Log ComboFix

In questa sezione del forum si parla di sicurezza, soluzioni antivirus, firewall, problematiche relative a malware in generale

Moderatore: Staff forum IlSoftware.it

Log ComboFix

Messaggiodi tommisano » 10 nov 2012 23:31

Salve ragazzi, il pc della mia ragazza ha iniziato a dare dei problemi strani, tipo lentezza nell'aprire windows, ma soprattutto quando andava in sospensione non si riaccendeva più! prendendo spunto da una lettura su internet, ho fatto uno scandisk, ma addirittura ora quando spengo (arresta il sistema) restano i led della tastiera accesi! Ho provato ad eseguire ComboFix, ma il log è per me incomprensibile...
Vi chiedere quindi se la strada intrapresa è quella giusta... intanto vi allego il log sperando in una vostra mano!
Grazie, ciao.
Tom

Codice: Seleziona tutto
ComboFix 12-11-09.02 - Antonella 10/11/2012  21:52:42.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4044.2474 [GMT 1:00]
Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-10-10 al 2012-11-10  )))))))))))))))))))))))))))))))))))
.
.
2012-11-10 21:43 . 2012-11-10 21:43   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-11-10 20:40 . 2012-11-10 20:41   --------   d-----w-   c:\users\Antonella\AppData\Roaming\GetRightToGo
2012-11-04 16:41 . 2012-11-04 16:41   --------   d-----w-   c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-10-21 21:24 . 2012-10-21 21:42   --------   d-----w-   c:\users\Antonella\AppData\Roaming\Apple Computer
2012-10-21 21:24 . 2012-10-21 21:24   --------   d-----w-   c:\users\Antonella\AppData\Local\Apple Computer
2012-10-21 21:24 . 2012-10-21 21:24   --------   dc----w-   c:\windows\system32\DRVSTORE
2012-10-21 21:24 . 2012-08-21 11:01   33240   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-21 21:23 . 2012-10-21 21:23   --------   d-----w-   c:\program files\iPod
2012-10-21 21:23 . 2012-10-21 21:24   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-21 21:23 . 2012-10-21 21:24   --------   d-----w-   c:\program files\iTunes
2012-10-21 21:23 . 2012-10-21 21:24   --------   d-----w-   c:\program files (x86)\iTunes
2012-10-21 21:18 . 2012-10-21 21:18   --------   d-----w-   c:\program files (x86)\Apple Software Update
2012-10-21 21:18 . 2012-10-21 21:18   --------   d-----w-   c:\program files\Common Files\Apple
2012-10-21 21:18 . 2012-10-21 21:18   --------   d-----w-   c:\program files (x86)\Bonjour
2012-10-21 21:18 . 2012-10-21 21:18   --------   d-----w-   c:\program files\Bonjour
2012-10-21 17:36 . 2012-10-21 17:36   --------   d-----w-   c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 19:17 . 2012-01-07 10:20   65309168   ----a-w-   c:\windows\system32\MRT.exe
2012-10-09 18:51 . 2012-04-14 07:30   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:51 . 2012-04-14 07:30   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-24 13:32 . 2012-07-08 16:14   477168   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2011-04-12 10:07   473072   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 06:07   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 06:07   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 06:08   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 06:08   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 06:08   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 06:08   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 06:08   220160   ----a-w-   c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 06:08   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 10:57   17810944   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:57   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:57   2312704   ----a-w-   c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:57   1346048   ----a-w-   c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:57   1392128   ----a-w-   c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:57   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:57   237056   ----a-w-   c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:57   85504   ----a-w-   c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:57   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:57   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:57   599040   ----a-w-   c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:57   2144768   ----a-w-   c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:57   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:57   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:57   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:57   248320   ----a-w-   c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:57   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:57   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:57   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:57   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:57   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:57   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 06:15   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 06:15   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 06:15   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 06:15   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-30 20:36   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-08-21 11:01   125872   ----a-w-   c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01   106928   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:13 . 2012-02-27 22:39   359464   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-27 22:39   969200   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-27 22:39   59728   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-27 22:39   54072   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-02-27 22:39   71600   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-02-27 22:39   25232   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-02-27 22:39   41224   ----a-w-   c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-27 22:39   227648   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-02-27 22:39   285328   ----a-w-   c:\windows\system32\aswBoot.exe
2012-08-20 18:48 . 2012-10-10 06:08   362496   ----a-w-   c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 06:08   243200   ----a-w-   c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 06:08   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 06:08   215040   ----a-w-   c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 06:08   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 06:08   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 06:08   1162240   ----a-w-   c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 06:08   338432   ----a-w-   c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 06:08   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   5120   ---ha-w-   c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 06:08   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 06:08   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 06:08   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 06:08   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 06:08   274944   ----a-w-   c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 06:08   4608   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:08   5120   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"ConnMonitor"="c:\program files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Server di rete.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2012-1-7 5724472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpwnt;cpwnt; [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-07 1038088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-03-26 118016]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-03-26 137216]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:51]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 17:42]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 17:42]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514294524-1819331712-3367426616-1000Core.job
- c:\users\Antonella\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 18:36]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514294524-1819331712-3367426616-1000UA.job
- c:\users\Antonella\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 18:36]
.
2012-10-31 c:\windows\Tasks\HPCeeScheduleForANTONELLA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2012-11-10 c:\windows\Tasks\HPCeeScheduleForAntonella.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11   133400   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-11-10  22:48:09
ComboFix-quarantined-files.txt  2012-11-10 21:48
.
Pre-Run: 375.081.533.440 byte disponibili
Post-Run: 377.496.772.608 byte disponibili
.
- - End Of File - - C96DCB7F34753DB5C5518A280BE01ACF
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 11 nov 2012 10:40

Non si evince granchè..

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, ha nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Re: Log ComboFix

Messaggiodi tommisano » 11 nov 2012 10:50

Ok grazie.
Cosa me ne faccio ora di combofix? Questo programmino che mi dici di scaricare non va in conflitto con Avast?

Grazie.
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 11 nov 2012 12:27

A combofix pensiamo dopo.
Non va in conflitto con AVast, altrimenti non te lo avrei nemmeno fatto scaricare, non credi?
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Re: Log ComboFix

Messaggiodi tommisano » 13 nov 2012 21:24

Giusto, sorry. :)
Ho fatto come detto... la scansione è durata davvero poco, allego log

in ansiosa attesa, ciao
PS: spacco in due essendo più di 60000 caratteri.

