e4048a6114523262679e70ac45fed72\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2012/12/08 12:11:55 | 000,100,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\9539d632461da2165bdc9d99178dacf3\Vodafone.Core.Contracts.ni.dll
MOD - [2012/12/08 12:11:55 | 000,036,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\e997615bfbd4fbd465ddb8f448dcc10d\Vodafone.Contracts.Presenter.ni.dll
MOD - [2012/12/08 12:11:55 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1a56a5409ad4032e96121a5f7e45007b\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2012/12/08 12:11:54 | 000,131,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\f91fe68a3519d918c354b72012e4f639\Vodafone.Contracts.Model.ni.dll
MOD - [2012/12/08 12:11:54 | 000,105,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\8b5377e783a3667a0f45a49aab213ddd\Vodafone.Contracts.View.ni.dll
MOD - [2012/12/08 12:11:53 | 000,089,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\4a02c139b1eeb68551bf2492ab6ffecd\Vodafone.Base.Internals.ni.dll
MOD - [2012/12/08 12:11:53 | 000,019,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\5d5810af08547afb7ce277e40154497d\Vodafone.Base.Factory.ni.dll
MOD - [2012/12/08 12:11:52 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e603b21d8bf76f2701858a3570b4add0\Vodafone.ConnectionManagement.ni.dll
MOD - [2012/12/08 12:11:52 | 000,093,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\625eb88d6251a680d6de47d38e7b5c05\Vodafone.Contracts.Common.ni.dll
MOD - [2012/12/08 12:11:51 | 000,350,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\0689f2f7becf4af1980c17b0d3268fbc\Vodafone.ReportingManager.ni.dll
MOD - [2012/12/08 12:11:51 | 000,031,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\c5329450983a0f0524ba1346947c0cd3\Vodafone.OutlookConnector.ni.dll
MOD - [2012/12/08 12:11:50 | 000,198,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\48882c5696d7cbd9412a2e4efddb7562\Vodafone.SmsContactManager.ni.dll
MOD - [2012/12/08 12:11:49 | 000,945,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\c70eceb0d58c8326a372494029d1c393\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2012/12/08 12:11:49 | 000,341,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\3fa98d093d3057d94cc8a6dc015b0a0b\Vodafone.CommonDialogs.ni.dll
MOD - [2012/12/08 12:11:47 | 000,080,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\e474254b1c373d62d9231b3972dfdbea\Vodafone.SmsProfileManager.ni.dll
MOD - [2012/12/08 12:11:46 | 000,326,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\26ca62c6f1ce4f83e04694e80fdc42bf\Vodafone.DataAccessor.ni.dll
MOD - [2012/12/08 12:11:46 | 000,056,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\2ee1d8aa52668cf4a67f4780e3461643\Vodafone.SettingsManager.ni.dll
MOD - [2012/12/08 12:11:45 | 002,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\b5e3489915948b4882b7a2fcd9a13236\MobileBroadbandResources.ni.dll
MOD - [2012/12/08 12:11:45 | 000,074,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\53e53f934448b7709a4543ed8dd0fb73\Vodafone.NtServiceMessaging.ni.dll
MOD - [2012/12/08 12:11:44 | 000,321,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\fab132f1bde2028f4dd9a1214c8d6081\Vodafone.Base.Win32.ni.dll
MOD - [2012/12/08 12:11:44 | 000,181,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\e37e2a4b9b3d42691c5d0b0f49ab6b3d\Vodafone.Common.ni.dll
MOD - [2012/12/08 12:11:44 | 000,019,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\c250db605a7689dac41457d8cec48e89\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2012/12/08 12:11:43 | 000,673,280 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\8ce812ef5fbbb38e7577018c751c9d0d\Vodafone.Data.ni.dll
MOD - [2012/12/08 12:11:43 | 000,158,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\cf14a6cfe5e367d6fdaeeaabc1c7a39a\Vodafone.Base.Contracts.ni.dll
MOD - [2012/12/08 12:11:42 | 001,368,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\795818c30402eff88226d87448b52d99\Vodafone.Platform.ni.dll
MOD - [2012/12/08 12:11:38 | 000,282,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\fbc6872de87fde538a6e1839a4a0f463\MobileBroadband.ni.exe
MOD - [2012/12/08 12:11:38 | 000,094,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\cd6add0e6fd0d86eed95d0f55181fbe8\Vodafone.LogEngine.ni.dll
MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/17 17:06:20 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 17:05:16 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/17 15:58:30 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/17 15:58:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 15:58:08 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/17 15:58:08 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/17 15:57:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 15:57:55 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 15:57:33 | 012,503,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2353e2c6a47a65ecfd1b7164e1f058a\System.Windows.Forms.ni.dll
MOD - [2012/11/17 15:57:15 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/17 15:57:14 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
MOD - [2012/11/17 15:57:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 15:57:11 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 15:56:56 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 15:56:52 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 15:56:35 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2011/04/19 16:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2010/11/13 01:58:31 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/28 14:15:00 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\TranslationLookup.dll
MOD - [2010/01/28 14:14:48 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Bang & Olufsen\BeoPort\Resources\BeoResource.ENG
MOD - [2009/10/22 23:51:58 | 000,163,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_it_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/29 16:10:06 | 000,300,600 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 18:46:05 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.PTB
MOD - [2009/02/27 18:39:01 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.ita
MOD - [2009/02/27 18:33:02 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.ESP
MOD - [2009/02/27 18:10:53 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.NLD
MOD - [2009/02/27 13:20:55 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.ITA
========== Services (SafeList) ========== SRV:
64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:
64bit: - [2010/12/19 20:49:55 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:
64bit: - [2010/07/12 13:59:30 | 000,162,872 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysNative\TgbStarter.exe -- (TgbIke Starter)
SRV:
64bit: - [2009/07/30 17:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:
64bit: - [2009/07/29 11:43:32 | 001,841,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:
64bit: - [2009/06/03 15:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:
64bit: - [2009/03/27 17:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:
64bit: - [2008/07/15 22:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/11/05 18:03:03 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/05 18:02:37 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/31 19:05:59 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/07/16 18:28:36 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/10 00:42:38 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/16 08:48:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 16:06:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/07 15:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 14:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/28 11:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/28 11:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2009/07/15 21:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 21:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/29 16:10:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/25 06:42:10 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/05/25 06:36:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/05/25 06:02:50 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\windows\SysWOW64\MNSFramework.exe -- (MNSFramework)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/11/10 22:38:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:
64bit: - [2012/11/05 18:02:39 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:
64bit: - [2012/10/31 19:07:12 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:
64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2012/07/10 00:42:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/11/26 16:22:42 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:
64bit: - [2011/10/23 19:31:36 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:
64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:
64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:
64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:
64bit: - [2011/04/18 15:43:26 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:
64bit: - [2011/04/18 15:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:
64bit: - [2011/04/18 15:43:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:
64bit: - [2011/04/18 15:43:24 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:
64bit: - [2011/04/05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:
64bit: - [2011/04/05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:
64bit: - [2011/04/05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:
64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:
64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:
64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:
64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:
64bit: - [2010/12/30 12:19:56 | 000,050,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuqbus.sys -- (GTUQBUS)
DRV:
64bit: - [2010/12/30 12:19:56 | 000,025,984 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtscser.sys -- (GTSCSER)
DRV:
64bit: - [2010/12/30 12:19:56 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:
64bit: - [2010/12/30 12:19:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:
64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:
64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:
64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:
64bit: - [2010/07/12 13:59:24 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:
64bit: - [2010/06/24 14:28:04 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:
64bit: - [2010/06/24 14:28:00 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:
64bit: - [2010/06/24 14:28:00 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:
64bit: - [2010/06/09 10:49:26 | 000,122,424 | ---- | M] (TheGreenBow) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\DfilterVPN.sys -- (TgbIpSec)
DRV:
64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:
64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:
64bit: - [2010/04/07 11:46:56 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
DRV:
64bit: - [2010/04/05 10:43:36 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:
64bit: - [2010/01/22 06:39:22 | 000,039,424 | ---- | M] (Bang & Olufsen A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\beopcusb.sys -- (beopcusb)
DRV:
64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:
64bit: - [2009/07/29 21:00:52 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:
64bit: - [2009/07/29 14:30:26 | 000,015,392 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:
64bit: - [2009/07/29 14:30:24 | 000,014,880 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:
64bit: - [2009/07/29 14:30:22 | 000,055,840 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:
64bit: - [2009/07/23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:
64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:
64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:
64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2009/07/01 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:
64bit: - [2009/07/01 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:
64bit: - [2009/07/01 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:
64bit: - [2009/06/29 14:45:56 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:
64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:
64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:
64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:
64bit: - [2009/06/23 21:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:
64bit: - [2009/06/15 03:02:00 | 000,044,672 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a38usb.sys -- (ACSSCR)
DRV:
64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/25 06:36:24 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:
64bit: - [2009/05/18 22:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:
64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:
64bit: - [2009/04/20 17:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:
64bit: - [2009/04/08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:
64bit: - [2009/04/06 16:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2008/10/09 03:34:32 | 001,875,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:
64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:
64bit: - [2008/03/13 14:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:
64bit: - [2008/03/13 14:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:
64bit: - [2007/07/16 13:32:56 | 000,060,160 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/26 09:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE:
64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...&bd=all&pf=cmnbIE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}: "URL" =
http://www.searchqu....q={searchTerms}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT2269050 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7403}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\leoni_p\Downloads
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...&bd=all&pf=cmnbIE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.it
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...1I7ADFA_itFR488IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons:
[email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons:
[email protected]:12.0.1.511
FF - prefs.js..extensions.enabledAddons:
[email protected]:0.7.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems:
[email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems:
[email protected]:12.0.0.477
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "
http://www.google.co...-8&oe=UTF-8&q="FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/29 23:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\
[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\
[email protected] [2012/10/31 19:07:14 | 000,000,000 | ---D | M]
[2012/07/16 08:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions
[2011/08/06 20:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Extensions\
[email protected][2012/11/04 04:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\Firefox\Profiles\68plkaoc.default\extensions
[2012/11/04 04:59:26 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\leoni_p\AppData\Roaming\mozilla\firefox\profiles\68plkaoc.default\extensions\
[email protected][2012/11/18 02:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 12:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/18 20:31:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/29 23:37:13 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\
[email protected][2012/10/31 19:07:14 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\
[email protected]File not found (No name found) -- C:\USERS\LEONI_P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68PLKAOC.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012/08/17 22:30:00 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
========== Chrome ========== CHR - homepage:
http://www.google.com/CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Controllo URL Kaspersky = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Tastiera Virtuale = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Anti-Banner = C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2012/05/31 21:56:22 | 000,000,797 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.0.0.246 exchange.artemide.fr
O2:
64bit: - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItBHO64.dll (TechSmith Corporation)
O2:
64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:
64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:
64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:
64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\x64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:
64bit: - HKLM..\Run: [] File not found
O4:
64bit: - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:
64bit: - HKLM..\Run: [acevents] c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:
64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:
64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:
64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\Netasq\VPN Client\vpnconf.exe (Netasq)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Beoplayertray] C:\Program Files (x86)\Bang & Olufsen\BeoPort\Beotray.exe (Bang & Olufsen a/s)
O4 - HKLM..\Run: [BEW-INTRANET-FR-30SessionManager] "C:\Program Files (x86)\OrangeBusinessServices\BEW\SessionManager\SessionManager.exe" File not found
O4 - HKLM..\Run: [bit4id store register] C:\windows\SysWow64\bit4cnsp.dll (bit4id srl (
http://www.bit4id.com))
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SSLEmptyCache] C:\windows\system32\SSLEmptyCache.exe File not found
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [AccelerometerSysTrayApplet] C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [QMNS] C:\Program Files (x86)\Mobile Net Switch\QMNS.exe (RH Computing)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync for Outlook.lnk = C:\Program Files (x86)\Easy2Sync for Outlook\E2S4Outlook.exe (IT-Services Thomas Holz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:
64bit: - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:
64bit: - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:
64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:
64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:
64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:
64bit: - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:
64bit: - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:
64bit: - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Personalizza - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:
64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:
64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\..Trusted Ranges: Range1 ([https] in Siti attendibili)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artemide.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A1C872-134F-40E9-B388-44DBFFC5FB0D}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC}: NameServer = 151.99.125.1,172.16.20.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7684519B-3552-4A94-8105-26B05F597DBB}: NameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816}: NameServer = 83.224.66.134 83.224.70.93
