OTL logfile created on: 09/04/2013 14.53.49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Giorgio\Desktop\Zastita Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,28% Memory free 3,85 Gb Paging File | 3,00 Gb Available in Paging File | 78,01% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 83,35 Gb Total Space | 16,65 Gb Free Space | 19,97% Space Free | Partition Type: NTFS Drive E: | 28,28 Gb Total Space | 3,39 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Computer Name: SMC | User Name: Giorgio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/04/09 14.53.18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgio\Desktop\Zastita\OTL.exe PRC - [2013/04/09 10.26.47 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programmi\Opera\opera.exe PRC - [2013/03/27 18.56.59 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/27 18.56.46 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/03/27 18.56.44 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/03/27 18.56.44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe PRC - [2012/12/21 17.27.46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/05/02 03.44.08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPoint\SetPoint.exe PRC - [2008/05/02 03.40.56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/20 18.53.52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/10/18 20.01.34 | 000,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2006/09/13 15.25.00 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE PRC - [2006/09/13 13.57.22 | 000,045,056 | ---- | M] () -- C:\Programmi\RD1000\Service\RDXmon.exe PRC - [2006/03/24 18.30.44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2004/07/07 12.17.02 | 000,200,769 | ---- | M] (SIEMENS AG) -- C:\Program Files\common files\Siemens\S7IEPG\s7oiehsx.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/04/09 10.27.52 | 000,057,344 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013/04/09 10.27.51 | 000,101,888 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013/04/09 10.27.51 | 000,073,728 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013/04/09 10.27.51 | 000,038,912 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013/04/09 10.27.50 | 000,312,832 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013/04/09 10.27.49 | 000,158,208 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013/04/09 10.27.49 | 000,067,072 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013/04/09 10.27.48 | 000,096,256 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013/04/09 10.27.48 | 000,094,208 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013/04/09 10.27.48 | 000,062,976 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013/04/09 10.27.47 | 000,093,696 | ---- | M] () -- C:\Programmi\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013/04/09 10.27.46 | 000,835,584 | ---- | M] () -- C:\Programmi\Opera\gstreamer\gstreamer.dll MOD - [2012/09/19 19.17.40 | 000,397,088 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/05/30 20.06.48 | 000,087,912 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll MOD - [2012/05/30 20.06.30 | 001,242,512 | ---- | M] () -- C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/05 04.52.30 | 000,756,048 | ---- | M] () -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011/06/22 12.46.12 | 000,434,016 | ---- | M] () -- C:\Programmi\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2010/03/15 12.28.22 | 000,141,824 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll MOD - [2009/11/05 08.39.40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2009/02/26 14.46.56 | 000,064,344 | ---- | M] () -- C:\Programmi\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2008/04/14 04.13.43 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006/10/18 19.51.48 | 000,118,784 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006/10/18 19.50.22 | 000,348,160 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\IntStngs.dll MOD - [2006/09/13 13.57.22 | 000,045,056 | ---- | M] () -- C:\Programmi\RD1000\Service\RDXmon.exe MOD - [2006/03/21 21.03.00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006/03/21 21.03.00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2002/07/04 10.38.00 | 000,053,248 | ---- | M] () -- C:\Programmi\ArcSoft\PhotoImpression 5\Share\PIHook.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/03/27 18.56.59 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/27 18.56.59 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler) SRV - [2013/03/27 18.56.44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/03/16 19.57.45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/09 12.12.13 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/08 13.55.20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/21 17.27.46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012/02/23 12.40.41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programmi\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/07/20 06.18.24 | 000,440,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011/04/25 16.02.38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/12/08 14.31.06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/07/09 18.11.33 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009/10/05 18.04.12 | 000,172,032 | ---- | M] () [Disabled | Stopped] -- C:\Programmi\File comuni\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService) SRV - [2009/04/17 09.09.48 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2009/04/16 14.05.05 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009/03/03 14.53.08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programmi\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) SRV - [2008/06/24 16.05.56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2008/05/02 03.42.06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007/12/20 10.41.56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2007/12/02 19.28.17 | 000,188,416 | ---- | M] (Yosemite Technologies, Inc.) [Disabled | Stopped] -- C:\Programmi\Yosemite\Yosemite Backup\v8.10-sp3a\win\x86\ytwinsdr.exe -- (YTBackup) SRV - [2007/07/20 18.53.52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programmi\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2007/05/01 23.46.36 | 000,150,320 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2007/05/01 23.45.44 | 000,121,648 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2006/11/03 20.19.58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programmi\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 20.01.34 | 000,290,816 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programmi\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) SRV - [2006/09/13 13.57.22 