Codice: Seleziona tutto
21:19:05.0370 4012  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:05.0744 4012  ============================================================
21:19:05.0744 4012  Current date / time: 2012/11/13 21:19:05.0744
21:19:05.0744 4012  SystemInfo:
21:19:05.0744 4012 
21:19:05.0744 4012  OS Version: 6.1.7601 ServicePack: 1.0
21:19:05.0744 4012  Product type: Workstation
21:19:05.0744 4012  ComputerName: ANTONELLA-HP
21:19:05.0744 4012  UserName: Antonella
21:19:05.0744 4012  Windows directory: C:\Windows
21:19:05.0744 4012  System windows directory: C:\Windows
21:19:05.0744 4012  Running under WOW64
21:19:05.0744 4012  Processor architecture: Intel x64
21:19:05.0744 4012  Number of processors: 8
21:19:05.0744 4012  Page size: 0x1000
21:19:05.0744 4012  Boot type: Normal boot
21:19:05.0744 4012  ============================================================
21:19:06.0930 4012  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:19:06.0946 4012  Drive \Device\Harddisk1\DR1 - Size: 0xEC400000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:19:06.0961 4012  ============================================================
21:19:06.0961 4012  \Device\Harddisk0\DR0:
21:19:06.0961 4012  MBR partitions:
21:19:06.0961 4012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:19:06.0961 4012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385EF000
21:19:06.0961 4012  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38653000, BlocksNum 0x1CFF000
21:19:06.0961 4012  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:19:06.0961 4012  \Device\Harddisk1\DR1:
21:19:06.0961 4012  MBR partitions:
21:19:06.0961 4012  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760000
21:19:06.0961 4012  ============================================================
21:19:06.0992 4012  C: <-> \Device\Harddisk0\DR0\Partition2
21:19:07.0039 4012  D: <-> \Device\Harddisk0\DR0\Partition3
21:19:07.0055 4012  E: <-> \Device\Harddisk0\DR0\Partition4
21:19:07.0055 4012  ============================================================
21:19:07.0055 4012  Initialize success
21:19:07.0055 4012  ============================================================
21:19:12.0109 3508  ============================================================
21:19:12.0109 3508  Scan started
21:19:12.0109 3508  Mode: Manual;
21:19:12.0109 3508  ============================================================
21:19:12.0452 3508  ================ Scan system memory ========================
21:19:12.0452 3508  System memory - ok
21:19:12.0468 3508  ================ Scan services =============================
21:19:12.0655 3508  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:19:12.0655 3508  1394ohci - ok
21:19:12.0686 3508  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
21:19:12.0686 3508  Accelerometer - ok
21:19:12.0733 3508  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:19:12.0733 3508  ACPI - ok
21:19:12.0796 3508  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:19:12.0796 3508  AcpiPmi - ok
21:19:12.0842 3508  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
21:19:12.0842 3508  adfs - ok
21:19:12.0967 3508  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:19:12.0967 3508  AdobeARMservice - ok
21:19:13.0092 3508  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:13.0108 3508  AdobeFlashPlayerUpdateSvc - ok
21:19:13.0186 3508  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:19:13.0201 3508  adp94xx - ok
21:19:13.0248 3508  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:19:13.0248 3508  adpahci - ok
21:19:13.0279 3508  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:19:13.0279 3508  adpu320 - ok
21:19:13.0326 3508  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:19:13.0326 3508  AeLookupSvc - ok
21:19:13.0420 3508  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
21:19:13.0420 3508  AESTFilters - ok
21:19:13.0466 3508  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:19:13.0482 3508  AFD - ok
21:19:13.0498 3508  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:19:13.0498 3508  agp440 - ok
21:19:13.0513 3508  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:19:13.0529 3508  ALG - ok
21:19:13.0576 3508  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:19:13.0576 3508  aliide - ok
21:19:13.0638 3508  [ 1B4A3C8E429F1FAB998ECEEA3CE3E0B8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:19:13.0638 3508  AMD External Events Utility - ok
21:19:13.0669 3508  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:19:13.0669 3508  amdide - ok
21:19:13.0716 3508  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:19:13.0716 3508  AmdK8 - ok
21:19:13.0997 3508  [ E08CF0ED91FCCA0017776CFF4A506012 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:19:14.0231 3508  amdkmdag - ok
21:19:14.0309 3508  [ F072F317E430925C7D88C766DB7DA86E ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:19:14.0309 3508  amdkmdap - ok
21:19:14.0356 3508  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:19:14.0356 3508  AmdPPM - ok
21:19:14.0402 3508  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:19:14.0402 3508  amdsata - ok
21:19:14.0434 3508  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:19:14.0449 3508  amdsbs - ok
21:19:14.0480 3508  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:19:14.0480 3508  amdxata - ok
21:19:14.0527 3508  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:19:14.0527 3508  AppID - ok
21:19:14.0558 3508  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:19:14.0558 3508  AppIDSvc - ok
21:19:14.0590 3508  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:19:14.0590 3508  Appinfo - ok
21:19:14.0652 3508  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:14.0668 3508  Apple Mobile Device - ok
21:19:14.0761 3508  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:19:14.0761 3508  arc - ok
21:19:14.0777 3508  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:19:14.0777 3508  arcsas - ok
21:19:14.0839 3508  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:19:14.0839 3508  aswFsBlk - ok
21:19:14.0933 3508  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:19:14.0933 3508  aswMonFlt - ok
21:19:15.0011 3508  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:19:15.0011 3508  aswRdr - ok
21:19:15.0058 3508  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:19:15.0073 3508  aswSnx - ok
21:19:15.0120 3508  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:19:15.0120 3508  aswSP - ok
21:19:15.0167 3508  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:19:15.0167 3508  aswTdi - ok
21:19:15.0214 3508  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:15.0214 3508  AsyncMac - ok
21:19:15.0245 3508  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:19:15.0245 3508  atapi - ok
21:19:15.0323 3508  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:15.0338 3508  AudioEndpointBuilder - ok
21:19:15.0354 3508  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:19:15.0370 3508  AudioSrv - ok
21:19:15.0448 3508  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:19:15.0448 3508  avast! Antivirus - ok
21:19:15.0463 3508  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:19:15.0479 3508  AxInstSV - ok
21:19:15.0526 3508  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:19:15.0541 3508  b06bdrv - ok
21:19:15.0572 3508  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:19:15.0572 3508  b57nd60a - ok
21:19:15.0619 3508  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:19:15.0619 3508  BBSvc - ok
21:19:15.0744 3508  [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:19:15.0791 3508  BCM43XX - ok
21:19:15.0822 3508  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:19:15.0822 3508  BDESVC - ok
21:19:15.0853 3508  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:19:15.0853 3508  Beep - ok
21:19:15.0884 3508  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:19:15.0900 3508  BFE - ok
21:19:15.0947 3508  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:19:15.0978 3508  BITS - ok
21:19:16.0009 3508  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:19:16.0009 3508  blbdrive - ok
21:19:16.0087 3508  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:16.0087 3508  Bonjour Service - ok
21:19:16.0118 3508  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:19:16.0134 3508  bowser - ok
21:19:16.0165 3508  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:19:16.0165 3508  BrFiltLo - ok
21:19:16.0196 3508  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:19:16.0196 3508  BrFiltUp - ok
21:19:16.0243 3508  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:19:16.0243 3508  BridgeMP - ok
21:19:16.0290 3508  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:19:16.0290 3508  Browser - ok
21:19:16.0321 3508  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:19:16.0337 3508  Brserid - ok
21:19:16.0352 3508  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:19:16.0352 3508  BrSerWdm - ok
21:19:16.0384 3508  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:19:16.0384 3508  BrUsbMdm - ok
21:19:16.0430 3508  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:19:16.0446 3508  BrUsbSer - ok
21:19:16.0462 3508  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:19:16.0462 3508  BTHMODEM - ok
21:19:16.0493 3508  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:19:16.0493 3508  bthserv - ok
21:19:16.0524 3508  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:19:16.0524 3508  cdfs - ok
21:19:16.0555 3508  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:19:16.0555 3508  cdrom - ok
21:19:16.0586 3508  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:19:16.0602 3508  CertPropSvc - ok
21:19:16.0618 3508  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:19:16.0618 3508  circlass - ok
21:19:16.0664 3508  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:19:16.0664 3508  CLFS - ok
21:19:16.0727 3508  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:16.0742 3508  clr_optimization_v2.0.50727_32 - ok
21:19:16.0789 3508  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:19:16.0805 3508  clr_optimization_v2.0.50727_64 - ok
21:19:16.0883 3508  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:16.0914 3508  clr_optimization_v4.0.30319_32 - ok
21:19:16.0945 3508  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:19:16.0945 3508  clr_optimization_v4.0.30319_64 - ok
21:19:16.0976 3508  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
21:19:16.0992 3508  clwvd - ok
21:19:17.0023 3508  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:19:17.0023 3508  CmBatt - ok
21:19:17.0054 3508  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:19:17.0070 3508  cmdide - ok
21:19:17.0117 3508  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:19:17.0132 3508  CNG - ok
21:19:17.0148 3508  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:19:17.0164 3508  Compbatt - ok
21:19:17.0195 3508  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:19:17.0195 3508  CompositeBus - ok
21:19:17.0210 3508  COMSysApp - ok
21:19:17.0226 3508  cpwnt - ok
21:19:17.0242 3508  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:19:17.0242 3508  crcdisk - ok
21:19:17.0288 3508  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:19:17.0304 3508  CryptSvc - ok
21:19:17.0335 3508  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:19:17.0351 3508  DcomLaunch - ok
21:19:17.0398 3508  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:19:17.0398 3508  defragsvc - ok
21:19:17.0429 3508  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:19:17.0429 3508  DfsC - ok
21:19:17.0460 3508  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:19:17.0460 3508  Dhcp - ok
21:19:17.0476 3508  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:19:17.0491 3508  discache - ok
21:19:17.0522 3508  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:19:17.0522 3508  Disk - ok
21:19:17.0569 3508  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:19:17.0585 3508  Dnscache - ok
21:19:17.0616 3508  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:19:17.0616 3508  dot3svc - ok
21:19:17.0647 3508  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:19:17.0647 3508  DPS - ok
21:19:17.0678 3508  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:19:17.0678 3508  drmkaud - ok
21:19:17.0725 3508  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:19:17.0741 3508  DXGKrnl - ok
21:19:17.0772 3508  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:19:17.0772 3508  EapHost - ok
21:19:17.0881 3508  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:19:17.0944 3508  ebdrv - ok
21:19:17.0990 3508  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:19:18.0006 3508  EFS - ok
21:19:18.0084 3508  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:19:18.0100 3508  ehRecvr - ok
21:19:18.0131 3508  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:19:18.0131 3508  ehSched - ok
21:19:18.0178 3508  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:19:18.0193 3508  elxstor - ok
21:19:18.0224 3508  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:19:18.0224 3508  ErrDev - ok
21:19:18.0271 3508  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:19:18.0287 3508  EventSystem - ok
21:19:18.0334 3508  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:19:18.0334 3508  exfat - ok
21:19:18.0365 3508  ezSharedSvc - ok