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:
64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:
64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3749049988-3279931320-1326787242-1281 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:
64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e59bc3c-2612-11e2-9f5d-d8d38523d59e}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell - "" = AutoRun
O33 - MountPoints2\{2d087c25-2509-11e2-8483-8617b8e95901}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33b4e451-2545-11e2-acb5-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{35c92c60-1ae6-11e1-be06-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{4d756666-5fd6-11e1-a2bb-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell - "" = AutoRun
O33 - MountPoints2\{524fb76c-2516-11e2-9423-a808342d6b9a}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{571316ae-4125-11e2-aae4-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795be-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{582795ee-5c24-11e0-9922-002713ab3df5}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{58d57ca2-2801-11e2-b99e-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74522359-85b3-11e1-bd08-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ed59088-40cb-11e2-a075-0024815ee9c4}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell - "" = AutoRun
O33 - MountPoints2\{839bc577-2687-11e2-974e-d8d38523d59e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{962fd40b-2589-11e2-b2ea-002713ab3df5}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef832f-24d1-11e2-b241-c178d371b341}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell - "" = AutoRun
O33 - MountPoints2\{d3e89906-1841-11e1-8db1-002713ab3df5}\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell - "" = AutoRun
O33 - MountPoints2\{f5c4828c-22fa-11e2-8dad-887c749bd147}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:
64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ========== [2012/12/16 15:47:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/13 20:48:51 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2012/12/12 21:44:01 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncobjapi.dll
[2012/12/12 21:44:01 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncobjapi.dll
[2012/12/12 21:43:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Register-CimProvider.exe
[2012/12/12 21:43:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Register-CimProvider.exe
[2012/12/12 21:43:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrshost.exe
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrsmgr.dll
[2012/12/12 21:43:49 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrsmgr.dll
[2012/12/12 21:43:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrs.exe
[2012/12/12 21:43:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrs.exe
[2012/12/12 21:43:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrshost.exe
[2012/12/12 21:43:46 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wevtfwd.dll
[2012/12/12 21:43:46 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecutil.exe
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wevtfwd.dll
[2012/12/12 21:43:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wecapi.dll
[2012/12/12 21:43:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecutil.exe
[2012/12/12 21:43:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wecapi.dll
[2012/12/12 21:43:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmplpxy.dll
[2012/12/12 21:43:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrssrv.dll
[2012/12/12 21:43:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winrscmd.dll
[2012/12/12 21:43:41 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmRes.dll
[2012/12/12 21:43:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmRes.dll
[2012/12/12 21:43:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prvdmofcomp.dll
[2012/12/12 21:43:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/12 21:43:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAgent.dll
[2012/12/12 21:43:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAgent.dll
[2012/12/12 21:43:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmplpxy.dll
[2012/12/12 21:43:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrssrv.dll
[2012/12/12 21:43:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mi.dll
[2012/12/12 21:43:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winrscmd.dll
[2012/12/12 21:43:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mi.dll
[2012/12/12 21:43:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pwrshplugin.dll
[2012/12/12 21:43:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsmprovhost.exe
[2012/12/12 21:43:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManHTTPConfig.exe
[2012/12/12 21:43:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManHTTPConfig.exe
[2012/12/12 21:43:38 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedynos.dll
[2012/12/12 21:43:38 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\framedyn.dll
[2012/12/12 21:43:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\miutils.dll
[2012/12/12 21:43:38 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmitomi.dll
[2012/12/12 21:43:38 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedynos.dll
[2012/12/12 21:43:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\framedyn.dll
[2012/12/12 21:43:38 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\miutils.dll
[2012/12/12 21:43:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmidcom.dll
[2012/12/12 21:43:38 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmitomi.dll
[2012/12/12 21:43:38 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmidcom.dll
[2012/12/12 21:43:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSManMigrationPlugin.dll
[2012/12/12 21:43:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/12 21:43:37 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmGCDeps.dll
[2012/12/12 21:43:37 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wbemcomn2.dll
[2012/12/12 21:43:37 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmWmiPl.dll
[2012/12/12 21:43:37 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WsmAuto.dll
[2012/12/12 21:43:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WsmAuto.dll
[2012/12/12 11:52:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/12 11:52:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/12 11:52:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/12 11:52:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/12 11:52:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/12 11:52:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/12/12 11:52:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/12/12 11:52:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/12/12 11:52:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/12 11:52:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/12/12 11:52:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/12/12 11:52:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/12/12 11:52:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/12/12 11:52:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/12/12 11:52:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/12/12 11:52:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 11:52:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 11:52:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 11:52:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 11:52:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 11:52:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/12/12 11:52:07 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/12 11:52:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012/12/12 11:50:34 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/12 11:50:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/12 11:50:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/12 11:50:34 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/12 11:50:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/12 11:50:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/12 11:50:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/11 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/09 11:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/12/08 12:12:37 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ew_jubusenum.sys
[2012/12/08 12:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/12/08 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2012/12/02 22:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/02 22:14:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/12/02 22:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Local\SvchostViewer
[2012/12/01 00:47:26 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/11/30 14:02:31 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/30 14:02:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/30 14:02:31 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/27 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/17 16:07:18 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 16:07:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/17 16:06:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/17 16:06:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/17 16:06:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/17 16:06:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\leoni_p\Favorites - Copia