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programmi\RD1000\Service\RDXmon.exe -- (RDXmon) SRV - [2004/07/07 12.17.02 | 000,200,769 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\common files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\vmnetbridge.sys -- (VMnetBridge) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Giorgio\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013/03/27 18.57.02 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/27 18.57.02 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/27 18.57.02 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 15.50.24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011/12/16 17.53.01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010/08/13 13.06.10 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2010/04/28 08.44.02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2010/04/12 10.44.34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/02/29 04.13.24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 04.13.16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007/01/30 19.37.18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2006/10/19 11.29.22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/06/06 15.45.14 | 000,329,452 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2006/03/24 18.34.30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/11/10 11.25.14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/08/12 19.50.46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005/07/14 18.58.14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/07/14 17.28.38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/07/12 19.00.30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2004/11/05 12.08.06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/05/28 18.21.58 | 000,172,032 | ---- | M] (Siemens AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SNTIE.SYS -- (SNTIE) DRV - [2003/12/03 11.03.48 | 000,125,440 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s7oppilx.sys -- (S7oppilx) DRV - [2003/12/03 11.03.38 | 000,492,599 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7otranx.sys -- (s7otranx) DRV - [2003/12/03 11.02.00 | 000,076,343 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oppitx.sys -- (s7oppitx) DRV - [2002/09/25 17.11.00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel) DRV - [2002/09/16 18.14.32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2000/06/30 13.30.02 | 000,014,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\KeyP.sys -- (KeyP) DRV - [1997/01/03 21.54.38 | 000,044,368 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\plchw.sys -- (PLCHW) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row-rel&channel=it&ibd=4071124 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.it/ig/dell?hl=it&client=dell-row-rel&channel=it&ibd=4071124 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..backup.old.browser.search.defaultenginename: "" FF - prefs.js..backup.old.browser.search.selectedEngine: "" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 19.12.47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/03/09 12.12.14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/03/12 17.19.07 | 000,000,000 | ---D | M] [2012/08/15 13.47.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Extensions [2012/08/15 13.47.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Extensions\home2@tomtom.com [2013/02/22 23.33.43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions [2012/12/02 11.56.27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012/07/05 09.09.39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\ffxtlbr@funmoods.com [2013/02/03 18.48.33 | 000,204,940 | ---- | M] () (No name found) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\OneClickDownload@OneClickDownload.com.xpi [2013/02/22 23.33.43 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\plugin@yontoo.com.xpi [2012/08/12 16.47.39 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\searchplugins\Search.xml [2013/03/09 12.12.02 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions [2013/03/09 12.12.14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll [2011/02/02 21.40.24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll [2009/03/27 11.30.34 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programmi\mozilla firefox\plugins\npEModelPlugin.dll [2012/09/27 09.44.37 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml [2013/03/02 12.03.15 | 000,002,086 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtD0F0F0CtA0CyEyEzyzzyEyDtDyDtBtN0D0Tzu0CtCzzyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1337718326 CHR - homepage: chrome://newtab/ CHR - default_search_provider: Web Search () CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtD0F0F0CtA0CyEyEzyzzyEyDtDyDtBtN0D0Tzu0CtCzzyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1337718326 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.56\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Giorgio\Dati applicazioni\Mozilla\plugins\np-mswmp.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programmi\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npEModelPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: GamePlayLabs Plugin = C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\ O1 HOSTS File: ([2011/02/14 21.29.12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live pomagač za prijavljivanje) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Siti attendibili) O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://www.partserver.com/partserver/viewer/cnsweb3d/cnsweb3d.cab (Cnsweb3d Control) O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} file://C:\Programmi\AutoCAD LT 2000i Ita\InstFred.ocx (NOXLATE) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1011725469531 (WUWebControl Class) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Programmi\AutoCAD LT 2000i Ita\AcDcToday.ocx (Controllo AcDc oggi) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Programmi\AutoCAD LT 2000i Ita\AcPreview.ocx (Controllo AcPreview) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2655641F-43C8-4544-8DAE-A28356CBFC25}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454B2BAF-668B-45FB-AC58-D02785F626CD}: NameServer = 212.216.112.112,192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll) - c:\Programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Giorgio/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:1 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\Programmi\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/12/03 21.44.58 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/09 10.54.38 | 000,000,000 | ---D | C] -- C:\Programmi\WhoCrashed [2013/04/08 12.59.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgio\Application Data\addpcs [2013/04/08 12.58.