21:19:18.0380 3508  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:19:18.0396 3508  fastfat - ok
21:19:18.0427 3508  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:19:18.0443 3508  Fax - ok
21:19:18.0474 3508  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:19:18.0474 3508  fdc - ok
21:19:18.0505 3508  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:19:18.0505 3508  fdPHost - ok
21:19:18.0521 3508  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:19:18.0521 3508  FDResPub - ok
21:19:18.0552 3508  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:19:18.0568 3508  FileInfo - ok
21:19:18.0583 3508  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:19:18.0583 3508  Filetrace - ok
21:19:18.0661 3508  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:19:18.0677 3508  FLEXnet Licensing Service - ok
21:19:18.0895 3508  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
21:19:18.0911 3508  FLEXnet Licensing Service 64 - ok
21:19:18.0958 3508  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:19:18.0958 3508  flpydisk - ok
21:19:18.0973 3508  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:19:18.0989 3508  FltMgr - ok
21:19:19.0067 3508  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:19:19.0082 3508  FontCache - ok
21:19:19.0129 3508  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:19:19.0129 3508  FontCache3.0.0.0 - ok
21:19:19.0145 3508  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:19:19.0145 3508  FsDepends - ok
21:19:19.0176 3508  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:19:19.0176 3508  Fs_Rec - ok
21:19:19.0207 3508  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:19:19.0223 3508  fvevol - ok
21:19:19.0254 3508  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:19:19.0254 3508  gagp30kx - ok
21:19:19.0394 3508  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:19:19.0394 3508  GamesAppService - ok
21:19:19.0426 3508  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:19:19.0426 3508  GEARAspiWDM - ok
21:19:19.0488 3508  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:19:19.0504 3508  gpsvc - ok
21:19:19.0566 3508  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:19.0566 3508  gupdate - ok
21:19:19.0597 3508  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:19.0597 3508  gupdatem - ok
21:19:19.0613 3508  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:19:19.0628 3508  hcw85cir - ok
21:19:19.0660 3508  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:19.0675 3508  HdAudAddService - ok
21:19:19.0691 3508  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:19:19.0706 3508  HDAudBus - ok
21:19:19.0722 3508  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:19:19.0738 3508  HidBatt - ok
21:19:19.0753 3508  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:19:19.0753 3508  HidBth - ok
21:19:19.0784 3508  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:19:19.0784 3508  HidIr - ok
21:19:19.0800 3508  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:19:19.0816 3508  hidserv - ok
21:19:19.0831 3508  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:19:19.0831 3508  HidUsb - ok
21:19:19.0862 3508  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:19:19.0878 3508  hkmsvc - ok
21:19:19.0894 3508  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:19:19.0894 3508  HomeGroupListener - ok
21:19:19.0940 3508  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:19:19.0972 3508  HomeGroupProvider - ok
21:19:20.0050 3508  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:19:20.0050 3508  HP Support Assistant Service - ok
21:19:20.0143 3508  [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto          C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
21:19:20.0159 3508  HPAuto - ok
21:19:20.0190 3508  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:19:20.0190 3508  HPClientSvc - ok
21:19:20.0268 3508  [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
21:19:20.0284 3508  hpCMSrv - ok
21:19:20.0315 3508  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
21:19:20.0315 3508  hpdskflt - ok
21:19:20.0455 3508  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:19:20.0486 3508  hpqwmiex - ok
21:19:20.0518 3508  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:19:20.0518 3508  HpSAMD - ok
21:19:20.0549 3508  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
21:19:20.0549 3508  hpsrv - ok
21:19:20.0580 3508  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:19:20.0580 3508  HPWMISVC - ok
21:19:20.0627 3508  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:19:20.0642 3508  HTTP - ok
21:19:20.0674 3508  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:19:20.0674 3508  hwpolicy - ok
21:19:20.0705 3508  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:19:20.0705 3508  i8042prt - ok
21:19:20.0783 3508  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:19:20.0783 3508  iaStor - ok
21:19:20.0861 3508  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:19:20.0861 3508  IAStorDataMgrSvc - ok
21:19:20.0892 3508  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:19:20.0908 3508  iaStorV - ok
21:19:21.0032 3508  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:19:21.0048 3508  idsvc - ok
21:19:21.0079 3508  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:19:21.0079 3508  iirsp - ok
21:19:21.0126 3508  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:19:21.0142 3508  IKEEXT - ok
21:19:21.0204 3508  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:19:21.0220 3508  IntcDAud - ok
21:19:21.0251 3508  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:19:21.0251 3508  intelide - ok
21:19:21.0672 3508  [ EFE5A0AF39A8E179624117C521F1E012 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
21:19:21.0968 3508  intelkmd - ok
21:19:22.0000 3508  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:19:22.0000 3508  intelppm - ok
21:19:22.0031 3508  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:19:22.0031 3508  IPBusEnum - ok
21:19:22.0078 3508  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:22.0093 3508  IpFilterDriver - ok
21:19:22.0140 3508  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:19:22.0156 3508  iphlpsvc - ok
21:19:22.0187 3508  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:19:22.0202 3508  IPMIDRV - ok
21:19:22.0218 3508  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:19:22.0218 3508  IPNAT - ok
21:19:22.0265 3508  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:19:22.0280 3508  iPod Service - ok
21:19:22.0312 3508  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:19:22.0312 3508  IRENUM - ok
21:19:22.0343 3508  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:19:22.0343 3508  isapnp - ok
21:19:22.0374 3508  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:19:22.0374 3508  iScsiPrt - ok
21:19:22.0390 3508  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:19:22.0390 3508  kbdclass - ok
21:19:22.0421 3508  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:19:22.0436 3508  kbdhid - ok
21:19:22.0452 3508  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:19:22.0468 3508  KeyIso - ok
21:19:22.0514 3508  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:19:22.0514 3508  KMWDFILTER - ok
21:19:22.0546 3508  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:19:22.0561 3508  KSecDD - ok
21:19:22.0577 3508  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:19:22.0592 3508  KSecPkg - ok
21:19:22.0608 3508  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:19:22.0608 3508  ksthunk - ok
21:19:22.0639 3508  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:19:22.0670 3508  KtmRm - ok
21:19:22.0717 3508  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:19:22.0733 3508  LanmanServer - ok
21:19:22.0764 3508  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:22.0780 3508  LanmanWorkstation - ok
21:19:22.0811 3508  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:19:22.0811 3508  lltdio - ok
21:19:22.0889 3508  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:19:22.0904 3508  lltdsvc - ok
21:19:22.0920 3508  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:19:22.0920 3508  lmhosts - ok
21:19:22.0967 3508  [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:19:22.0967 3508  LMS - ok
21:19:23.0014 3508  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:19:23.0014 3508  LSI_FC - ok
21:19:23.0045 3508  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:19:23.0045 3508  LSI_SAS - ok
21:19:23.0060 3508  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:19:23.0060 3508  LSI_SAS2 - ok
21:19:23.0092 3508  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:19:23.0092 3508  LSI_SCSI - ok
21:19:23.0123 3508  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:19:23.0123 3508  luafv - ok
21:19:23.0170 3508  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:19:23.0170 3508  Mcx2Svc - ok
21:19:23.0201 3508  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:19:23.0201 3508  megasas - ok
21:19:23.0232 3508  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:19:23.0232 3508  MegaSR - ok
21:19:23.0248 3508  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:19:23.0248 3508  MEIx64 - ok
21:19:23.0326 3508  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:19:23.0341 3508  Microsoft Office Groove Audit Service - ok
21:19:23.0372 3508  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:19:23.0388 3508  MMCSS - ok
21:19:23.0404 3508  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:19:23.0404 3508  Modem - ok
21:19:23.0435 3508  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:19:23.0435 3508  monitor - ok
21:19:23.0482 3508  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:19:23.0482 3508  mouclass - ok
21:19:23.0513 3508  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:19:23.0513 3508  mouhid - ok
21:19:23.0528 3508  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:19:23.0544 3508  mountmgr - ok
21:19:23.0560 3508  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:19:23.0591 3508  mpio - ok
21:19:23.0606 3508  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:19:23.0606 3508  mpsdrv - ok
21:19:23.0716 3508  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:19:23.0731 3508  MpsSvc - ok
21:19:23.0747 3508  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:19:23.0762 3508  MRxDAV - ok
21:19:23.0809 3508  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:23.0825 3508  mrxsmb - ok
21:19:23.0856 3508  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:23.0887 3508  mrxsmb10 - ok
21:19:23.0903 3508  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:23.0918 3508  mrxsmb20 - ok
21:19:23.0918 3508  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:19:23.0918 3508  msahci - ok
21:19:23.0965 3508  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:19:23.0996 3508  msdsm - ok
21:19:24.0028 3508  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:19:24.0028 3508  MSDTC - ok
21:19:24.0059 3508  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:19:24.0074 3508  Msfs - ok
21:19:24.0121 3508  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:19:24.0137 3508  mshidkmdf - ok
21:19:24.0168 3508  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:19:24.0168 3508  msisadrv - ok
21:19:24.0230 3508  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:19:24.0246 3508  MSiSCSI - ok
21:19:24.0246 3508  msiserver - ok
21:19:24.0277 3508  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:19:24.0308 3508  MSKSSRV - ok
21:19:24.0355 3508  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:24.0355 3508  MSPCLOCK - ok
21:19:24.0386 3508  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:19:24.0402 3508  MSPQM - ok
21:19:24.0433 3508  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:19:24.0433 3508  MsRPC - ok
21:19:24.0480 3508  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:19:24.0480 3508  mssmbios - ok
21:19:24.0511 3508  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:19:24.0527 3508  MSTEE - ok
21:19:24.0542 3508  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:19:24.0558 3508  MTConfig - ok
21:19:24.0574 3508  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:19:24.0589 3508  Mup - ok
21:19:24.0636 3508  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:19:24.0652 3508  napagent - ok
21:19:24.0698 3508  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:19:24.0698 3508  NativeWifiP - ok
21:19:24.0761 3508  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:19:24.0776 3508  NDIS - ok
21:19:24.0808 3508  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:19:24.0808 3508  NdisCap - ok
21:19:24.0839 3508  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:24.0839 3508  NdisTapi - ok
21:19:24.0854 3508  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:24.0854 3508  Ndisuio - ok
21:19:24.0886 3508  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:24.0886 3508  NdisWan - ok
21:19:24.0917 3508  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:19:24.0917 3508  NDProxy - ok
21:19:24.0932 3508  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:19:24.0932 3508  NetBIOS - ok
21:19:24.0948 3508  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:19:24.0948 3508  NetBT - ok
21:19:24.0964 3508  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:19:24.0979 3508  Netlogon - ok
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi tommisano » 13 nov 2012 21:26