[2012/11/17 16:04:22 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/17 16:04:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/17 16:04:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/17 16:04:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/17 16:04:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/17 16:04:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/17 16:04:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/17 16:04:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/17 16:04:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/17 05:36:06 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2012/11/17 05:36:05 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2012/11/17 05:36:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2012/11/17 05:36:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2012/11/17 05:36:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2012/11/17 05:36:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2012/11/17 05:36:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2012/11/17 05:36:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2012/11/17 05:36:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2012/11/17 05:36:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2012/11/17 05:36:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2012/11/17 05:36:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2012/11/17 05:35:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/17 05:35:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2010/11/11 15:34:12 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[2010/11/05 16:21:58 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010/11/05 16:21:57 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010/11/05 16:21:57 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files (x86)\Common Files\sapconsr3.dll
[2010/11/05 16:21:57 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/12/16 15:49:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:49:30 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/16 15:47:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leoni_p\Desktop\OTL.exe
[2012/12/16 15:41:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/16 15:41:23 | 2069,049,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/16 14:38:03 | 000,545,819 | ---- | M] () -- C:\Users\leoni_p\Desktop\AdwCleaner.exe
[2012/12/16 14:36:01 | 000,745,984 | ---- | M] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/13 20:51:36 | 002,314,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/12 21:28:50 | 1133,789,870 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/12/08 12:15:44 | 001,842,632 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/08 12:15:44 | 000,811,436 | ---- | M] () -- C:\windows\SysNative\perfh010.dat
[2012/12/08 12:15:44 | 000,715,748 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/08 12:15:44 | 000,173,620 | ---- | M] () -- C:\windows\SysNative\perfc010.dat
[2012/12/08 12:15:44 | 000,143,124 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/08 12:10:14 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/11/24 16:17:35 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[3 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/12/16 14:37:52 | 000,545,819 | ---- | C] () -- C:\Users\leoni_p\Desktop\AdwCleaner.exe
[2012/12/16 14:35:55 | 000,745,984 | ---- | C] () -- C:\Users\leoni_p\Desktop\RogueKillerX64.exe
[2012/12/12 21:43:49 | 000,204,105 | ---- | C] () -- C:\windows\SysWow64\winrm.vbs
[2012/12/12 21:43:49 | 000,004,675 | ---- | C] () -- C:\windows\SysNative\wsmanconfig_schema.xml
[2012/12/12 21:43:45 | 000,004,675 | ---- | C] () -- C:\windows\SysWow64\wsmanconfig_schema.xml
[2012/12/12 21:43:42 | 000,004,148 | ---- | C] () -- C:\windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/12 21:43:38 | 000,204,105 | ---- | C] () -- C:\windows\SysNative\winrm.vbs
[2012/12/08 12:10:14 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012/11/18 02:45:53 | 000,001,427 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/18 02:45:53 | 000,001,353 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/11/17 16:07:20 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 16:05:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/16 08:58:23 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012/05/18 01:26:21 | 000,000,068 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\.directory
[2012/05/18 00:58:16 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/05/18 00:58:16 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\UserTile.png
[2012/05/18 00:58:16 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\GhostObjGAFix.xml
[2012/05/18 00:56:04 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\WebpageIcons.db
[2012/05/18 00:48:04 | 000,002,870 | ---- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/18 00:48:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\.zreglib
[2012/03/18 13:29:45 | 000,000,138 | ---- | C] () -- C:\windows\WININIT.INI
[2012/02/18 21:44:54 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2011/10/23 20:02:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\au3305adc.dll
[2011/10/23 20:02:06 | 000,000,067 | ---- | C] () -- C:\windows\Apollo DVD Copy.INI
[2011/10/23 19:20:04 | 000,000,085 | ---- | C] () -- C:\ProgramData\locked-.zreglib.xfrn
[2011/08/27 21:59:48 | 000,025,600 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/18 14:39:56 | 000,226,364 | ---- | C] () -- C:\ProgramData\locked-DeviceManager.xml.rc4.wsyv
[2011/02/20 11:15:41 | 000,027,830 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-UserTile.png.lpnu
[2011/02/13 16:26:02 | 000,000,036 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\housecall.guid.cache
[2011/02/06 20:31:39 | 000,001,854 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-GhostObjGAFix.xml.icpo
[2011/02/06 13:34:23 | 000,017,408 | ---- | C] () -- C:\Users\leoni_p\AppData\Local\locked-WebpageIcons.db.vsml
[2011/01/22 01:12:53 | 000,038,792 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Microsoft Excel 97-2003.ADR.dyho
[2011/01/22 01:12:45 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2011/01/04 12:24:18 | 000,000,075 | ---- | C] () -- C:\windows\winDecrypt.INI
[2010/12/19 21:06:50 | 000,069,185 | ---- | C] () -- C:\windows\SysWow64\bit4cnsp-uninst.exe
[2010/12/19 19:26:38 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/12/18 15:34:14 | 000,000,056 | ---- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\ProgramData\locked-Synth Textures.wpdy
[2010/12/18 15:17:12 | 000,000,268 | ---- | C] () -- C:\Users\leoni_p\AppData\Roaming\locked-Sync Services.lpnu
[2010/12/18 15:17:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/18 15:17:12 | 000,000,012 | ---- | C] () -- C:\ProgramData\locked-Textures.xnay
[2010/12/18 14:50:09 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini
[2010/12/18 13:44:57 | 000,010,752 | ---- | C] () -- C:\windows\SysWow64\BASSMOD.dll
[2010/12/18 03:42:18 | 000,015,840 | ---- | C] () -- C:\windows\SysWow64\Machnm1.exe
[2010/11/30 11:30:42 | 000,002,094 | ---- | C] () -- C:\Users\leoni_p\vpn greenBow.tgb
[2010/11/18 11:21:15 | 000,002,870 | ---- | C] () -- C:\ProgramData\locked-ntuser.pol.licg
[2010/11/05 16:21:57 | 000,955,904 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010/11/05 16:21:57 | 000,949,760 | ---- | C] () -- C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ========== ========== Base Services ==========SRV:
64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:
64bit: - [2010/11/20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:
64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:
64bit: - [2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:
64bit: - [2010/11/20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:
64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:
64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:
64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:
64bit: - [2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:
64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:
64bit: - [2010/11/20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:
64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:
64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:
64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:
64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:
64bit: - [2010/11/20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:
64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:
64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:
64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:
64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:
64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:
64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:
64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:
64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:
64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:
64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:
64bit: - [2010/11/20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:
64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:
64bit: - [2010/11/20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:
64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:
64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:
64bit: - [2010/11/20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:
64bit: - [2010/11/20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:
64bit: - [2010/11/20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:
64bit: - [2010/11/20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:
64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:
64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:
64bit: - [2010/11/20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:
64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:
64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2010/11/20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:
64bit: - [2010/11/20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:
64bit: - [2010/11/20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:
64bit: - [2010/11/20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:
64bit: - [2012/08/21 14:09:40 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:
64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:
64bit: - [2010/11/20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:
64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:
64bit: - [2010/11/20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < %systemdrive%*.js > < MD5 for: EXPLORER.EXE >[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: QMGR.DLL >[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/14 02:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
< MD5 for: SERVICES >[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >[2009/10/22 23:51:55 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\windows\SysNative\it-IT\services.exe.mui
[2009/10/22 23:51:55 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui
< MD5 for: SERVICES.LNK >[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >[2009/10/22 23:52:15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\windows\SysNative\it-IT\services.msc
[2009/10/22 23:51:57 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2009/10/22 23:52:15 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2009/10/22 23:51:57 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WINSOCK.H >[2010/04/19 19:44:40 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1\Include\WinSock.h
< MD5 for: WSHELPER.DLL >[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\windows\System32\ie4uinit.exe" -show [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\windows\System32\ie4uinit.exe" -reinstall [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\windows\System32\ie4uinit.exe" -hide [2010/11/20 13:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 02:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< type c:\diskreport.txt /c >Microsoft DiskPart versione 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
Nel computer LEONI_PORT_HP
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 b Nessun su
Volume 1 D DVD-ROM 0 b Nessun su
Volume 2 G DVD-ROM 0 b Nessun su
Volume 3 SYSTEM NTFS Partizione 300 Mb Integro Sistema
Volume 4 C NTFS Partizione 280 Gb Integro Avvio
Volume 5 HP_RECOVERY NTFS Partizione 15 Gb Integro
Volume 6 E HP_TOOLS FAT32 Partizione 2043 Mb Integro
< > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9FF7C773
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4FF9FD44
< End of report >
OTL Extras logfile created on: 12/16/2012 3:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leoni_p\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd
7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.84% Memory free
15.80 Gb Paging File | 12.72 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 18.05 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.93 Gb Free Space | 97.13% Space Free | Partition Type: FAT32
Computer Name: LEONI_PORT_HP | User Name: leoni_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0360D148-D14A-4D92-824F-8026A8578FB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A054957-C3F2-413C-8EA1-538B874BB752}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11045C0A-A66D-4EC3-A8C6-F8C033877068}" = lport=500 | protocol=17 | dir=in | name=vpn client phase1 |
"{30ECB22A-E9D8-46FD-B2A3-45A6ECCD21FF}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{36E05EF0-DA64-41D1-9A6E-124FECBD62B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58FF25A5-F82A-4F5C-BF7B-05CC042109E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B1A9EF3-10ED-487B-B89E-D152B17B0652}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CD1B0A0-8005-4B4E-9CB2-70C74789FD3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{641EB505-B286-4431-9F0A-E1A8B4E0D15E}" = rport=445 | protocol=6 | dir=out | app=system |
"{68C22AE8-C158-439D-8558-00B17716BDEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C79E423-92FE-45F3-A15E-87596C6D7C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C9A523E-C8E5-412D-AC9A-BEEB19DBD645}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{6FD9C20B-FC6E-4B4B-A70B-79AF1A021A8E}" = lport=4500 | protocol=17 | dir=in | name=thegreenbow ipsec vpn client phase2 |
"{85F1A541-78E8-4506-950C-D8E1A060FF41}" = lport=500 | protocol=17 | dir=in | name=thegreenbow ipsec vpn client phase1 |
"{92341280-36B8-4EBC-A070-0BF5D4E5E304}" = lport=4500 | protocol=17 | dir=in | name=vpn client phase2 |
"{966D5D43-CF07-41D5-A4B0-70DE00AF4FAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF33B8C3-0636-43D9-954A-2A1676FC01A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B017287D-C740-4F26-98B3-FB64BEEEA194}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5046302-B821-4BDC-A35B-984D13839916}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEF0ECD8-1433-4515-9264-5BDDA3459456}" = lport=139 | protocol=6 | dir=in | app=system |
"{C39F08F8-2364-406D-AEE0-0C3F51422CBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D31B533F-B114-4795-885D-122E6097E357}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8377EA0-07F9-41D3-9495-D2BFC65B6F05}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD8357B0-6812-4C7B-8848-BB0C9BC9339B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC7F00B0-31C7-48A9-B6E9-0E7F22323F4D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC8B63FB-5974-4DF9-B3FA-0C9A8D5D73D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAFA41BF-51A0-42C4-B9FF-DE0A814AE49A}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB6F4553-7FEA-42EC-89FB-BCAA7BC49A3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD952BCD-D12A-42DF-AE69-CBCE30B5C481}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031269A0-31CC-4DB8-816B-FDA3DE97A6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05F414F8-DA24-42E2-9AF6-F83CA28021EF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{0C10FE58-E172-4F83-9DB0-0E48F837013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CF1FD9D-0E7F-4316-B0D2-D625FA7EB7C7}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{0EC18283-3C50-4C0F-A050-19265FA82502}" = protocol=1 | dir=in |
[email protected],-28543 |
"{373E0C58-ED52-4183-82A3-7A37D8C32C45}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{4B308B17-CF7A-478F-983A-DFDD3933926D}" = protocol=17 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{54FA8C84-4B3F-4BE4-B7A4-49984B23C56E}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{59DED287-5619-4731-BD3F-28DF330440C8}" = protocol=1 | dir=out |
[email protected],-28544 |
"{5C7D82A6-D42A-4D5D-B356-379A73BB9471}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DF78FDF-6F65-4137-9724-F954DB17E313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E5479C2-C16B-4AEB-819F-383468C9D66A}" = protocol=58 | dir=out |
[email protected],-28546 |
"{673D68FE-5F29-4D4D-8E13-82DDC6300DC5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6A5DD366-CBF6-42C8-AF2E-B55A3C6110A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DA648C8-95B1-457C-8514-D198BB843FCB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{7F6F8805-63DB-4570-87A0-12119C81198A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
"{85A088E5-1AFD-4DAE-99BE-EAF754A520B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe |
"{97A434F7-4BC1-43FB-877A-077FBC4A8F2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{984FACD7-1D28-4DDF-BEF6-B484461DC7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{B0CEB918-2E15-4BA8-ABE9-3EB8E09BB5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B2BD620E-F48B-4408-911C-B39CECAE091D}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"{B3DEB82C-4B65-459A-999C-6CA9F1238C62}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BC114EF8-5E23-42FE-80E6-3E13BE203BDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD3FE719-24D6-4ACB-AEA2-15C126312858}" = protocol=58 | dir=in |
[email protected],-28545 |
"{C7605574-26FA-461C-AE09-7EC5539E6909}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe |
"{DBCBE589-77B4-4238-ADB3-AB3772659BDD}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{E5F60DB6-D832-453A-AB21-26D7B936B5A6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E68FCD08-8F21-4864-A4A9-A5E58F136F48}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA42C3C4-A411-428D-81C7-0F3E64C13E20}" = protocol=6 | dir=in | app=c:\windows\syswow64\config\systemprofile\appdata\local\application policy service\svchost.exe |
"TCP Query User{0E48D412-2E73-4C3F-B80D-D96B5C4A0242}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"TCP Query User{4E12482C-ECB7-471D-A449-A9FBEEF702DB}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"TCP Query User{74D3486C-F31A-49F9-BBD6-7C1CA5CA2EE6}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"TCP Query User{89141E51-9801-455F-9BB1-316700EAED1C}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"TCP Query User{A0CF513D-23B9-4A9E-8F44-68248B95B321}C:\easy stand alone\esa.exe" = protocol=6 | dir=in | app=c:\easy stand alone\esa.exe |