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgio\Desktop\Zastita [2013/04/07 12.43.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgio\Application Data\Malwarebytes [2013/03/31 12.22.07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Giorgio\Recent [2013/03/31 10.25.13 | 000,000,000 | ---D | C] -- C:\efe0b77fa8068f4a3b5245701a00bd56 [2013/03/24 05.49.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Earth [2013/03/17 11.24.35 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/03/17 11.24.35 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013/03/11 20.15.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgio\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\*.tmp files -> C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/09 14.57.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/09 14.47.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/04/09 11.39.30 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Giorgio\Desktop\WhoCrashed.lnk [2013/04/09 11.34.39 | 000,188,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2013/04/09 11.33.51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/09 11.31.22 | 000,063,822 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2013/04/09 11.30.05 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job [2013/04/09 11.29.37 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/09 11.29.21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/09 11.29.18 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys [2013/04/09 02.17.02 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2013/04/08 23.08.04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2013/04/08 11.49.07 | 000,001,069 | ---- | M] () -- C:\WINDOWS\Citamis.str [2013/04/08 11.10.24 | 000,188,391 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2013/04/07 12.40.48 | 000,610,064 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat [2013/04/07 12.40.47 | 000,573,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/07 12.40.47 | 000,124,980 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat [2013/04/07 12.40.47 | 000,106,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/07 12.25.13 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/04/05 21.22.03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job [2013/04/03 17.32.04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/04/01 12.29.11 | 000,000,282 | -HS- | M] () -- C:\boot.ini [2013/04/01 11.55.28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/03/27 18.57.02 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/03/27 18.57.02 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/03/27 18.57.02 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/03/27 16.36.04 | 000,246,784 | ---- | M] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/27 16.17.44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/03/24 17.06.46 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\recently-used.xbel [2013/03/24 05.49.56 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2013/03/19 16.56.44 | 003,672,844 | ---- | M] () -- C:\Documents and Settings\Giorgio\Desktop\DSCN0872.JPG [2013/03/17 19.56.32 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Giorgio\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/03/16 19.57.41 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/03/16 19.57.40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/03/11 13.18.02 | 000,828,641 | ---- | M] () -- C:\Documents and Settings\Giorgio\Desktop\11022013025.jpg [27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\*.tmp files -> C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/09 10.54.41 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Giorgio\Desktop\WhoCrashed.lnk [2013/04/08 11.53.24 | 2145,533,952 | -HS- | C] () -- C:\hiberfil.sys [2013/03/24 17.06.46 | 000,001,485 | ---- | C] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\recently-used.xbel [2013/03/24 05.49.56 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2013/03/19 16.53.43 | 003,672,844 | ---- | C] () -- C:\Documents and Settings\Giorgio\Desktop\DSCN0872.JPG [2013/03/17 19.56.32 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\Giorgio\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/03/11 13.13.21 | 000,828,641 | ---- | C] () -- C:\Documents and Settings\Giorgio\Desktop\11022013025.jpg [2012/09/30 10.53.08 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\Giorgio\Application Data\default.pls [2012/09/25 20.42.48 | 000,028,022 | ---- | C] () -- C:\Documents and Settings\Giorgio\clip_image001.jpg [2012/07/05 09.09.43 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\funmoods-speeddial.crx [2012/07/05 09.09.42 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\funmoods.crx [2012/06/06 17.17.52 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Dp200.Ini [2012/05/20 03.39.10 | 000,793,406 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat [2012/05/04 14.08.51 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\softcoin.dll [2012/05/04 14.08.51 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\gencoin.dll [2012/04/11 16.27.51 | 000,204,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/03/16 19.10.20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Giorgio\Application Data\$_hpcst$.hpc [2012/02/16 09.50.17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/10/09 00.34.06 | 000,002,654 | ---- | C] () -- C:\WINDOWS\ScrEdit.INI [2011/06/25 18.40.07 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010/09/07 20.25.14 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Giorgio\.rnd [2010/08/19 11.55.23 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\MagicPlayDVD.ini [2010/05/29 14.38.26 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Giorgio\default.pls [2009/02/12 13.32.22 | 009,002,496 | ---- | C] () -- C:\Programmi\Trust WB-1400T Webcam.msi [2009/02/12 13.32.22 | 000,143,872 | ---- | C] () -- C:\Programmi\1040.MST [2009/02/12 13.32.22 | 000,005,186 | ---- | C] () -- C:\Programmi\0x0410.ini [2007/12/02 21.19.47 | 000,246,784 | ---- | C] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/11/29 14.13.27 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Giorgio\Impostazioni locali\Dati applicazioni\fusioncache.dat [2002/01/22 20.18.17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\addr_file.html [color=#E56717]========== ZeroAccess Check ==========[/color] [2004/09/09 10.58.54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Giorgio\Desktop\dds.scr:SummaryInformation @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2F6E6BD1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:8454DB29 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DE4DC172 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:02F6E5B7 < End of report >