...pt 2

Codice: Seleziona tutto
21:19:25.0010 3508  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:19:25.0026 3508  Netman - ok
21:19:25.0042 3508  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:19:25.0057 3508  netprofm - ok
21:19:25.0073 3508  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:25.0088 3508  NetTcpPortSharing - ok
21:19:25.0120 3508  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:19:25.0120 3508  nfrd960 - ok
21:19:25.0151 3508  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:19:25.0166 3508  NlaSvc - ok
21:19:25.0182 3508  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:19:25.0182 3508  Npfs - ok
21:19:25.0213 3508  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:19:25.0213 3508  nsi - ok
21:19:25.0229 3508  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:19:25.0229 3508  nsiproxy - ok
21:19:25.0307 3508  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:19:25.0338 3508  Ntfs - ok
21:19:25.0354 3508  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:19:25.0354 3508  Null - ok
21:19:25.0385 3508  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
21:19:25.0400 3508  NVENETFD - ok
21:19:25.0432 3508  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:19:25.0432 3508  nvraid - ok
21:19:25.0478 3508  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:19:25.0478 3508  nvstor - ok
21:19:25.0510 3508  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:19:25.0525 3508  nv_agp - ok
21:19:25.0572 3508  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:19:25.0588 3508  odserv - ok
21:19:25.0619 3508  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:19:25.0634 3508  ohci1394 - ok
21:19:25.0681 3508  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:25.0681 3508  ose - ok
21:19:25.0728 3508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:19:25.0728 3508  p2pimsvc - ok
21:19:25.0759 3508  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:19:25.0775 3508  p2psvc - ok
21:19:25.0806 3508  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:19:25.0806 3508  Parport - ok
21:19:25.0837 3508  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:19:25.0853 3508  partmgr - ok
21:19:25.0868 3508  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:19:25.0884 3508  PcaSvc - ok
21:19:25.0900 3508  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:19:25.0915 3508  pci - ok
21:19:25.0931 3508  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:19:25.0931 3508  pciide - ok
21:19:25.0962 3508  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:19:25.0962 3508  pcmcia - ok
21:19:26.0009 3508  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:19:26.0009 3508  pcw - ok
21:19:26.0056 3508  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:19:26.0071 3508  PEAUTH - ok
21:19:26.0149 3508  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:19:26.0165 3508  PerfHost - ok
21:19:26.0243 3508  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:19:26.0274 3508  pla - ok
21:19:26.0321 3508  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:19:26.0336 3508  PlugPlay - ok
21:19:26.0383 3508  [ 50905E14AA8D958D4521B36868D19035 ] pmx3gmdm        C:\Windows\system32\DRIVERS\pmx3gmdm.sys
21:19:26.0383 3508  pmx3gmdm - ok
21:19:26.0414 3508  [ 1AD6B3B6F4AA10D448624650B02ADEFE ] pmx3gnet        C:\Windows\system32\DRIVERS\pmx3gnet.sys
21:19:26.0414 3508  pmx3gnet - ok
21:19:26.0446 3508  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:19:26.0446 3508  PNRPAutoReg - ok
21:19:26.0461 3508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:19:26.0477 3508  PNRPsvc - ok
21:19:26.0524 3508  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:19:26.0539 3508  PolicyAgent - ok
21:19:26.0570 3508  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:19:26.0586 3508  Power - ok
21:19:26.0602 3508  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:19:26.0617 3508  PptpMiniport - ok
21:19:26.0633 3508  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:19:26.0648 3508  Processor - ok
21:19:26.0680 3508  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:19:26.0695 3508  ProfSvc - ok
21:19:26.0711 3508  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:26.0711 3508  ProtectedStorage - ok
21:19:26.0726 3508  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:19:26.0742 3508  Psched - ok
21:19:26.0804 3508  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:19:26.0836 3508  ql2300 - ok
21:19:26.0867 3508  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:19:26.0867 3508  ql40xx - ok
21:19:26.0898 3508  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:19:26.0914 3508  QWAVE - ok
21:19:26.0929 3508  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:19:26.0929 3508  QWAVEdrv - ok
21:19:26.0945 3508  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:19:26.0960 3508  RasAcd - ok
21:19:26.0992 3508  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:19:26.0992 3508  RasAgileVpn - ok
21:19:27.0007 3508  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:19:27.0007 3508  RasAuto - ok
21:19:27.0023 3508  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:27.0038 3508  Rasl2tp - ok
21:19:27.0054 3508  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:19:27.0070 3508  RasMan - ok
21:19:27.0085 3508  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:27.0085 3508  RasPppoe - ok
21:19:27.0101 3508  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:19:27.0101 3508  RasSstp - ok
21:19:27.0132 3508  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:19:27.0132 3508  rdbss - ok
21:19:27.0163 3508  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:19:27.0163 3508  rdpbus - ok
21:19:27.0194 3508  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:27.0194 3508  RDPCDD - ok
21:19:27.0194 3508  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:19:27.0210 3508  RDPENCDD - ok
21:19:27.0226 3508  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:19:27.0226 3508  RDPREFMP - ok
21:19:27.0272 3508  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:19:27.0272 3508  RDPWD - ok
21:19:27.0304 3508  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:19:27.0319 3508  rdyboost - ok
21:19:27.0335 3508  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:19:27.0350 3508  RemoteAccess - ok
21:19:27.0366 3508  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:19:27.0382 3508  RemoteRegistry - ok
21:19:27.0397 3508  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:19:27.0413 3508  RpcEptMapper - ok
21:19:27.0428 3508  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:19:27.0444 3508  RpcLocator - ok
21:19:27.0460 3508  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:19:27.0475 3508  RpcSs - ok
21:19:27.0522 3508  [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
21:19:27.0538 3508  RSPCIESTOR - ok
21:19:27.0553 3508  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:19:27.0553 3508  rspndr - ok
21:19:27.0600 3508  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:19:27.0600 3508  RTL8167 - ok
21:19:27.0616 3508  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:19:27.0616 3508  SamSs - ok
21:19:27.0647 3508  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:19:27.0647 3508  sbp2port - ok
21:19:27.0662 3508  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:19:27.0678 3508  SCardSvr - ok
21:19:27.0694 3508  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:19:27.0694 3508  scfilter - ok
21:19:27.0740 3508  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:19:27.0772 3508  Schedule - ok
21:19:27.0803 3508  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:19:27.0803 3508  SCPolicySvc - ok
21:19:27.0834 3508  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:19:27.0850 3508  sdbus - ok
21:19:27.0865 3508  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:19:27.0881 3508  SDRSVC - ok
21:19:27.0943 3508  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:19:27.0943 3508  SeaPort - ok
21:19:27.0990 3508  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:19:27.0990 3508  secdrv - ok
21:19:28.0006 3508  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:19:28.0021 3508  seclogon - ok
21:19:28.0037 3508  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:19:28.0052 3508  SENS - ok
21:19:28.0068 3508  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:19:28.0084 3508  SensrSvc - ok
21:19:28.0115 3508  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:19:28.0115 3508  Serenum - ok
21:19:28.0130 3508  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
21:19:28.0130 3508  Serial - ok
21:19:28.0177 3508  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:19:28.0177 3508  sermouse - ok
21:19:28.0208 3508  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:19:28.0208 3508  SessionEnv - ok
21:19:28.0240 3508  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:19:28.0240 3508  sffdisk - ok
21:19:28.0255 3508  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:19:28.0255 3508  sffp_mmc - ok
21:19:28.0271 3508  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:19:28.0271 3508  sffp_sd - ok
21:19:28.0302 3508  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:19:28.0302 3508  sfloppy - ok
21:19:28.0333 3508  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:19:28.0349 3508  SharedAccess - ok
21:19:28.0364 3508  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:28.0380 3508  ShellHWDetection - ok
21:19:28.0411 3508  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:19:28.0411 3508  SiSRaid2 - ok
21:19:28.0427 3508  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:19:28.0442 3508  SiSRaid4 - ok
21:19:28.0489 3508  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:19:28.0489 3508  Smb - ok
21:19:28.0536 3508  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:19:28.0536 3508  SNMPTRAP - ok
21:19:28.0552 3508  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:19:28.0552 3508  spldr - ok
21:19:28.0598 3508  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:19:28.0614 3508  Spooler - ok
21:19:28.0708 3508  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:19:28.0786 3508  sppsvc - ok
21:19:28.0801 3508  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:19:28.0817 3508  sppuinotify - ok
21:19:28.0864 3508  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:19:28.0864 3508  srv - ok
21:19:28.0895 3508  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:19:28.0910 3508  srv2 - ok
21:19:28.0957 3508  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:19:28.0957 3508  SrvHsfHDA - ok
21:19:29.0004 3508  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:19:29.0035 3508  SrvHsfV92 - ok
21:19:29.0082 3508  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:19:29.0098 3508  SrvHsfWinac - ok
21:19:29.0113 3508  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:19:29.0129 3508  srvnet - ok
21:19:29.0160 3508  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:19:29.0176 3508  SSDPSRV - ok
21:19:29.0191 3508  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:19:29.0207 3508  SstpSvc - ok
21:19:29.0285 3508  [ 86678C2F5081FEA3517D78E92230B5FF ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
21:19:29.0285 3508  STacSV - ok
21:19:29.0316 3508  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:19:29.0316 3508  stexstor - ok
21:19:29.0363 3508  [ 74387B34B43F94E380608888C56A5CCD ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
21:19:29.0363 3508  STHDA - ok
21:19:29.0410 3508  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:19:29.0441 3508  stisvc - ok
21:19:29.0441 3508  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:19:29.0441 3508  swenum - ok