"TCP Query User{B564937A-A0A0-4574-92E9-57DC68D404C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B6D2ACF4-13D1-4650-8361-903CE6ECB381}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{CFD90F68-E70F-4DC0-9DD1-99D95D4CE780}C:\users\leoni_p\emule\incoming\emule\emule.exe" = protocol=6 | dir=in | app=c:\users\leoni_p\emule\incoming\emule\emule.exe |
"TCP Query User{DB175E3D-360F-46E6-967E-E26D0DA068DB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{DB86935C-3728-4163-AF00-B2871372FD29}C:\easy stand alone\esa.exe" = protocol=6 | dir=in | app=c:\easy stand alone\esa.exe |
"TCP Query User{FED0A250-0E82-4BCB-A23D-3E823393319E}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{FEEA6D38-3C6F-482F-AD6D-060BB5127444}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{0643494D-54D2-4853-B73F-459205981DCF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{132B14D0-A9E3-43F6-8AF7-B1AE0BDF0C29}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{204AA893-4AED-4D47-B0B2-072CDF339F23}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{219848E9-0E19-4B62-A998-CC970E103D93}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"UDP Query User{3128A1A4-CC82-497C-97A3-FF38CA7D99E0}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"UDP Query User{3CB30001-635C-4525-B9E8-172B68CA0AD8}C:\users\leoni_p\emule\incoming\emule\emule.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\emule\incoming\emule\emule.exe |
"UDP Query User{51BD96A2-1AAB-400B-8100-E6A9348AD85C}C:\windows\system32\spool\drivers\x64\3\sagent4.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\sagent4.exe |
"UDP Query User{552785E5-B164-4240-AAED-B8F49A93B6BC}C:\easy stand alone\esa.exe" = protocol=17 | dir=in | app=c:\easy stand alone\esa.exe |
"UDP Query User{7C97B567-4293-4949-B4E5-933E9F962407}C:\easy stand alone\esa.exe" = protocol=17 | dir=in | app=c:\easy stand alone\esa.exe |
"UDP Query User{92A8A85A-62F1-4D92-ABE2-A00B68A3B126}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{A31714D5-7E5D-4BAE-A3BC-B5F0F2AF8AE6}C:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe" = protocol=17 | dir=in | app=c:\users\leoni_p\appdata\roaming\fowail\vuoqn.exe |
"UDP Query User{D70AA9B1-C952-4328-9599-D3770DD0A6D8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Servizi di stampa Bonjour
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3A8140B4-D268-4A68-A198-E42A57F20B7A}" = Embedded Security for HP ProtectTools
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-8001-0410-0102-0060B0CE6BBA}" = AutoCAD 2010 - Italiano
"{5783F2D7-8001-0410-1102-0060B0CE6BBA}" = Language Pack di AutoCAD 2010 - Italiano
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5 Language Pack (ITA)
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C0F8FC99-54C8-4532-A5F0-827589F59D10}" = Drive Encryption for HP ProtectTools
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC61E3DE-5E30-3915-AB97-D07BBF185426}" = Microsoft .NET Framework 4.5 ITA Language Pack
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FFD65E82-A6FC-4144-92C2-DEA011249F9C}" = HP 3D DriveGuard
"3CAABDB4D5E19760A561BDB6506A3E8432AE8457" = Pacchetto driver Windows - Das USB (09/20/2010 1.6.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pacchetto driver Windows - Nokia Modem (02/25/2011 7.01.0.9)
"A4AF5D1384433F821F1140811A66E5A17D9F8EAF" = Pacchetto driver Windows - Das (WinUSB) USB (2/1/2011 1.2.8)
"AutoCAD 2010 - Italiano" = AutoCAD 2010 - Italiano
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pacchetto driver Windows - Nokia Modem (02/25/2011 4.7)
"EPSON Printer and Utilities" = Software per stampante EPSON
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HECI" = Intel® Management Engine Interface
"LSI Soft Modem" = LSI HDA Modem
"MESOL" = Tecnologia Intel® Active Management
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{072D23BC-32E0-4F51-9646-08C816B02FD4}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build )
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{524228C9-826F-4B58-9E47-4F2E5C7E9F45}" = SnagIt 8
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55DC2BEC-E75A-456F-A011-4540F5DE6D90}" = StuffIt Deluxe
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8A48DB0F-2FAE-4E85-BAEB-0E68270E7D73}" = HP User Guides 0104
"{8A7EDC20-073C-4D44-B73C-6ECD14AB6615}" = BeoPort
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_STANDARD_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_STANDARD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_STANDARD_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2B7DE12-A197-416A-B44B-A5A39B169273}" = EASClient
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1040-7D70-BA7E-000000000004}" = Adobe Acrobat 9 Standard - Italiano, Español, Nederlands, Português
"{AC76BA86-1040-7D70-BA7E-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1040-7D70-BA7E-000000000004}{AC76BA86-1040-7D70-BA7E-000000000004}" = Adobe Acrobat 9 Standard - Italiano, Español, Nederlands, Português
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF61282C-B451-4225-99D8-618B377BC0C8}" = Adobe Photoshop CS3
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE282C23-5484-47FF-B2C1-EBEA5C891040}" = Nero 8 Ultra Edition HD
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DD724C-236E-4676-9EEF-4EB323BF76C0}" = HP ESU for Microsoft Windows 7
"{C9601EF7-606D-4873-94BD-8B149D5D1666}" = Mobile Net Switch
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1" = STP Viewer 2.3
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync for Files 1.42
"{EF702442-B623-4B6A-B41D-412584301725}_is1" = Easy2Sync for Outlook 4.04
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F76B2E7F-48CB-49A9-9286-7D0420CBD0A7}" = HP ProtectTools Security Manager
"{F7EC885B-6F58-45B2-9E6A-D4A957EB8333}_is1" = yDGpatch v1.2
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_081686a30873d046090c3ba1d992198" = Adobe Photoshop CS3
"Advanced Renamer_is1" = Advanced Renamer
"AI RoboForm" = AI RoboForm (All Users)
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bit4Id - CSP e PKCS#11 per la CRS Lombardia" = Bit4Id - PdL Cittadino per la CRS di Regione Lombardia - 1.2.13
"conduitEngine" = Conduit Engine
"CRS Manager_is1" = CRS Manager 3.1.3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Directory Lister_is1" = Directory Lister v0.9.1
"DivX Setup" = DivX Setup
"DRIVER ACR38U x64_is1" = DRIVER ACR38U x64
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy2Sync for Outlook" = Easy2Sync for Outlook
"Easy2Sync für Dateien" = Easy2Sync für Dateien
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.5.3
"Free MOV to AVI Converter_is1" = Free MOV to AVI Converter 1.2
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.7
"Google Chrome" = Google Chrome
"HP QuickLook 2_is1" = HP QuickLook 2
"InstallShield_{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"InstallShield_{55DC2BEC-E75A-456F-A011-4540F5DE6D90}" = StuffIt Deluxe
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"iPhoneSMSExport" = iPhoneSMSExport
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000
"Nokia PC Suite" = Nokia PC Suite
"Outlook Recovery Toolbox_is1" = Outlook Recovery Toolbox 1.3
"SAPGUI710" = SAP GUI 7.10
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TrueCrypt" = TrueCrypt
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.1
"VPN Client" = VPN Client
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR gestione archivi
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 12/13/2012 6:03:27 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: splwow64.exe, versione:
6.1.7601.17777, timestamp: 0x4f35fbfe Nome del modulo che ha generato l'errore:
E_GU14LE.DLL, versione: 0.3.0.0, timestamp: 0x42dcb1c6 Codice eccezione: 0xc0000005
Offset
errore 0x000000000000a500 ID processo che ha generato l'errore: 0x888 Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cdd97da96b4ef1 Percorso dell'applicazione
che ha generato l'errore: C:\windows\splwow64.exe Percorso del modulo che ha generato
l'errore: C:\windows\system32\spool\DRIVERS\x64\3\E_GU14LE.DLL ID segnalazione:
eb5c7655-4570-11e2-bada-fe7bff76f6a8
Error - 12/13/2012 6:03:30 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: splwow64.exe, versione:
6.1.7601.17777, timestamp: 0x4f35fbfe Nome del modulo che ha generato l'errore:
E_GU14LE.DLL, versione: 0.3.0.0, timestamp: 0x42dcb1c6 Codice eccezione: 0xc0000005
Offset
errore 0x000000000000a500 ID processo che ha generato l'errore: 0x1018 Ora di avvio
dell'applicazione che ha generato l'errore: 0x01cdd97daf4235cd Percorso dell'applicazione
che ha generato l'errore: C:\windows\splwow64.exe Percorso del modulo che ha generato
l'errore: C:\windows\system32\spool\DRIVERS\x64\3\E_GU14LE.DLL ID segnalazione:
ed0db2b7-4570-11e2-bada-fe7bff76f6a8
Error - 12/14/2012 7:38:00 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842827
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Errore nel
file manifesto o dei criteri "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
riga 2. Non sono consentiti più elementi requestedPrivileges nel manifesto.
Error - 12/14/2012 7:38:34 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Errore nel file manifesto o
dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 12/14/2012 7:38:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Errore nel file manifesto
o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 12/14/2012 7:38:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Errore nel file manifesto
o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione
è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:.
Componente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 12/14/2012 4:34:54 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: iexplore.exe, versione:
8.0.7601.17514, timestamp: 0x4ce79912 Nome del modulo che ha generato l'errore:
MSVCR80.dll, versione: 8.0.50727.6195, timestamp: 0x4dcddbf3 Codice eccezione: 0xc000000d
Offset
errore 0x0001e898 ID processo che ha generato l'errore: 0x14d4 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cdda38fa2fba9a Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Internet Explorer\iexplore.exe Percorso del modulo
che ha generato l'errore: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
ID
segnalazione: b70d978a-462d-11e2-bada-fe7bff76f6a8
Error - 12/14/2012 6:03:19 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = VmbService | ID = 0
Description = GetClient
Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15756
Error - 12/15/2012 7:49:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15756
[ Credential Manager Events ]
Error - 11/6/2012 7:03:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost
Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP
Error - 11/6/2012 7:03:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.
Error - 11/30/2012 8:51:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost
Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP
Error - 11/30/2012 8:51:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.
Error - 11/30/2012 8:51:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost
Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP
Error - 11/30/2012 8:51:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.
Error - 11/30/2012 8:51:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost
Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP
Error - 11/30/2012 8:51:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.
Error - 12/6/2012 3:55:35 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utente:
leoni_p@ARTEMIDE GUID client: {Password} Errore: 0xC516020B Host client: localhost
Indirizzo
client: 127.0.0.1 Autorità: HP Host server: localhost Protocollo: HTTP
Error - 12/6/2012 3:55:35 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utente: leoni_p@ARTEMIDE
Credenziali:
Password Errore: (0xC516020B) Accesso non effettuato. Assicurasi che il nome
utente e il dominio siano corretti, quindi digitare nuovamente la password. Digitare
la password rispettando i caratteri maiuscoli e minuscoli. Verificare che il tasto
BLOC MAIUSC non sia attivato.
[ Hewlett-Packard Events ]
Error - 9/4/2011 10:26:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091104042629.xml
File not created by asset agent
Error - 9/11/2011 10:47:33 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091111044731.xml
File not created by asset agent
Error - 9/25/2011 10:03:22 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091125040319.xml
File not created by asset agent
Error - 10/2/2011 10:31:24 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101102043120.xml
File not created by asset agent
Error - 10/2/2011 10:31:27 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101102043124.xml
File not created by asset agent
Error - 10/9/2011 6:05:21 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =
Error - 11/6/2011 11:10:54 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Oggetto '/023a7995_310c_4c6c_8e56_ee935342039e/kuwsape2d+kkot6lj_pum9xq_5.rem'
disconnesso o non esistente sul server. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
it-IT RAM: 8092 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 5/20/2012 4:30:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 in System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) in System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) in System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) in System.Activator.CreateInstance(Type
type, Boolean nonPublic) in HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
in System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
in System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
in System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) in System.Activator.CreateInstance(Type type, Boolean nonPublic)
in HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: it-IT RAM: 8092 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 10/8/2012 2:39:53 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =
Error - 11/8/2012 5:32:21 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = HPSF.exe | ID = 4000
Description =
[ Media Center Events ]
Error - 9/16/2012 10:13:22 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 04:13:22 - Errore di connessione a Internet. 04:13:22 - Impossibile
contattare il server..
Error - 9/16/2012 10:14:10 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 04:14:09 - Errore di connessione a Internet. 04:14:09 - Impossibile
contattare il server..
Error - 9/16/2012 11:17:35 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 05:17:35 - Errore di connessione a Internet. 05:17:35 - Impossibile
contattare il server..
Error - 9/16/2012 11:18:23 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 05:18:22 - Errore di connessione a Internet. 05:18:22 - Impossibile
contattare il server..
Error - 9/17/2012 12:19:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:19:31 - Errore di connessione a Internet. 06:19:31 - Impossibile
contattare il server..
Error - 9/17/2012 12:20:19 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:20:18 - Errore di connessione a Internet. 06:20:18 - Impossibile
contattare il server..
Error - 9/18/2012 2:49:28 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 08:49:28 - Errore di connessione a Internet. 08:49:28 - Impossibile
contattare il server..
Error - 9/18/2012 2:50:04 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 08:49:57 - Errore di connessione a Internet. 08:49:57 - Impossibile
contattare il server..
Error - 9/28/2012 12:49:46 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:49:44 - Errore di connessione a Internet. 06:49:46 - Impossibile
contattare il server..
Error - 9/28/2012 12:50:25 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = MCUpdate | ID = 0
Description = 06:49:59 - Errore di connessione a Internet. 06:49:59 - Impossibile
contattare il server..
[ OSession Events ]
Error - 3/7/2011 7:24:31 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1610
seconds with 420 seconds of active time. This session ended with a crash.
Error - 4/14/2011 11:45:55 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1585
seconds with 660 seconds of active time. This session ended with a crash.
Error - 4/27/2011 2:12:54 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 120 seconds of active time. This session ended with a crash.
Error - 5/6/2011 2:59:15 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/14/2011 12:47:48 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3702
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 5/14/2011 12:49:18 PM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/14/2011 4:24:42 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/4/2011 8:01:49 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 944
seconds with 240 seconds of active time. This session ended with a crash.
Error - 4/24/2012 7:49:05 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/18/2012 10:24:59 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 694
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/16/2012 10:41:41 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7000
Description = Il servizio HP ProtectTools Service non è stato avviato per il seguente
errore: %%1006
Error - 12/16/2012 10:41:59 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: SBRE
Error - 12/16/2012 10:42:49 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Elaborazione dei Criteri di gruppo non riuscita a causa di problemi
di connettività con un controller di dominio. Il problema potrebbe essere transitorio.
Se il computer si connette al controller di dominio e i Criteri di gruppo vengono
elaborati correttamente, verrà generato un messaggio di operazione riuscita. Se
dopo alcune ore tale messaggio non viene visualizzato, contattare l'amministratore.
Error - 12/16/2012 10:43:14 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 10:43:22 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 10:44:26 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = Service Control Manager | ID = 7001
Description = Il servizio Connection Manager di Accesso remoto dipende dal servizio
Telefonia che non è stato avviato per il seguente errore: %%1058
Error - 12/16/2012 11:02:03 AM | Computer Name = LEONI_PORT_HP.artemide.fr | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-16 16:05:20
-----------------------------
16:05:20.994 OS Version: Windows x64 6.1.7601 Service Pack 1
16:05:20.994 Number of processors: 2 586 0x170A
16:05:20.994 ComputerName: LEONI_PORT_HP UserName: leoni_p
16:05:24.201 Initialize success
16:05:35.749 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:05:35.764 Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
16:05:35.764 Disk 0 MBR read successfully
16:05:35.780 Disk 0 MBR scan
16:05:35.780 Disk 0 Windows VISTA default MBR code
16:05:35.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:05:35.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287535 MB offset 616448
16:05:35.842 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589488128
16:05:35.858 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620945408
16:05:35.905 Disk 0 scanning C:\windows\system32\drivers
16:05:47.932 Service scanning
16:05:57.589 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
16:05:57.682 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
16:05:57.776 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
16:05:57.838 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:06:04.796 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
16:06:06.574 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
16:06:12.268 Modules scanning
16:06:12.284 Disk 0 trace - called modules:
16:06:12.299 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys sptd.sys hal.dll
16:06:12.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da5060]
16:06:12.315 3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa8007da4b10]
16:06:12.331 5 hpdskflt.sys[fffff88002d9f189] -> nt!IofCallDriver -> [0xfffffa8007b3fa40]
16:06:12.331 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007aea050]
16:06:12.377 Scan finished successfully
16:06:19.180 Disk 0 MBR has been saved successfully to "C:\Users\leoni_p\Desktop\MBR.dat"
16:06:19.180 The log file has been saved successfully to "C:\Users\leoni_p\Desktop\aswMBR.txt"
RogueKiller V8.4.0 _x64_ [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/Website :
http://tigzy.geeksto...roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leoni_p [Admin rights]
Mode : Scan -- Date : 12/16/2012 16:08:15
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\Run : bit4id store register (RUNDLL32.EXE "C:\windows\system32\bit4cnsp.dll",RegisterMyPhysicalStore) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer) -> FOUND
[TASK][SUSP PATH] {1BEF4976-5F41-4C71-AD84-30479BF507C8} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {74F6F1F7-5A87-41CA-B5F2-EACA4136175B} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {9F6A86DE-25CF-442F-9049-6E5A887D4E10} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {B6B0549B-32DF-43F0-8EC5-04EF5184F500} : C:\Users\leoni_p\Programmi originali\Applicazioni varie\Sincronizzazione Outlook\Easy2sync XP + keygen.exe -> FOUND
[TASK][SUSP PATH] {C12F22FB-2496-484A-9020-40E64D4CBC12} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\2 Autocad 2004 -ITA + crack\setup.exe -> FOUND
[TASK][SUSP PATH] {C2CA03EE-1B85-4187-B7DC-DBCE0658A8DB} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[TASK][SUSP PATH] {FA4B9978-3E0F-4919-821D-1D494EA1EABE} : C:\Users\leoni_p\Programmi originali\Cad\Autodesk Autocad 2004\Autocad 2004 Multi language + ita funziona 100%\setup.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{403E673E-14E5-42D2-B9D7-92AE45928CEC} : NameServer (151.99.125.1,172.16.20.15) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F2DDA459-4252-4789-AF5C-B3D6610BA816} : NameServer (83.224.66.134 83.224.70.93) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
192.0.0.246 exchange.artemide.fr
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 13252fa7ec72350d38f2cca8a39c283e
[BSP] 21193f1c641b991d49956de9b5ef4a96 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 287535 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 589488128 | Size: 15360 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620945408 | Size: 2043 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12162012_02d1608.txt >>
RKreport[1]_S_12162012_02d1608.txt
# AdwCleaner v2.100 - Logfile creato il 16/12/2012 alle 16:09:08
# Aggiornamento 09/12/2012 by Xplode
# Sistema Operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Utente : leoni_p - LEONI_PORT_HP
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\leoni_p\Desktop\AdwCleaner.exe
# Opzioni [Cerca]
***** [Servizi] *****
***** [File / Cartelle] *****
Cartella Trovato : C:\Program Files (x86)\Conduit
Cartella Trovato : C:\Program Files (x86)\ConduitEngine
Cartella Trovato : C:\Program Files (x86)\DVDVideoSoftTB
Cartella Trovato : C:\Program Files (x86)\Fun4IM
Cartella Trovato : C:\Program Files (x86)\Windows Searchqu Toolbar
Cartella Trovato : C:\ProgramData\Anti-phishing Domain Advisor
Cartella Trovato : C:\ProgramData\blekko toolbars
Cartella Trovato : C:\ProgramData\Fun4IM
Cartella Trovato : C:\Users\leoni_p\AppData\Local\Conduit
Cartella Trovato : C:\Users\leoni_p\AppData\Local\ConduitEngine
Cartella Trovato : C:\Users\leoni_p\AppData\Local\Ilivid Player
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\Bandoo
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\boost_interprocess
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\Conduit
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\ConduitEngine
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\DVDVideoSoftTB
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\PriceGong
Cartella Trovato : C:\Users\leoni_p\AppData\LocalLow\searchquband
Cartella Trovato : C:\Users\leoni_p\AppData\Roaming\Bandoo
Cartella Trovato : C:\Users\leoni_p\AppData\Roaming\SearchquTB
File Trovato : C:\windows\SysWOW64\conduitEngine.tmp
***** [Registro] *****
Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Trovata : HKCU\Software\AppDataLow\Software\conduitEngine
Chiave Trovata : HKCU\Software\AppDataLow\Software\conduitEngine
Chiave Trovata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Trovata : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Chiave Trovata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Trovata : HKCU\Software\AppDataLow\Software\searchqutb
Chiave Trovata : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Trovata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Trovata : HKCU\Software\AppDataLow\Toolbar
Chiave Trovata : HKCU\Software\Conduit
Chiave Trovata : HKCU\Software\conduitEngine
Chiave Trovata : HKCU\Software\conduitEngine
Chiave Trovata : HKCU\Software\DataMngr
Chiave Trovata : HKCU\Software\ilivid
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA5CD43D-446D-42A9-906E-3CACEDB3423F}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Trovata : HKLM\Software\Bandoo
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Chiave Trovata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Chiave Trovata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Chiave Trovata : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Chiave Trovata : HKLM\Software\Conduit
Chiave Trovata : HKLM\Software\conduitEngine
Chiave Trovata : HKLM\Software\conduitEngine
Chiave Trovata : HKLM\Software\DVDVideoSoftTB
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{64403F3A-10DD-4636-BD0B-416DB974EDAD}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64403F3A-10DD-4636-BD0B-416DB974EDAD}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA5CD43D-446D-42A9-906E-3CACEDB3423F}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14923BF3-A4CB-4428-B09A-93D7813E0F1E}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DF1DED9-B34B-4243-A511-987BDEA7AAD5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36F2C62A-B838-4BF0-95AF-D2036A8A0C36}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Trovata : HKLM\SOFTWARE\DataMngr
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKU\S-1-5-21-3749049988-3279931320-1326787242-1281\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
***** [Browser Internet] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registro Pulito.
-\\ Mozilla Firefox v [Impossibile rilevare la versione]
Nome Profilo : default
File : C:\Users\leoni_p\AppData\Roaming\Mozilla\Firefox\Profiles\68plkaoc.default\prefs.js
Trovata : user_pref("browser.search.defaultenginename", "Blekko");
Trovata : user_pref("browser.search.order.1", "Blekko");
Trovata : user_pref("browser.search.selectedEngine", "Blekko");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\leoni_p\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File Pulito.
*************************
AdwCleaner[R1].txt - [14024 octets] - [16/12/2012 15:23:47]
AdwCleaner[R2].txt - [13988 octets] - [16/12/2012 16:09:08]
########## EOF - C:\AdwCleaner[R2].txt - [14049 octets] ##########