21:19:29.0472 3508  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:19:29.0488 3508  swprv - ok
21:19:29.0534 3508  [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:19:29.0566 3508  SynTP - ok
21:19:29.0644 3508  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:19:29.0675 3508  SysMain - ok
21:19:29.0690 3508  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:29.0706 3508  TabletInputService - ok
21:19:29.0722 3508  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:19:29.0737 3508  TapiSrv - ok
21:19:29.0737 3508  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:19:29.0753 3508  TBS - ok
21:19:29.0831 3508  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:19:29.0878 3508  Tcpip - ok
21:19:29.0924 3508  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:19:29.0956 3508  TCPIP6 - ok
21:19:29.0987 3508  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:19:29.0987 3508  tcpipreg - ok
21:19:30.0018 3508  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:19:30.0018 3508  TDPIPE - ok
21:19:30.0049 3508  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:19:30.0065 3508  TDTCP - ok
21:19:30.0080 3508  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:19:30.0080 3508  tdx - ok
21:19:30.0112 3508  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:19:30.0127 3508  TermDD - ok
21:19:30.0158 3508  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:19:30.0190 3508  TermService - ok
21:19:30.0205 3508  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:19:30.0205 3508  Themes - ok
21:19:30.0236 3508  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:19:30.0236 3508  THREADORDER - ok
21:19:30.0252 3508  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:19:30.0268 3508  TrkWks - ok
21:19:30.0314 3508  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:30.0314 3508  TrustedInstaller - ok
21:19:30.0330 3508  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:30.0346 3508  tssecsrv - ok
21:19:30.0361 3508  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:19:30.0361 3508  TsUsbFlt - ok
21:19:30.0392 3508  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:19:30.0392 3508  TsUsbGD - ok
21:19:30.0424 3508  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:19:30.0424 3508  tunnel - ok
21:19:30.0455 3508  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:19:30.0470 3508  uagp35 - ok
21:19:30.0486 3508  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:19:30.0502 3508  udfs - ok
21:19:30.0533 3508  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:19:30.0533 3508  UI0Detect - ok
21:19:30.0564 3508  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:19:30.0564 3508  uliagpkx - ok
21:19:30.0595 3508  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:19:30.0595 3508  umbus - ok
21:19:30.0626 3508  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:19:30.0626 3508  UmPass - ok
21:19:30.0767 3508  [ A678E5DDD974903DD71F503BDCACA218 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:19:30.0829 3508  UNS - ok
21:19:30.0860 3508  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:19:30.0876 3508  upnphost - ok
21:19:30.0907 3508  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:30.0907 3508  usbccgp - ok
21:19:30.0923 3508  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:19:30.0923 3508  usbcir - ok
21:19:30.0938 3508  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:19:30.0954 3508  usbehci - ok
21:19:30.0970 3508  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:19:30.0985 3508  usbhub - ok
21:19:31.0001 3508  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:19:31.0001 3508  usbohci - ok
21:19:31.0016 3508  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:19:31.0016 3508  usbprint - ok
21:19:31.0032 3508  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:31.0032 3508  USBSTOR - ok
21:19:31.0063 3508  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:19:31.0063 3508  usbuhci - ok
21:19:31.0094 3508  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:19:31.0110 3508  usbvideo - ok
21:19:31.0126 3508  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:19:31.0126 3508  UxSms - ok
21:19:31.0141 3508  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:19:31.0157 3508  VaultSvc - ok
21:19:31.0188 3508  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:19:31.0188 3508  vdrvroot - ok
21:19:31.0219 3508  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:19:31.0235 3508  vds - ok
21:19:31.0266 3508  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:31.0266 3508  vga - ok
21:19:31.0282 3508  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:19:31.0282 3508  VgaSave - ok
21:19:31.0313 3508  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:19:31.0328 3508  vhdmp - ok
21:19:31.0360 3508  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:19:31.0360 3508  viaide - ok
21:19:31.0391 3508  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:19:31.0391 3508  volmgr - ok
21:19:31.0406 3508  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:19:31.0422 3508  volmgrx - ok
21:19:31.0453 3508  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:19:31.0469 3508  volsnap - ok
21:19:31.0500 3508  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:19:31.0500 3508  vsmraid - ok
21:19:31.0578 3508  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:19:31.0609 3508  VSS - ok
21:19:31.0640 3508  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:19:31.0640 3508  vwifibus - ok
21:19:31.0656 3508  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:19:31.0656 3508  vwififlt - ok
21:19:31.0687 3508  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:19:31.0687 3508  vwifimp - ok
21:19:31.0718 3508  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:19:31.0734 3508  W32Time - ok
21:19:31.0750 3508  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:19:31.0750 3508  WacomPen - ok
21:19:31.0796 3508  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:19:31.0796 3508  WANARP - ok
21:19:31.0812 3508  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:19:31.0812 3508  Wanarpv6 - ok
21:19:31.0874 3508  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:19:31.0906 3508  WatAdminSvc - ok
21:19:31.0952 3508  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:19:31.0999 3508  wbengine - ok
21:19:32.0015 3508  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:19:32.0030 3508  WbioSrvc - ok
21:19:32.0046 3508  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:19:32.0077 3508  wcncsvc - ok
21:19:32.0093 3508  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:32.0093 3508  WcsPlugInService - ok
21:19:32.0124 3508  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:19:32.0124 3508  Wd - ok
21:19:32.0171 3508  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:19:32.0186 3508  Wdf01000 - ok
21:19:32.0202 3508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:19:32.0202 3508  WdiServiceHost - ok
21:19:32.0218 3508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:19:32.0233 3508  WdiSystemHost - ok
21:19:32.0249 3508  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:19:32.0264 3508  WebClient - ok
21:19:32.0280 3508  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:19:32.0296 3508  Wecsvc - ok
21:19:32.0327 3508  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:19:32.0327 3508  wercplsupport - ok
21:19:32.0358 3508  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:19:32.0358 3508  WerSvc - ok
21:19:32.0389 3508  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:19:32.0389 3508  WfpLwf - ok
21:19:32.0452 3508  [ F27BD4135954690B9C2C24258CACA933 ] WIBUKEY         C:\Windows\system32\DRIVERS\WibuKey64.sys
21:19:32.0452 3508  WIBUKEY - ok
21:19:32.0483 3508  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:19:32.0483 3508  WIMMount - ok
21:19:32.0514 3508  WinDefend - ok
21:19:32.0514 3508  WinHttpAutoProxySvc - ok
21:19:32.0576 3508  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:19:32.0576 3508  Winmgmt - ok
21:19:32.0654 3508  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:19:32.0701 3508  WinRM - ok
21:19:32.0748 3508  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:19:32.0779 3508  Wlansvc - ok
21:19:32.0842 3508  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:19:32.0842 3508  wlcrasvc - ok
21:19:32.0966 3508  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:19:33.0013 3508  wlidsvc - ok
21:19:33.0044 3508  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:19:33.0044 3508  WmiAcpi - ok
21:19:33.0076 3508  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:19:33.0091 3508  wmiApSrv - ok
21:19:33.0107 3508  WMPNetworkSvc - ok
21:19:33.0138 3508  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:19:33.0154 3508  WPCSvc - ok
21:19:33.0169 3508  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:19:33.0185 3508  WPDBusEnum - ok
21:19:33.0200 3508  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:19:33.0216 3508  ws2ifsl - ok
21:19:33.0247 3508  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:19:33.0247 3508  wscsvc - ok
21:19:33.0263 3508  WSearch - ok
21:19:33.0356 3508  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:19:33.0403 3508  wuauserv - ok
21:19:33.0419 3508  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:19:33.0434 3508  WudfPf - ok
21:19:33.0466 3508  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:33.0481 3508  WUDFRd - ok
21:19:33.0497 3508  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:19:33.0512 3508  wudfsvc - ok
21:19:33.0544 3508  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:19:33.0559 3508  WwanSvc - ok
21:19:33.0590 3508  ================ Scan global ===============================
21:19:33.0622 3508  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:19:33.0668 3508  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:19:33.0684 3508  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:19:33.0715 3508  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:19:33.0746 3508  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:19:33.0762 3508  [Global] - ok
21:19:33.0762 3508  ================ Scan MBR ==================================
21:19:33.0778 3508  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:19:33.0934 3508  \Device\Harddisk0\DR0 - ok
21:19:33.0965 3508  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:19:33.0965 3508  \Device\Harddisk1\DR1 - ok
21:19:33.0965 3508  ================ Scan VBR ==================================
21:19:33.0980 3508  [ 794FD8C1A9D66C47C51059326C7FAECE ] \Device\Harddisk0\DR0\Partition1
21:19:33.0980 3508  \Device\Harddisk0\DR0\Partition1 - ok
21:19:33.0996 3508  [ 839AC8363E80BAB6CE964858B79E23DA ] \Device\Harddisk0\DR0\Partition2
21:19:33.0996 3508  \Device\Harddisk0\DR0\Partition2 - ok
21:19:34.0027 3508  [ 9111C16A8D71D4458AB4C44564D20825 ] \Device\Harddisk0\DR0\Partition3
21:19:34.0027 3508  \Device\Harddisk0\DR0\Partition3 - ok
21:19:34.0043 3508  [ 9449DA9B34F95C9223F63C5583E56901 ] \Device\Harddisk0\DR0\Partition4
21:19:34.0043 3508  \Device\Harddisk0\DR0\Partition4 - ok
21:19:34.0058 3508  [ F3C03A58A8514F1B199B1462F9793C2A ] \Device\Harddisk1\DR1\Partition1
21:19:34.0058 3508  \Device\Harddisk1\DR1\Partition1 - ok
21:19:34.0058 3508  ============================================================
21:19:34.0058 3508  Scan finished
21:19:34.0058 3508  ============================================================
21:19:34.0074 5340  Detected object count: 0
21:19:34.0074 5340  Actual detected object count: 0
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 14 nov 2012 14:23

Non ci sono infezioni nascoste, a detta di TDSS Killer.
Vediamo di fare un'analisi un po' più approfondita.
Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Re: Log ComboFix

Messaggiodi tommisano » 14 nov 2012 20:50

ciao, seguite passo passo le tue istruzioni, allego responso

grazie, ciao.

OTL:
Codice: Seleziona tutto
OTL logfile created on: 14/11/2012 20:24:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Antonella\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,86% Memory free
7,90 Gb Paging File | 6,22 Gb Available in Paging File | 78,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,97 Gb Total Space | 345,53 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 14,50 Gb Total Space | 1,59 Gb Free Space | 10,95% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 88,82 Mb Free Space | 89,70% Space Free | Partition Type: FAT32
Drive G: | 3,68 Gb Total Space | 0,70 Gb Free Space | 19,06% Space Free | Partition Type: FAT32
 
Computer Name: ANTONELLA-HP | User Name: Antonella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/11/14 20:22:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonella\Desktop\OTL.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/08 11:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/12/03 06:00:00 | 005,724,472 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
PRC - [2009/06/18 10:33:16 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/11/14 12:18:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll
MOD - [2012/11/14 12:18:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll
MOD - [2012/11/14 11:08:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 11:07:21 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 11:07:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 11:06:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/14 11:06:21 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 11:06:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 11:06:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 11:05:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/12 20:31:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_it_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 00:50:53 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/18 10:33:38 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Alice Mobile Olicard 100\Monitor.dll
MOD - [2009/06/18 10:33:16 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/05/27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2011/03/15 18:58:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/10/09 19:51:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/07 13:14:13 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012/01/07 13:14:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/11 11:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programmi\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011/03/01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/16 21:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Programmi\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2011/02/15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programmi\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programmi\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/06/16 14:01:09 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2011/05/27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2011/05/27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2011/03/15 19:28:58 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011/03/15 18:24:40 | 000,301,056 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011/03/11 11:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/01/27 17:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:[b]64bit:[/b] - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/01/13 01:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2010/12/17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/10/15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2009/12/03 06:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/04/29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:[b]64bit:[/b] - [2009/03/26 07:25:05 | 000,137,216 | ---- | M] (Olivetti) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmx3gnet.sys -- (pmx3gnet)
DRV:[b]64bit:[/b] - [2009/03/26 07:25:05 | 000,118,016 | ---- | M] (Olivetti) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmx3gmdm.sys -- (pmx3gmdm)
DRV:[b]64bit:[/b] - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [1997/05/30 00:00:00 | 000,021,824 | ---- | M] (Micropi Elettronica - Italia) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\CPWNT.SYS -- (cpwnt)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0FD46BD5-7CA7-472C-B0F8-3E40636A4C71}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0FD46BD5-7CA7-472C-B0F8-3E40636A4C71}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{0FD46BD5-7CA7-472C-B0F8-3E40636A4C71}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Antonella\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Antonella\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-514294524-1819331712-3367426616-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnMonitor] C:\Program Files (x86)\Alice Mobile Olicard 100\ConnMonitor.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E45DBE7-DE67-491A-9523-D953427BECC9}: DhcpNameServer = 213.230.130.222 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF480FD-CBAD-4563-ADED-F831258E07E6}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{27f18513-8089-11e1-8115-ac81124fa96c}\Shell - "" = AutoRun
O33 - MountPoints2\{27f18513-8089-11e1-8115-ac81124fa96c}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9307b74f-7c91-11e1-80c1-2c27d7aeee4e}\Shell - "" = AutoRun
O33 - MountPoints2\{9307b74f-7c91-11e1-80c1-2c27d7aeee4e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/11/14 20:22:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Antonella\Desktop\OTL.exe
[2012/11/13 21:17:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Antonella\Desktop\tdsskiller.exe
[2012/11/13 12:40:18 | 000,000,000 | ---D | C] -- C:\Users\Antonella\AppData\Roaming\RICOH
[2012/11/13 10:52:38 | 000,098,304 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2012/11/13 10:52:22 | 006,373,376 | ---- | C] (VectorDraw) -- C:\Windows\vdxfiles.dll
[2012/11/13 10:52:21 | 001,871,872 | ---- | C] (VectorDraw) -- C:\Windows\vdfopen.ocx
[2012/11/13 10:52:20 | 002,609,152 | ---- | C] (VectorDraw) -- C:\Windows\vdpro.ocx
[2012/11/13 10:52:20 | 000,446,464 | ---- | C] (VectorDraw) -- C:\Windows\vdimg.dll
[2012/11/11 18:17:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/10 22:48:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/10 21:49:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/10 21:49:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/10 21:49:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/10 21:49:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/10 21:49:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/10 21:49:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/10 21:44:04 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\Antonella\Desktop\ComboFix.exe
[2012/11/10 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\Antonella\Desktop\Downloads
[2012/11/10 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Antonella\AppData\Roaming\GetRightToGo
[2012/11/04 17:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/04 17:43:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/04 17:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/10/27 13:47:23 | 000,000,000 | ---D | C] -- C:\Users\Antonella\Desktop\prog facciate_salvatore
[2012/10/24 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\Antonella\Desktop\PROGETTO FACCIATE PZZA SCHETTINI
[2012/10/21 22:32:51 | 000,000,000 | ---D | C] -- C:\Users\Antonella\Desktop\IPOD
[2012/10/21 22:24:41 | 000,000,000 | ---D | C] -- C:\Users\Antonella\AppData\Roaming\Apple Computer
[2012/10/21 22:24:41 | 000,000,000 | ---D | C] -- C:\Users\Antonella\AppData\Local\Apple Computer
[2012/10/21 22:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/21 22:24:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/10/21 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/21 22:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/21 22:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/21 22:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/21 22:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/10/21 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/10/21 22:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/10/21 22:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/10/21 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/11/14 20:22:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonella\Desktop\OTL.exe
[2012/11/14 20:03:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 20:02:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514294524-1819331712-3367426616-1000UA.job
[2012/11/14 19:47:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 18:04:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 18:04:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/14 18:02:00 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/14 18:02:00 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/11/14 18:02:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/14 18:02:00 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/11/14 18:02:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/14 17:57:06 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 17:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 17:56:33 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/14 11:02:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514294524-1819331712-3367426616-1000Core.job
[2012/11/14 10:56:58 | 003,094,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 10:55:19 | 561,943,486 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/13 21:18:03 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Antonella\Desktop\tdsskiller.exe
[2012/11/13 12:42:26 | 000,613,602 | ---- | M] () -- C:\Users\Antonella\Desktop\psc.PDF
[2012/11/12 19:42:14 | 000,029,071 | ---- | M] () -- C:\Users\Antonella\Desktop\elenco facciate.PDF
[2012/11/12 19:41:12 | 000,040,720 | ---- | M] () -- C:\Users\Antonella\Desktop\computo facciate.PDF
[2012/11/11 18:18:15 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/11 18:18:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/11 10:11:32 | 000,708,257 | ---- | M] () -- C:\Users\Antonella\Desktop\tommi.jpg
[2012/11/10 21:44:29 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\Antonella\Desktop\ComboFix.exe
[2012/11/10 13:24:09 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAntonella.job
[2012/11/08 16:53:16 | 000,072,399 | ---- | M] () -- C:\Users\Antonella\Desktop\compito 5D.pdf
[2012/11/07 19:50:29 | 000,077,812 | ---- | M] () -- C:\Users\Antonella\Desktop\compito 5B.pdf
[2012/11/07 16:27:46 | 000,000,210 | -H-- | M] () -- C:\Users\Antonella\Documents\Disegno1.dwl2
[2012/11/07 16:27:46 | 000,000,059 | -H-- | M] () -- C:\Users\Antonella\Documents\Disegno1.dwl
[2012/11/05 16:35:18 | 000,313,142 | ---- | M] () -- C:\Users\Antonella\Desktop\POMPEI_Monitoraggio 20_10_12.pdf
[2012/11/05 14:54:55 | 001,128,770 | ---- | M] () -- C:\Users\Antonella\Desktop\2.jpg
[2012/11/05 14:53:07 | 000,985,411 | ---- | M] () -- C:\Users\Antonella\Desktop\1.jpg
[2012/11/04 17:45:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/10/31 19:34:48 | 000,063,121 | ---- | M] () -- C:\Users\Antonella\Desktop\richiesta proroga PON.pdf
[2012/10/31 14:50:18 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForANTONELLA-HP$.job
[2012/10/29 16:17:05 | 000,420,491 | ---- | M] () -- C:\Users\Antonella\Documents\IMG_29102012_161358.png
[2012/10/28 19:01:13 | 000,619,087 | ---- | M] () -- C:\Users\Antonella\Desktop\DSC_0536.JPG
[2012/10/27 15:52:59 | 002,509,057 | ---- | M] () -- C:\Users\Antonella\Desktop\DSC_3551.JPG
[2012/10/21 09:12:53 | 003,860,606 | ---- | M] () -- C:\Users\Antonella\Desktop\MappaUrbanoModena20090907.pdf
[2012/10/21 09:01:14 | 002,916,911 | ---- | M] () -- C:\Users\Antonella\Desktop\FRONTE_Mappa_urbano_Modena.pdf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/11/14 07:55:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 07:50:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 12:42:21 | 000,613,602 | ---- | C] () -- C:\Users\Antonella\Desktop\psc.PDF
[2012/11/13 10:52:21 | 000,671,744 | ---- | C] () -- C:\Windows\vddgn.dll
[2012/11/12 19:42:12 | 000,029,071 | ---- | C] () -- C:\Users\Antonella\Desktop\elenco facciate.PDF
[2012/11/12 19:41:10 | 000,040,720 | ---- | C] () -- C:\Users\Antonella\Desktop\computo facciate.PDF
[2012/11/11 10:11:29 | 000,708,257 | ---- | C] () -- C:\Users\Antonella\Desktop\tommi.jpg
[2012/11/10 21:49:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/10 21:49:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/10 21:49:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/10 21:49:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/10 21:49:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/08 16:53:13 | 000,072,399 | ---- | C] () -- C:\Users\Antonella\Desktop\compito 5D.pdf
[2012/11/07 19:28:47 | 000,077,812 | ---- | C] () -- C:\Users\Antonella\Desktop\compito 5B.pdf
[2012/11/07 16:27:46 | 000,000,210 | -H-- | C] () -- C:\Users\Antonella\Documents\Disegno1.dwl2
[2012/11/07 16:27:46 | 000,000,059 | -H-- | C] () -- C:\Users\Antonella\Documents\Disegno1.dwl
[2012/11/05 16:40:24 | 000,313,142 | ---- | C] () -- C:\Users\Antonella\Desktop\POMPEI_Monitoraggio 20_10_12.pdf
[2012/11/05 14:54:52 | 001,128,770 | ---- | C] () -- C:\Users\Antonella\Desktop\2.jpg
[2012/11/05 14:53:04 | 000,985,411 | ---- | C] () -- C:\Users\Antonella\Desktop\1.jpg
[2012/11/04 17:45:10 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/04 17:21:04 | 002,516,837 | ---- | C] () -- C:\Users\Antonella\Desktop\DSC_4193.JPG
[2012/11/04 17:11:59 | 002,788,338 | ---- | C] () -- C:\Users\Antonella\Desktop\DSC_3918.JPG
[2012/10/31 19:34:48 | 000,063,121 | ---- | C] () -- C:\Users\Antonella\Desktop\richiesta proroga PON.pdf
[2012/10/29 16:12:00 | 000,420,491 | ---- | C] () -- C:\Users\Antonella\Documents\IMG_29102012_161358.png
[2012/10/28 18:19:42 | 000,619,087 | ---- | C] () -- C:\Users\Antonella\Desktop\DSC_0536.JPG
[2012/10/28 18:13:30 | 000,619,379 | ---- | C] () -- C:\Users\Antonella\Desktop\DSC_0358.jpg
[2012/10/27 15:52:30 | 002,509,057 | ---- | C] () -- C:\Users\Antonella\Desktop\DSC_3551.JPG
[2012/10/23 21:10:56 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForANTONELLA-HP$.job
[2012/10/21 09:12:53 | 003,860,606 | ---- | C] () -- C:\Users\Antonella\Desktop\MappaUrbanoModena20090907.pdf
[2012/10/21 09:01:14 | 002,916,911 | ---- | C] () -- C:\Users\Antonella\Desktop\FRONTE_Mappa_urbano_Modena.pdf
[2011/06/16 14:04:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/16 13:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/06/16 13:57:27 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/16 13:57:26 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/16 13:57:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/16 13:57:25 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/16 13:53:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/12 11:06:17 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/02/22 15:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/01/10 23:19:38 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Abvent
[2012/09/18 11:55:19 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Abvent_Artlantis3
[2012/02/07 17:24:24 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Autodesk
[2012/01/09 23:12:02 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\DAEMON Tools Lite
[2012/11/10 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\GetRightToGo
[2012/01/07 12:37:11 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Graphisoft
[2012/01/04 15:39:43 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\pdfforge
[2012/11/13 12:40:18 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\RICOH
[2011/12/30 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Synaptics
[2012/01/28 20:22:07 | 000,000,000 | ---D | M] -- C:\Users\Antonella\AppData\Roaming\Windows Live Writer
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi tommisano » 14 nov 2012 20:51

...Extras

Codice: Seleziona tutto
OTL Extras logfile created on: 14/11/2012 20:24:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Antonella\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,95 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,86% Memory free
7,90 Gb Paging File | 6,22 Gb Available in Paging File | 78,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,97 Gb Total Space | 345,53 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 14,50 Gb Total Space | 1,59 Gb Free Space | 10,95% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 88,82 Mb Free Space | 89,70% Space Free | Partition Type: FAT32
Drive G: | 3,68 Gb Total Space | 0,70 Gb Free Space | 19,06% Space Free | Partition Type: FAT32
 
Computer Name: ANTONELLA-HP | User Name: Antonella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051F1525-E696-4563-98E1-B8F1FC5504A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B9B6648-F056-41E6-9187-4602ED843510}" = rport=137 | protocol=17 | dir=out | app=system |
"{15188939-B670-4138-B700-CE1951017B81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B5B937B-7DFE-45B1-985B-80683B22F773}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A233BC4-6956-479C-ABBA-C08B531EA5DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AC498A6-A215-4257-85CF-66FFA4356C45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D2CB7A8-4F36-40C9-AE66-61D26E589336}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D9B3B5A-3EFC-43B8-AF35-277547DED209}" = lport=139 | protocol=6 | dir=in | app=system |
"{408FD9AD-01F4-4A9A-B156-4566716FE98A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{468B0197-5A4C-487F-9801-32005FABC2CE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{7D4394AA-9E21-4B90-986F-F615D244AC1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A2E3F01-71B5-4402-B8D9-009E14E8FC94}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{902FD3C7-95B5-4FF9-825F-A58368F47CBF}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E9BA4C2-5F32-43B9-AA37-22C956F4FE92}" = rport=139 | protocol=6 | dir=out | app=system |
"{A41AC5CA-FF41-4F59-8ADB-44C900F203FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4CF5E1-EFB1-4678-B9BB-3662493C1B78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B6416B3A-FACE-43BD-A431-E8329C2C1E9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBCBA15A-22E6-4C0D-AC17-4A43F77CB45B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C757CF57-21F1-41E6-ABFF-E9D5D0FC5086}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB604E91-7705-4A70-A1D3-C2B0DCBA5909}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB5F1841-00B2-448A-A081-65605710E234}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E1E637C4-5F71-442E-BC20-61385C141DF7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EB558957-0414-4CDF-9A6A-2860E32D345B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1076C36-BD96-4411-8CBC-7F7A032BE29C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F57548B7-99CA-456E-A864-8330F9C1F267}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8A67D9-2191-48F9-8E4E-EF6D06DA581D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{142C56A8-BD73-46B9-8C23-F7B440F2EE0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1529754F-85AF-45C0-B3B5-523B71BADDE0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C509F3F-DAD3-497A-BD90-D134B264E05B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1D5B8A9C-B532-439B-987A-F8F550FE92D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D912F6E-C4C2-45DB-A8DB-49A8A8DEDD27}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FAA7391-7838-45D2-B160-9F91CD56399D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3441BDE7-5DE4-4BA2-B1EA-EAB2D7EB9AE0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45790EFB-F93F-4503-B736-98FDD5823448}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4878B059-0714-473D-8827-2D58FA14E464}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{53F97AC9-5566-4FAD-A3C3-A8FAC2D5A2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{550ACAE9-05B6-4EAF-8EF9-6857DA2C83DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B8F50C1-DE98-4325-B145-DDB036F95682}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5BD9F6D2-F50B-464D-B5B0-0CA87E66D242}" = protocol=6 | dir=out | app=system |
"{5CBD3195-3CBA-41E3-A3B2-7D18EE4C00D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D463D36-0CBB-4D30-8A22-274D979D512F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F1559B3-1887-4B43-8340-E955CCE2B000}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{636DE10D-FDD1-4F37-9B07-290284EBB2EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{66E403A2-6682-477A-8081-8A21E2DBAD50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6D886B70-982B-4BC8-9D0D-AEC1E6B8DFF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FAF90C1-996B-4CDD-B94E-42BDFD882DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{775D25D1-3D35-4E1B-8587-33D4313FC610}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B1261E8-10A4-49F4-BD7B-13E4D09D39C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7ED60BA4-D239-451D-93D0-C87D7186FF5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80FBD9DC-8ED5-4762-BF26-E2E65B9233C1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{831A9B4E-9481-4149-9E14-292019224F47}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{84B6F477-0FF1-4A22-ADE2-CECFA923B85A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9624506A-6751-41FF-BE6C-F4C6FBCBD6F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96D57C24-9E99-438B-ABD5-873AFAE0CF18}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{99F9E3B5-AD23-4903-BB8A-7F35EA26DB18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EF86292-7D78-48B9-AF89-27DD64C2835C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A184121E-B096-4227-AD93-23D44BB6AEDF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CAE33F98-55B4-46F2-8BFC-F7005E450399}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3E247BF-46F0-49F1-8107-5AF0D09B9E5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E576A1F7-9C60-4A67-8B4D-4F7E202031F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1E85D93-2C82-4A62-B664-66BEF357FF74}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{FF29BE2B-4657-4B6A-A95A-9E92172E58ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{946121F5-6BDD-4527-ABED-A8043F01E6A6}C:\program files (x86)\graphisoft\archicad 14\gsreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 14\gsreport.exe |
"TCP Query User{FA9DF31A-5627-4A13-81C1-AA3B0748DC56}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 14\archicad.exe |
"UDP Query User{C1F1A6B2-9D00-4D94-BDC5-E588832BD391}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 14\archicad.exe |
"UDP Query User{C271A8CE-D881-4B05-A7F0-E720473D8712}C:\program files (x86)\graphisoft\archicad 14\gsreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 14\gsreport.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50538BB7-9827-48B4-812C-AEC6302D6538}" = HP 3D DriveGuard
"{5783F2D7-8001-0410-0102-0060B0CE6BBA}" = AutoCAD 2010 - Italiano
"{5783F2D7-8001-0410-1102-0060B0CE6BBA}" = Language Pack di AutoCAD 2010 - Italiano
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2010 - Italiano" = AutoCAD 2010 - Italiano
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR gestione archivi
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FCBB015-7570-4C22-8BB5-415C79DF1FA5}" = PriMus
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{353E8C77-A374-4464-B005-0F493EE6C7D3}" = HP Software Framework
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}" = PriMus-DCF v.NEXT GENERATION(c)
"{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Supporto applicazioni Apple
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8749AF58-6898-4A3F-AA37-004EDC19F3AD}" = CerTus NEXT GENERATION 2 Trial Version
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93D35783-AD34-4CDB-8E7F-71CC730026EC}" = Alice Mobile Olicard 100
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"001FFF1FFF14FF00FF1501F01F02F000-R1" = ArchiCAD 14 ITA (x86)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Artlantis Studio 3" = Artlantis Studio 3.0.3
"avast" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-514294524-1819331712-3367426616-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 08/11/2012 12:58:20 | Computer Name = Antonella-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 08/11/2012 12:58:20 | Computer Name = Antonella-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 08/11/2012 13:52:06 | Computer Name = Antonella-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 08/11/2012 13:52:06 | Computer Name = Antonella-HP | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: HPAuto.exe, versione:
 1.0.12935.3667, timestamp: 0x4d5cc461  Nome del modulo che ha generato l'errore:
HPAuto.exe, versione: 1.0.12935.3667, timestamp: 0x4d5cc461  Codice eccezione: 0xc0000005
Offset
 errore 0x0000000000007be2  ID processo che ha generato l'errore: 0xaf0  Ora di avvio
 dell'applicazione che ha generato l'errore: 0x01cdbdd9bb1f9dd8  Percorso dell'applicazione
 che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe  Percorso
 del modulo che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
ID
 segnalazione: 020b0b9e-29cd-11e2-a114-2c27d7aeee4e
 
Error - 09/11/2012 08:39:28 | Computer Name = Antonella-HP | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: HPAuto.exe, versione:
 1.0.12935.3667, timestamp: 0x4d5cc461  Nome del modulo che ha generato l'errore:
HPAuto.exe, versione: 1.0.12935.3667, timestamp: 0x4d5cc461  Codice eccezione: 0xc0000005
Offset
 errore 0x0000000000007be2  ID processo che ha generato l'errore: 0xc58  Ora di avvio
 dell'applicazione che ha generato l'errore: 0x01cdbe773c8f7538  Percorso dell'applicazione
 che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe  Percorso
 del modulo che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
ID
 segnalazione: 802d0f67-2a6a-11e2-adb5-2c27d7aeee4e
 
Error - 09/11/2012 08:39:31 | Computer Name = Antonella-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 09/11/2012 08:53:06 | Computer Name = Antonella-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 09/11/2012 08:53:06 | Computer Name = Antonella-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 09/11/2012 08:54:36 | Computer Name = Antonella-HP | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: HPAuto.exe, versione:
 1.0.12935.3667, timestamp: 0x4d5cc461  Nome del modulo che ha generato l'errore:
HPAuto.exe, versione: 1.0.12935.3667, timestamp: 0x4d5cc461  Codice eccezione: 0xc0000005
Offset
 errore 0x0000000000007be2  ID processo che ha generato l'errore: 0x994  Ora di avvio
 dell'applicazione che ha generato l'errore: 0x01cdbe795a065b09  Percorso dell'applicazione
 che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe  Percorso
 del modulo che ha generato l'errore: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
ID
 segnalazione: 9cd27c20-2a6c-11e2-8e3a-2c27d7aeee4e
 
Error - 09/11/2012 08:54:40 | Computer Name = Antonella-HP | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 01/07/2012 18:37:52 | Computer Name = Antonella-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Oggetto '/dc790811_d7a5_4eb1_aff1_d641f3a58037/xo3qd8talbsnfm5aorjq5vmr_5.rem'
disconnesso o non esistente sul server.    Name: hpsa_service.exe  Version: 06.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format:
 it-IT  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String) 
 
Error - 01/07/2012 18:37:58 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 21/07/2012 07:22:45 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 28/07/2012 13:34:51 | Computer Name = Antonella-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Oggetto '/7896ecf8_b2d6_48a7_9c16_2c12ec2452a3/fndlmyqch6az56y22tbekcka_5.rem'
disconnesso o non esistente sul server.    Name: hpsa_service.exe  Version: 06.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format:
 it-IT  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String) 
 
Error - 04/08/2012 07:35:50 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 04/08/2012 07:36:03 | Computer Name = Antonella-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     in HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   in HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Oggetto '/4da7fd27_5b3f_413b_be54_16c787ffb025/lqwv3xoeai0q3pheohopxkww_5.rem'
disconnesso o non esistente sul server.    Name: hpsa_service.exe  Version: 06.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format:
 it-IT  RAM: 4043  Ram Utilization: 50  TargetSite: Void UpdateDetail(System.String) 
 
Error - 26/08/2012 13:35:26 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20/10/2012 03:33:33 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 04/11/2012 12:49:36 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   in HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Riferimento a un oggetto non impostato su un'istanza di oggetto.  StackTrace:   in
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: it-IT  RAM: 4043
Ram
 Utilization: 60  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
Error - 04/11/2012 13:07:42 | Computer Name = Antonella-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   in HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Riferimento a un oggetto non impostato su un'istanza di oggetto.  StackTrace:   in
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: it-IT  RAM: 4043
Ram
 Utilization: 40  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Connection Manager Events ]
Error - 14/11/2012 02:59:38 | Computer Name = Antonella-HP | Source = hpCMSrv | ID = 5
Description = 2012/11/14 07:59:38.848|00000850|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14/11/2012 06:00:08 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:00:08.388|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:28:53 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:28:53.772|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:28:55 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:28:55.607|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:30:46 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:30:46.291|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:30:48 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:30:48.162|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:31:50 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:31:50.661|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 06:31:57 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 11:31:57.532|000018F4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 08:20:27 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 13:20:27.949|00001304|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 14/11/2012 12:59:48 | Computer Name = Antonella-HP | Source = hpMobile | ID = 5
Description = 2012/11/14 17:59:48.864|000016BC|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+c,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
[ HP Software Framework Events ]
Error - 28/10/2012 08:19:24 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/28 13:19:24.162|0000166C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 28/10/2012 11:56:43 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/28 16:56:43.008|000014C0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 28/10/2012 18:09:37 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/28 23:09:37.658|000004FC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 29/10/2012 02:39:54 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/29 07:39:54.950|00000968|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 29/10/2012 09:22:41 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/29 14:22:41.811|00000C50|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 30/10/2012 03:06:23 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/30 08:06:23.557|00000F20|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 30/10/2012 09:45:11 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/30 14:45:11.579|00000D3C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 31/10/2012 09:53:02 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/10/31 14:53:02.936|000004A0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04/11/2012 11:31:37 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/11/04 16:31:37.303|000015D8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04/11/2012 11:39:47 | Computer Name = Antonella-HP | Source = CaslWmi | ID = 5
Description = 2012/11/04 16:39:47.324|00000448|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 13/11/2012 15:49:52 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
 presenza in rete che non è stato avviato per il seguente errore:   %%1068
 
Error - 13/11/2012 15:49:52 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
 presenza in rete che non è stato avviato per il seguente errore:   %%1068
 
Error - 13/11/2012 15:49:52 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
 presenza in rete che non è stato avviato per il seguente errore:   %%1068
 
Error - 13/11/2012 15:49:52 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento
 presenza in rete che non è stato avviato per il seguente errore:   %%1068
 
Error - 13/11/2012 16:15:34 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio HP Auto. Questo evento si è già verificato
 1 volta(e).
 
Error - 14/11/2012 05:57:11 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio HP Auto. Questo evento si è già verificato
 1 volta(e).
 
Error - 14/11/2012 08:17:23 | Computer Name = Antonella-HP | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 13:09:26 su ?14/?11/?2012.
 
Error - 14/11/2012 08:18:07 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio HP Auto. Questo evento si è già verificato
 1 volta(e).
 
Error - 14/11/2012 12:56:41 | Computer Name = Antonella-HP | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 17:49:30 su ?14/?11/?2012.
 
Error - 14/11/2012 12:57:18 | Computer Name = Antonella-HP | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio HP Auto. Questo evento si è già verificato
 1 volta(e).
 
 
< End of report >
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 15 nov 2012 10:48

Non mi è ancora chiara una cosa.

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Clicca su Run Fix e dai Ok. Il PC si riavvia.
Si aprirà un report salvalo ed allegalo.

Infine;
Scarica aswMBR: http://public.avast.com/~gmerek/aswMBR.exe
● posiziona il file scaricato sul Desktop
● avvia il programma con un doppio click
● rispondi Yes alla richiesta del programma:

This application can use the Avast! Free Antivirus for scanning.
It is recommended to download it for bettere detection results.
Would you like to download latest Avast! virus definitions?


● attendi il download delle firme virali aggiornate
● clicca sul pulsante Scan
● attendi pazientemente il termine della scansione
● clicca sul pulsante Save Log
● clicca sul pulsante Exit
● al messaggio seguente, clicca :

Are you sure you want to exit the program?


● comparirà un messaggio di avvenuto salvataggio: clicca su OK
● sul Desktop troverai i files:
aswMBR.txt: il log appena creato
MBR.dat: una copia del contenuto del MBR del tuo disco fisso
● zippali in un unico file e postalo secondo le solite modalità

Nota: riguardo al programma:
● per lanciare aswMBR su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come amministratore: conferma quindi la richiesta che ti viene proposta.
● in caso di problemi, togli il segno di spunta alla voce Trace disk IO calls
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Re: Log ComboFix

Messaggiodi tommisano » 22 nov 2012 20:53

...log OTL lanciato come richiesto
Codice: Seleziona tutto
All processes killed
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Antonella
->Temp folder emptied: 291453831 bytes
->Temporary Internet Files folder emptied: 192824699 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 4730 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53192877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67874 bytes
RecycleBin emptied: 2709642 bytes
 
Total Files Cleaned = 515,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Antonella
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYFLASH]
 
User: All Users
 
User: Antonella
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 11222012_203010

Files\Folders moved on Reboot...
C:\Users\Antonella\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi tommisano » 22 nov 2012 20:57

...come allego il .zip?
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 23 nov 2012 14:16

Puoi caricarlo sul sito www.wikisend.com e postare qui nel forum il forumlink assegnato.
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Re: Log ComboFix

Messaggiodi tommisano » 23 nov 2012 18:20

Ciao, wikisend mi dava problemi, ne ho usato un altro. Ecco a te.

Grazie, ciao.
Ultima modifica di tommisano su 24 nov 2012 01:08, modificato 1 volte in totale.
tommisano
Beginner Software
Beginner Software
 
Messaggi: 12
Iscritto il: 10 nov 2012 23:15

Re: Log ComboFix

Messaggiodi FDAC » 23 nov 2012 20:29

prova ad allegare il log su Wikifortio.
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 21:18

Prossimo

Torna a Sicurezza e antivirus

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti