Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove qone8.com


  • This topic is locked This topic is locked
13 replies to this topic

#1 TLT

TLT

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 19 November 2013 - 12:10 PM

One pc of mine is infected by qone8.com and others.
Here I seem to find the solution, exposed by Aaflac
(# 18 #21). But for me it is very difficult to understand and apply the instructions. I was a good user of IBM (AS/400), but now I'm a rusty retired, a simple user of PC. I use it a lot for social activities.
What to do? Start step by step and follow all the steps?
If something does not work or I can not go a
head?
Finally, perhaps the author (Aaflac) is able to compact all instructions in a single program
; like programmers use develop for simple users (like me) ?


Edited by TLT, 19 November 2013 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 November 2013 - 03:34 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 November 2013 - 07:55 AM

Hi Marius. Unfortunately I am in trouble.

Running adwcleaner I saw 2 found objects (to clean). Then I did hit clean; after working a little, the pc is turned off. I turned on the pc, I saw the expected text file (of adwcleaner), but, without doing anything, there was multiplied a Web Search (Mozilla) page and Smart Web Search (Mozilla) page. I could not do anything but shut down the pc. I turned on again, but could not do anything, seeing the “activity” of the “hourglass”. I had to turn off and on several times, but each time it is impossible to do anything. The pc only shows the “working” hourglass . I am writing using another computer. Now I have to go away and return late in the evening (italian time). Coming back home, I don't know what I can do.



#4 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 November 2013 - 08:14 AM

PS

The infected pc is with windows xp (born with windows 7 that disturbed me).

There is also an antivirus / firewall: "Protezione Computer" of italian Teletu provider.
About this, I have not found a way to suspend the operativity.



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 November 2013 - 09:49 AM

Boot into safe mode.

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 November 2013 - 05:28 PM

HI Marius.
Thank you very much for coming to my aid so quickly.
In my absence my wife tried again, and now the infected pc seems to work, we can work.
I had performed only these steps:
- Run adwcleaner.exe
- Hit Scan and wait for the scan to finish.
- Confirm the message but do not uncheck anything.
- Clean Hit
- When the run is finished, it will open up a text file
Here I was interrupted, the computer turned off. 
I found the text file, I post it here.
Now, can I go ahead sequentially with next steps? starting with:
Delete junk with JRT

......

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 12:02:51
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Utente - PC-ACER2
# Running from : C:\Documents and Settings\Utente\Documenti\Download\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : WsysSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\eSafe
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\wincert
Folder Deleted : C:\Programmi\Conduit
Folder Deleted : C:\Programmi\Searchprotect
Folder Deleted : C:\Programmi\Whilokii
Folder Deleted : C:\Programmi\Connect_DLC_5
Folder Deleted : C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Connect_DLC_5
Folder Deleted : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Conduit
Folder Deleted : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Connect_DLC_5
Folder Deleted : C:\DOCUME~1\Utente\IMPOST~1\Temp\eIntaller
Folder Deleted : C:\DOCUME~1\Utente\IMPOST~1\Temp\CT3306061
Folder Deleted : C:\Documents and Settings\Utente\Dati applicazioni\Searchprotect
Folder Deleted : C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Smartbar
Folder Deleted : C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\CT3306061
Folder Deleted : C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[!] Folder Deleted : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\END
File Deleted : C:\Programmi\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFC1BC47-DE35-498E-890E-9A5E3236D7F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3634FB0D-F7DD-4D1C-9A6A-369C30AE1448}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Dati applicazioni\eSafe\eGdpSvc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Whilokii
Key Deleted : HKCU\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Whilokii
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Whilokii
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (it)

[ File : C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\prefs.js ]

Line Deleted : user_pref("CT3306061.ConnectTB_activeApp", "%EF%F4%F9%FA%E7%ED%F8%E7%F3");
Line Deleted : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.FirstTime", "true");
Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3306061.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN13877323442002821&UM=2&q=");
Line Deleted : user_pref("CT3306061.Social_Instagram_lastFeed", "");
Line Deleted : user_pref("CT3306061.UserID", "UN13877323442002821");
Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.countryCode", "IT");
Line Deleted : user_pref("CT3306061.defaultSearch", "true");
Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3306061.enableAlerts", "true");
Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN13877323442002821.IN.20131103194638");
Line Deleted : user_pref("CT3306061.installDate", "03/11/2013 19:46:47");
Line Deleted : user_pref("CT3306061.installId", "stub.exe");
Line Deleted : user_pref("CT3306061.installSessionId", "{E7EB3E05-9E62-485B-A17B-0E00A5A7750D}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3306061.installUsage", "2013-11-03T22:04:27.3181885+03:00");
Line Deleted : user_pref("CT3306061.installUsageEarly", "2013-11-03T22:04:25.7737786+03:00");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=15&CUI=UN13877323442002821&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3306061.lastVersion", "10.22.3.518");
Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://ConnectDLC5.OurToolbar.com/\",\"EB_TOO[...]
Line Deleted : user_pref("CT3306061.openThankYouPage", "false");
Line Deleted : user_pref("CT3306061.openUninstallPage", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "hxxp://start.qone8.com/?type=hp&ts=1382379790&from=cor&uid=TOSHIBAXMK6465GSX_11KGS0VYSXX11KGS0VYS");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "qone8");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "qone8");
Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Deleted : user_pref("CT3306061.search.searchCount", "0");
Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ConnectDLC5.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1384894845049");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1384464027984");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1384894838942");
Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1384715069375");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1383505467570");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1383505469181");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383993779546");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.21.1.7_lastUpdate", "1383519912643");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384120202473");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.22.3.518_lastUpdate", "1384937783180");
Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1384715069340");
Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1384894843430");
Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1384894838869");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1384894842470");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1384937782793");
Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1384894838819");
Line Deleted : user_pref("CT3306061.settingsINI", true);
Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");
Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Deleted : user_pref("CT3306061.startPage", "true");
Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "3-11-2013");
Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "20-11-2013");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "03-11-2013 19:46:38");
Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Sun Nov 03 2013 20:04:29 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384939055774,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN13877323442002821&UM=2&UP=SPA13084B3-DA4E-470A-B5C1-BF996419C329");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN13877323442002821&UM=2&UP=SPA13084B3-DA4E-470A-B5C1-BF996419C329");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.hp.lastGuardTime", 370502175);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.installDate", "2013053123");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.partnerId", "^AIC^xdm006^YY^it");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.partnerSubId", "CKvylu2hwbcCFUyS3godIzwAMA");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.installation.toolbarId", "B83B0F2C-A332-4422-A798-3216F33DB05C");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.lastActivePing", "1370465070333");
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._6xMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "readingfanatic@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "readingfanatic@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN13877323442002821&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN13877323442002821&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN13877323442002821&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?SSP[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "WDQ7IBJNSD6PVTG5OCAI5J4/XJJF7N3RETWZW6HYRWGWQAGAUIAOVRLJWTDZXYXREF7YBPDFXZH2LCVIWIGI0W");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN13877323442002821&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [46351 octets] - [23/08/2013 11:34:29]
AdwCleaner[R1].txt - [20543 octets] - [20/11/2013 11:51:59]
AdwCleaner[S0].txt - [46742 octets] - [23/08/2013 11:35:56]
AdwCleaner[S1].txt - [20449 octets] - [20/11/2013 12:02:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [20510 octets] ##########
 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 21 November 2013 - 05:47 AM

OK, then it worked! :)

 

Are you still getting redirects?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 November 2013 - 04:29 PM

Hi Marius.

Once again a complication.

I ran junkware Removal Tool.
After a while, I saw that it was stationary on a window (comand window), black, empty, with only two lines:
checking processes
checking services

I left so more than 3 hours. Then I saw that it was locked, not accepting any action, I had to shut down the pc.
Turned on again, remained blocked. Like yesterday, I had to turn off and on several times until it was once more operating.
But I can not find the file JRT.txt.
Now my question is: have I to repeat Junkware Removal Tool. ? if so, I think the same will happen.
Or what could I do?

In the same time, activating Mozilla (which I associate with Google), appears Web Search, or Smart Web Search. (with http://static.flipora.com/websearch.html?u=21723774&t=60.0&gl=it&tv=v60&jes=true)

Maybe was pulled by Qone8 ?

Thank you for your patience.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 22 November 2013 - 03:18 AM

Yes, that comes from qone8.

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 22 November 2013 - 09:38 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Utente (administrator) on PC-ACER2 on 22-11-2013 13:27:53
Running from C:\Documents and Settings\Utente\Documenti\Download
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CANON INC.) C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE
(ScanSoft, Inc.) C:\Programmi\ScanSoft\OmniPagePro12.0\Opware12.exe
(Microsoft Corporation) C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\fshoster32.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Common\FSM32.EXE
(Apple Inc.) C:\Programmi\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Programmi\File comuni\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Documents and Settings\Utente\Documenti\Skype 6\Phone\Skype.exe
(Nokia) C:\Programmi\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corporation) C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Programmi\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\fshoster32.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\apps\CCF_Reputation\fsorsp.exe
() C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
(Oracle Corporation) C:\Programmi\Java\jre7\bin\jqs.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
(Nitro PDF Software) C:\Programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Apple Inc.) C:\Programmi\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Common\FSMA32.EXE
(Nokia) C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
(Advanced Micro Devices Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Nokia) C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Mozilla Corporation) C:\Programmi\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programmi\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [CanonMyPrinter] - C:\Programmi\Canon\MyPrinter\BJMYPRT.EXE [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [Opware12] - C:\Programmi\ScanSoft\OmniPagePro12.0\opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TrayServer] - C:\Programmi\MAGIX\Video_deluxe_15_Plus\Trayserver.exe [90112 2008-08-18] (MAGIX AG)
HKLM\...\Run: [F-Secure Hoster (4730505)] - C:\Programmi\Opzione Sicurezza Internet\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] - C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Common\FSM32.EXE [310992 2012-10-18] (F-Secure Corporation)
HKLM\...\Run: [APSDaemon] - C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Programmi\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-10-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Programmi\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programmi\File comuni\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [Skype] - C:\Documents and Settings\Utente\Documenti\Skype 6\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Programmi\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [iLivid] - "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\iLivid\iLivid.exe" -autorun
HKCU\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] - 0
MountPoints2: ##boban#i - Z:\Setup.exe -auto
AppInit_DLLs: C:\Windows\System32\  [ ] ()
IMEO\Your Image File Name Here without a path: [Debugger]
Startup: C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {042ECBEC-16CD-48FA-AE79-58BABCE46A31} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN27174302163369278&UM=2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Indirizzo - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - Co&llegamenti - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8492032 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programmi\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://static.flipora.com/websearch.html?u=21723774&t=60.0&gl=it&tv=v60
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programmi\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programmi\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Programmi\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @nitropdf.com/NitroPDF - C:\Programmi\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nokia.com/EnablerPlugin - C:\Programmi\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @ReadingFanatic_6x.com/Plugin - C:\Programmi\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll No File
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Programmi\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\searchplugins\bestsocialfeed.xml
FF SearchPlugin: C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\searchplugins\infoaxe.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: ReadingFanatic - C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\6xffxtbr@ReadingFanatic_6x.com
FF Extension: Friend Connect - C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\{30763f38-fc3c-40cc-97ea-b1c4075f506d}
FF Extension: Connect with friends and discover the best of the Web - C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\{3EB3C1FE-4FED-4ef7-A78C-6616E2521FB5}
FF Extension: jid1-ReWlW1efOwaQJQ - C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\jid1-ReWlW1efOwaQJQ@jetpack.xpi
FF HKLM\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Programmi\ReadingFanatic_6x\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (Google Drive) - C:\DOCUME~1\Utente\IMPOST~1\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Utente\IMPOST~1\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Utente\IMPOST~1\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\DOCUME~1\Utente\IMPOST~1\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Programmi\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx
CHR HKLM\...\Chrome\Extension: [loemjcdefhdidbjiflmobkpjohbfefee] - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\CRE\loemjcdefhdidbjiflmobkpjohbfefee.crx

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-13] (Adobe Systems)
R2 Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
R2 Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S3 FirebirdServerMAGIXInstance; C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 fshoster; C:\Programmi\Opzione Sicurezza Internet\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
R3 FSMA; C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Common\FSMA32.EXE [208592 2012-10-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Programmi\Opzione Sicurezza Internet\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2012-11-17] (Google Inc.)
S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2012-11-17] (Google Inc.)
R2 IJPLMSVC; C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R3 iPod Service; C:\Programmi\iPod\bin\iPodService.exe [553288 2013-08-16] (Apple Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-15] (Mozilla Foundation)
R2 NitroReaderDriverReadSpool3; C:\Programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-01-14] (Nitro PDF Software)
S3 odserv; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R3 ServiceLayer; C:\Programmi\PC Connectivity Solution\ServiceLayer.exe [732648 2012-12-19] (Nokia)
S2 SkypeUpdate; C:\Documents and Settings\Utente\Documenti\Skype 6\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S3 UPnPService; C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programmi\Java\jre7\bin\jqs.exe" -service -config "C:\Programmi\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1963936 2011-03-11] (Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [146288 2013-10-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73328 2013-10-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-06-21] ()
R3 fsni; C:\Programmi\Opzione Sicurezza Internet\apps\CCF_Scanning\fsnixp32.sys [50112 2013-04-25] (F-Secure Corporation)
R3 fsnitdi; C:\Programmi\Opzione Sicurezza Internet\apps\CCF_Scanning\fsnitdi32.sys [21952 2013-04-25] (F-Secure Corporation)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R0 IFP800; C:\Windows\System32\drivers\ifp800.sys [14531 2004-03-29] (iRiver, Inc.)
R3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [237096 2012-06-01] (Broadcom Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-16] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-22 13:27 - 2013-11-22 13:27 - 00000000 ____D C:\FRST
2013-11-20 10:26 - 2013-11-22 13:21 - 00185124 _____ C:\Documents and Settings\Utente\Documenti\how to remove qone8.com - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2013-11-20 10:26 - 2013-11-22 13:21 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\how to remove qone8.com - Virus, Trojan, Spyware, and Malware Removal Logs_files
2013-11-20 08:38 - 2013-11-20 20:59 - 00000000 ____D C:\Programmi\Mozilla Thunderbird
2013-11-19 23:38 - 2013-11-19 23:40 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\x signorelli - copia dei file - ricerca signorelli
2013-11-19 20:01 - 2013-11-19 20:01 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\TuneUp Software
2013-11-19 19:59 - 2013-11-22 10:04 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVG2014
2013-11-19 19:59 - 2013-11-22 10:03 - 00000000 ___HD C:\$AVG
2013-11-19 19:45 - 2013-11-22 10:06 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\MFAData
2013-11-19 19:45 - 2013-11-19 19:45 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\MFAData
2013-11-19 17:59 - 2013-11-19 17:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$
2013-11-17 21:17 - 2013-11-17 21:17 - 00481280 _____ C:\Documents and Settings\Utente\Documenti\LECCIONES DE POLITICA.pps
2013-11-17 21:13 - 2013-11-17 21:13 - 00528394 _____ C:\Documents and Settings\Utente\Documenti\Triesteparolando.htm
2013-11-17 21:13 - 2013-11-17 21:13 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Triesteparolando_files
2013-11-17 00:14 - 2013-11-19 18:00 - 00012465 _____ C:\WINDOWS\KB939683.log
2013-11-15 23:16 - 2013-11-15 23:16 - 00022921 _____ C:\Documents and Settings\Utente\Documenti\memo - alcuni miei post su disqus-com.odt
2013-11-15 21:56 - 2013-11-16 10:00 - 00000000 ____D C:\Programmi\Mozilla Firefox
2013-11-15 00:59 - 2013-11-15 00:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 00:58 - 2013-11-15 00:58 - 00008952 _____ C:\WINDOWS\KB2900986.log
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 00:56 - 2013-11-15 00:58 - 00011210 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 00:55 - 2013-11-15 00:55 - 00004173 _____ C:\WINDOWS\KB954154.log
2013-11-15 00:55 - 2013-11-15 00:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$
2013-11-14 12:38 - 2013-11-15 00:59 - 00014575 _____ C:\WINDOWS\KB2868626.log
2013-11-14 12:38 - 2013-11-15 00:58 - 00013545 _____ C:\WINDOWS\KB2862152.log
2013-11-14 12:38 - 2013-11-15 00:58 - 00013081 _____ C:\WINDOWS\KB2876331.log
2013-11-12 20:24 - 2013-11-12 20:24 - 00000355 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ussclean
2013-11-12 20:07 - 2013-11-12 20:07 - 00005547 _____ C:\WINDOWS\MSCompPackV1.log
2013-11-12 20:07 - 2013-11-12 20:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2013-11-12 20:07 - 2010-07-05 14:20 - 00018808 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2013-11-12 20:06 - 2013-11-12 20:07 - 00017710 _____ C:\WINDOWS\wmp11.log
2013-11-12 20:06 - 2013-11-12 20:07 - 00000000 ____D C:\a7140370f630391107b680940ae884d3
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Programmi\Windows Media Connect 2
2013-11-12 16:43 - 2013-11-12 16:43 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Wisdom-soft
2013-11-12 15:40 - 2013-11-12 15:40 - 00748854 _____ C:\Documents and Settings\Utente\Documenti\2013-11-12_154005.bmp
2013-11-12 15:39 - 2013-11-12 15:39 - 00237950 _____ C:\Documents and Settings\Utente\Documenti\2013-11-12_153932.bmp
2013-11-12 15:30 - 2013-11-12 15:30 - 00004970 _____ C:\Documents and Settings\All Users\Dati applicazioni\xgneqrwu.hrx
2013-11-12 15:30 - 2013-11-12 15:30 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Movavi
2013-11-12 15:30 - 2013-11-12 15:30 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\MOVAVI
2013-11-12 15:25 - 2013-11-12 15:25 - 00000875 _____ C:\Documents and Settings\All Users\Desktop\Movavi Screen Capture Studio 4.lnk
2013-11-12 15:24 - 2013-11-12 15:25 - 00000000 ____D C:\Programmi\Movavi Screen Capture Studio 4
2013-11-12 14:06 - 2013-11-21 21:40 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Provincia di Trieste   Il viaggio di Marco Cavallo_files
2013-11-12 14:06 - 2013-11-12 14:06 - 00026576 _____ C:\Documents and Settings\Utente\Documenti\Provincia di Trieste   Il viaggio di Marco Cavallo.htm
2013-11-12 12:33 - 2013-11-19 15:53 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\PaperlessPrinter Docs
2013-11-12 12:23 - 2013-11-12 12:43 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Musicnotes
2013-11-12 12:23 - 2013-11-12 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Musicnotes
2013-11-12 12:22 - 2013-11-12 12:28 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Musicnotes
2013-11-12 12:22 - 2013-11-12 12:22 - 00000803 _____ C:\Documents and Settings\All Users\Desktop\Musicnotes Player.lnk
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Programmi\Musicnotes
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Musicnotes
2013-11-12 11:46 - 2013-11-12 11:46 - 00094947 _____ C:\Documents and Settings\Utente\Documenti\Your Receipt - Musicnotes.com.htm
2013-11-12 11:46 - 2013-11-12 11:46 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Your Receipt - Musicnotes.com_files
2013-11-11 08:24 - 2013-11-11 08:24 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\F-Secure
2013-11-09 17:01 - 2013-11-16 13:39 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\-----     ALICE Banfi Holden Cossu ecc da Acer1 9nov13
2013-11-09 13:14 - 2013-11-09 13:14 - 00000372 _____ C:\Documents and Settings\Utente\Desktop\Documenti (2).lnk
2013-11-09 12:28 - 2013-11-09 12:30 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\-----     dalla chiavetta di silvano 8Novembre2013 firme
2013-11-09 11:27 - 2013-11-09 11:27 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PCHealth
2013-11-09 09:44 - 2013-11-09 09:44 - 00000355 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ussclean.tmp
2013-11-07 18:01 - 2013-11-10 22:53 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Sterno spezzato per rianimarlo  6 indagati per omicidio colposo - Cronaca - Il Piccolo_files
2013-11-07 18:01 - 2013-11-07 18:01 - 00142392 _____ C:\Documents and Settings\Utente\Documenti\Sterno spezzato per rianimarlo  6 indagati per omicidio colposo - Cronaca - Il Piccolo.htm
2013-11-07 17:57 - 2013-11-17 12:26 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Psichiatria  Marco Cavallo parte in tournée per abbattere altri muri - Cronaca - Il Piccolo_files
2013-11-07 17:57 - 2013-11-12 13:16 - 00162305 _____ C:\Documents and Settings\Utente\Documenti\Psichiatria  Marco Cavallo parte in tournée per abbattere altri muri - Cronaca - Il Piccolo.htm
2013-11-05 17:23 - 2013-11-05 17:23 - 00018395 _____ C:\Documents and Settings\Utente\Documenti\coppia sorrentino de valle.odt
2013-11-05 16:28 - 2013-11-05 16:28 - 00000000 ____D C:\Programmi\Paperless Converter
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 ____D C:\Programmi\Rarefind
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Paperless Printer
2013-11-05 16:10 - 2012-01-11 02:13 - 00037376 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\plpx3x86.dll
2013-11-05 12:16 - 2013-11-05 12:27 - 00012151 _____ C:\Documents and Settings\Utente\Documenti\zannerini e marinella.odt
2013-11-04 20:41 - 2013-11-04 20:42 - 02788355 _____ C:\Documents and Settings\Utente\Documenti\marinella-zannerini.odt
2013-11-03 19:13 - 2013-11-03 19:13 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Blocchi appunti di OneNote
2013-11-03 19:11 - 2013-11-03 20:06 - 00000000 ____D C:\Documents and Settings\All Users\Documenti\FreeBurner
2013-11-03 19:11 - 2013-11-03 19:11 - 00000877 _____ C:\Documents and Settings\Utente\Menu Avvio\Programmi\Free Easy CD DVD Burner.lnk
2013-11-03 19:11 - 2013-11-03 19:11 - 00000831 _____ C:\Documents and Settings\Utente\Desktop\Free Easy Burner.lnk
2013-11-03 19:11 - 2013-11-03 19:11 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\FreeBurner
2013-11-03 19:11 - 2013-11-03 19:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Free Easy Burner
2013-11-03 19:11 - 2011-09-28 09:20 - 00484352 _____ C:\WINDOWS\system32\lame_enc.dll
2013-11-03 19:11 - 2011-09-28 09:20 - 00200704 _____ (vbAccelerator) C:\WINDOWS\system32\vbalExpBar6.ocx
2013-11-03 19:11 - 2011-09-28 09:20 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
2013-11-03 19:11 - 2011-09-28 09:20 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCFR.DLL
2013-11-03 19:11 - 2011-09-28 09:20 - 00119568 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6FR.DLL
2013-11-03 19:11 - 2011-09-28 09:20 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinet.OCX
2013-11-03 19:11 - 2011-09-28 09:20 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6STKIT.DLL
2013-11-03 19:11 - 2011-09-28 09:20 - 00040960 _____ (vbAccelerator) C:\WINDOWS\system32\SSubTmr6.dll
2013-11-03 19:11 - 2011-09-28 09:20 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMDLGFR.DLL
2013-11-03 19:11 - 2011-09-28 09:20 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetfr.DLL
2013-11-03 19:10 - 2013-11-03 19:11 - 00000000 ____D C:\Programmi\Free Easy CD DVD Burner
2013-11-02 12:05 - 2013-11-02 12:05 - 02901262 _____ C:\Documents and Settings\All Users\Desktop\fsdiag.zip
2013-11-02 01:04 - 2013-11-02 01:04 - 00011225 _____ C:\Documents and Settings\Utente\Documenti\lista-indirizzi-TLT-con-virgole.odt
2013-10-30 09:57 - 2013-10-30 16:02 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\---------     worrk area x filmato pulizie cimitero AU
2013-10-30 09:49 - 2013-10-30 09:49 - 00001734 _____ C:\Documents and Settings\Utente\Documenti\Disco 2013-10-30.MVP
2013-10-28 18:00 - 2013-10-28 18:02 - 01745408 _____ C:\Documents and Settings\Utente\Documenti\sentenza tar 13ott13.dot
2013-10-28 12:18 - 2013-10-28 12:18 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Sibelius Software
2013-10-28 11:26 - 2013-10-28 11:26 - 00578522 _____ C:\Documents and Settings\Utente\Documenti\domio-abusi-01-.psd
2013-10-28 10:48 - 2013-10-28 10:48 - 00000000 ____D C:\Programmi\Sibelius Software
2013-10-28 10:42 - 2013-10-28 12:54 - 00560198 _____ C:\Documents and Settings\Utente\Dati applicazioni\Scorch_Install.log
2013-10-24 21:53 - 2013-10-24 22:26 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\---          RINO copia documenti vari x lavoro x avv Pardi
2013-10-23 23:41 - 2013-10-23 23:41 - 00015899 _____ C:\Documents and Settings\Utente\Documenti\alla casa del libro.odt
2013-10-23 06:40 - 2013-10-23 06:40 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Sun

==================== One Month Modified Files and Folders =======

2013-11-22 13:27 - 2013-11-22 13:27 - 00000000 ____D C:\FRST
2013-11-22 13:27 - 2012-11-14 10:43 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Download
2013-11-22 13:21 - 2013-11-20 10:26 - 00185124 _____ C:\Documents and Settings\Utente\Documenti\how to remove qone8.com - Virus, Trojan, Spyware, and Malware Removal Logs.htm
2013-11-22 13:21 - 2013-11-20 10:26 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\how to remove qone8.com - Virus, Trojan, Spyware, and Malware Removal Logs_files
2013-11-22 13:21 - 2012-11-12 19:07 - 00000000 ___RD C:\Documents and Settings\Utente\Documenti
2013-11-22 13:18 - 2012-11-17 21:34 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-22 13:07 - 2013-01-02 14:29 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Skype
2013-11-22 12:56 - 2012-11-19 20:57 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-22 11:18 - 2012-11-12 10:14 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-22 10:17 - 2012-11-12 10:06 - 02081986 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-22 10:07 - 2012-11-12 10:55 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-22 10:07 - 2012-11-12 10:54 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-22 10:07 - 2001-08-31 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-22 10:06 - 2013-11-19 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\MFAData
2013-11-22 10:06 - 2012-11-17 21:34 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 10:06 - 2012-11-12 19:07 - 00000000 __RHD C:\Documents and Settings\Utente\Dati applicazioni
2013-11-22 10:06 - 2012-11-12 19:07 - 00000000 ___HD C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni
2013-11-22 10:06 - 2012-11-12 10:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-22 10:05 - 2012-11-12 19:07 - 00000194 ___SH C:\Documents and Settings\Utente\ntuser.ini
2013-11-22 10:05 - 2012-11-12 18:00 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-22 10:04 - 2013-11-19 19:59 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVG2014
2013-11-22 10:04 - 2012-11-12 10:50 - 00000000 ___RD C:\Programmi
2013-11-22 10:03 - 2013-11-19 19:59 - 00000000 ___HD C:\$AVG
2013-11-22 10:03 - 2013-09-13 17:30 - 00109094 _____ C:\WINDOWS\setupapi.log
2013-11-22 10:03 - 2012-11-12 10:50 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi
2013-11-22 09:58 - 2013-09-09 11:20 - 00000000 ____D C:\Programmi\Amazon
2013-11-22 09:58 - 2013-09-09 11:20 - 00000000 ____D C:\Documents and Settings\Utente\Menu Avvio\Programmi\Amazon
2013-11-21 21:40 - 2013-11-12 14:06 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Provincia di Trieste   Il viaggio di Marco Cavallo_files
2013-11-21 08:56 - 2012-11-12 19:35 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service
2013-11-21 00:15 - 2012-11-12 19:07 - 00000000 ____D C:\Documents and Settings\Utente
2013-11-20 20:59 - 2013-11-20 08:38 - 00000000 ____D C:\Programmi\Mozilla Thunderbird
2013-11-20 12:03 - 2013-08-23 11:34 - 00000000 ____D C:\AdwCleaner
2013-11-20 12:03 - 2012-11-12 10:49 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni
2013-11-20 12:03 - 2012-11-12 10:11 - 00000000 ___HD C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni
2013-11-20 09:56 - 2012-11-12 19:07 - 00000000 ___RD C:\Documents and Settings\Utente\Menu Avvio\Programmi
2013-11-20 09:51 - 2013-06-05 06:35 - 00000783 _____ C:\Documents and Settings\Utente\Menu Avvio\Programmi\Internet Explorer.lnk
2013-11-20 09:51 - 2012-11-17 21:35 - 00001777 _____ C:\Documents and Settings\Utente\Desktop\Google Chrome.lnk
2013-11-20 09:51 - 2012-11-12 19:35 - 00000702 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
2013-11-20 09:51 - 2012-11-12 19:35 - 00000696 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-11-20 09:49 - 2012-11-12 19:07 - 00000000 ___RD C:\Documents and Settings\Utente\Menu Avvio
2013-11-19 23:41 - 2012-11-27 15:55 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\vlc
2013-11-19 23:40 - 2013-11-19 23:38 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\x signorelli - copia dei file - ricerca signorelli
2013-11-19 23:37 - 2013-01-26 23:12 - 00000000 ____D C:\-----     2011 tutti i testi
2013-11-19 23:37 - 2013-01-26 23:11 - 00000000 ____D C:\-----     2010 tutti i testi
2013-11-19 23:29 - 2013-01-26 23:11 - 00000000 ____D C:\-----     2009 tutti i testi
2013-11-19 21:05 - 2012-11-13 13:10 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\attivazione cs2
2013-11-19 20:55 - 2013-06-22 11:48 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-19 20:01 - 2013-11-19 20:01 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\TuneUp Software
2013-11-19 19:45 - 2013-11-19 19:45 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\MFAData
2013-11-19 18:00 - 2013-11-17 00:14 - 00012465 _____ C:\WINDOWS\KB939683.log
2013-11-19 18:00 - 2012-11-12 10:50 - 01220800 _____ C:\WINDOWS\iis6.log
2013-11-19 18:00 - 2012-11-12 10:50 - 01093527 _____ C:\WINDOWS\FaxSetup.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00546435 _____ C:\WINDOWS\ocgen.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00508960 _____ C:\WINDOWS\tsoc.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00373871 _____ C:\WINDOWS\comsetup.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00338852 _____ C:\WINDOWS\msmqinst.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00226754 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00193002 _____ C:\WINDOWS\netfxocm.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00078602 _____ C:\WINDOWS\MedCtrOC.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00068767 _____ C:\WINDOWS\ocmsn.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00055522 _____ C:\WINDOWS\tabletoc.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00055291 _____ C:\WINDOWS\msgsocm.log
2013-11-19 18:00 - 2012-11-12 10:50 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-19 17:59 - 2013-11-19 17:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$
2013-11-19 15:53 - 2013-11-12 12:33 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\PaperlessPrinter Docs
2013-11-17 23:03 - 2013-06-02 09:49 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\-----     MP3 da registraz 2013
2013-11-17 22:01 - 2013-01-27 15:24 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\cantina 2011 testi
2013-11-17 21:17 - 2013-11-17 21:17 - 00481280 _____ C:\Documents and Settings\Utente\Documenti\LECCIONES DE POLITICA.pps
2013-11-17 21:13 - 2013-11-17 21:13 - 00528394 _____ C:\Documents and Settings\Utente\Documenti\Triesteparolando.htm
2013-11-17 21:13 - 2013-11-17 21:13 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Triesteparolando_files
2013-11-17 12:26 - 2013-11-07 17:57 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Psichiatria  Marco Cavallo parte in tournée per abbattere altri muri - Cronaca - Il Piccolo_files
2013-11-16 21:15 - 2013-05-29 21:45 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\----------          WORK PROVVISORIO PER RICERCA
2013-11-16 13:39 - 2013-11-09 17:01 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\-----     ALICE Banfi Holden Cossu ecc da Acer1 9nov13
2013-11-16 10:00 - 2013-11-15 21:56 - 00000000 ____D C:\Programmi\Mozilla Firefox
2013-11-15 23:16 - 2013-11-15 23:16 - 00022921 _____ C:\Documents and Settings\Utente\Documenti\memo - alcuni miei post su disqus-com.odt
2013-11-15 10:45 - 2013-02-04 13:38 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Nitro PDF
2013-11-15 00:59 - 2013-11-15 00:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 00:59 - 2013-11-14 12:38 - 00014575 _____ C:\WINDOWS\KB2868626.log
2013-11-15 00:59 - 2013-02-01 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2013-11-15 00:59 - 2012-11-12 11:11 - 00185761 _____ C:\WINDOWS\updspapi.log
2013-11-15 00:59 - 2012-11-12 10:50 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-15 00:58 - 2013-11-15 00:58 - 00008952 _____ C:\WINDOWS\KB2900986.log
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 00:58 - 2013-11-15 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 00:58 - 2013-11-15 00:56 - 00011210 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 00:58 - 2013-11-14 12:38 - 00013545 _____ C:\WINDOWS\KB2862152.log
2013-11-15 00:58 - 2013-11-14 12:38 - 00013081 _____ C:\WINDOWS\KB2876331.log
2013-11-15 00:55 - 2013-11-15 00:55 - 00004173 _____ C:\WINDOWS\KB954154.log
2013-11-15 00:55 - 2013-11-15 00:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$
2013-11-15 00:55 - 2013-08-01 23:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-15 00:47 - 2013-06-05 00:34 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 15:30 - 2013-02-20 15:55 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\--------------          GOOGLE MY DRIVE
2013-11-13 07:58 - 2012-11-12 11:17 - 00096942 _____ C:\WINDOWS\spupdsvc.log
2013-11-13 00:00 - 2013-06-05 00:26 - 00046406 _____ C:\WINDOWS\KB2378111.log
2013-11-13 00:00 - 2012-11-12 10:02 - 00046396 _____ C:\WINDOWS\wmsetup.log
2013-11-12 21:44 - 2012-11-14 19:29 - 00053760 _____ C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-12 20:24 - 2013-11-12 20:24 - 00000355 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ussclean
2013-11-12 20:22 - 2012-11-12 10:08 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-11-12 20:22 - 2012-11-12 10:08 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-11-12 20:07 - 2013-11-12 20:07 - 00005547 _____ C:\WINDOWS\MSCompPackV1.log
2013-11-12 20:07 - 2013-11-12 20:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2013-11-12 20:07 - 2013-11-12 20:06 - 00017710 _____ C:\WINDOWS\wmp11.log
2013-11-12 20:07 - 2013-11-12 20:06 - 00000000 ____D C:\a7140370f630391107b680940ae884d3
2013-11-12 20:07 - 2012-11-12 19:07 - 00000810 _____ C:\Documents and Settings\Utente\Menu Avvio\Programmi\Windows Media Player.lnk
2013-11-12 20:07 - 2001-08-31 13:00 - 00000582 _____ C:\WINDOWS\win.ini
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Programmi\Windows Media Connect 2
2013-11-12 20:06 - 2013-03-06 16:30 - 00053036 _____ C:\WINDOWS\WMFDist11.log
2013-11-12 20:06 - 2012-11-12 10:43 - 00000000 ____D C:\WINDOWS\Help
2013-11-12 20:06 - 2012-11-12 10:02 - 00000000 ___RD C:\Documents and Settings\All Users\Documenti\Musica
2013-11-12 20:04 - 2013-03-06 16:29 - 00010786 _____ C:\WINDOWS\Wudf01000Inst.log
2013-11-12 17:37 - 2012-11-12 10:49 - 00515360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-12 17:20 - 2013-06-22 14:00 - 00001626 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-11-12 17:20 - 2013-06-22 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\QuickTime
2013-11-12 17:20 - 2013-06-22 13:59 - 00000000 ____D C:\Programmi\QuickTime
2013-11-12 16:43 - 2013-11-12 16:43 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Wisdom-soft
2013-11-12 15:52 - 2012-11-12 19:07 - 00150176 _____ C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2013-11-12 15:40 - 2013-11-12 15:40 - 00748854 _____ C:\Documents and Settings\Utente\Documenti\2013-11-12_154005.bmp
2013-11-12 15:39 - 2013-11-12 15:39 - 00237950 _____ C:\Documents and Settings\Utente\Documenti\2013-11-12_153932.bmp
2013-11-12 15:31 - 2012-11-14 19:28 - 00000000 ___RD C:\Documents and Settings\Utente\Documenti\Video
2013-11-12 15:30 - 2013-11-12 15:30 - 00004970 _____ C:\Documents and Settings\All Users\Dati applicazioni\xgneqrwu.hrx
2013-11-12 15:30 - 2013-11-12 15:30 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Movavi
2013-11-12 15:30 - 2013-11-12 15:30 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\MOVAVI
2013-11-12 15:30 - 2012-11-12 10:43 - 00000000 ____D C:\WINDOWS\system
2013-11-12 15:25 - 2013-11-12 15:25 - 00000875 _____ C:\Documents and Settings\All Users\Desktop\Movavi Screen Capture Studio 4.lnk
2013-11-12 15:25 - 2013-11-12 15:24 - 00000000 ____D C:\Programmi\Movavi Screen Capture Studio 4
2013-11-12 15:25 - 2012-11-12 10:00 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi\Accessori
2013-11-12 14:06 - 2013-11-12 14:06 - 00026576 _____ C:\Documents and Settings\Utente\Documenti\Provincia di Trieste   Il viaggio di Marco Cavallo.htm
2013-11-12 13:16 - 2013-11-07 17:57 - 00162305 _____ C:\Documents and Settings\Utente\Documenti\Psichiatria  Marco Cavallo parte in tournée per abbattere altri muri - Cronaca - Il Piccolo.htm
2013-11-12 12:43 - 2013-11-12 12:23 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Musicnotes
2013-11-12 12:28 - 2013-11-12 12:22 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Musicnotes
2013-11-12 12:23 - 2013-11-12 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Musicnotes
2013-11-12 12:22 - 2013-11-12 12:22 - 00000803 _____ C:\Documents and Settings\All Users\Desktop\Musicnotes Player.lnk
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Programmi\Musicnotes
2013-11-12 12:22 - 2013-11-12 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Musicnotes
2013-11-12 12:22 - 2012-11-12 19:07 - 00000000 ___RD C:\Documents and Settings\Utente\Preferiti
2013-11-12 11:46 - 2013-11-12 11:46 - 00094947 _____ C:\Documents and Settings\Utente\Documenti\Your Receipt - Musicnotes.com.htm
2013-11-12 11:46 - 2013-11-12 11:46 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Your Receipt - Musicnotes.com_files
2013-11-11 08:24 - 2013-11-11 08:24 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\F-Secure
2013-11-10 22:53 - 2013-11-07 18:01 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Sterno spezzato per rianimarlo  6 indagati per omicidio colposo - Cronaca - Il Piccolo_files
2013-11-10 22:53 - 2013-08-28 08:20 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Southern Central Europe. (insets) (Vicinity of Bern, Basel, Zurich, Trieste Free Territory, and Budapest). - David Rumsey Historical Map Collection_files
2013-11-10 22:53 - 2013-03-01 20:28 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Il porto di Trieste, la sua logistica e il punto franco _ Seareporter.it_files
2013-11-09 18:43 - 2013-02-03 21:57 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\x work file x libro
2013-11-09 13:32 - 2013-08-20 23:18 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\----------          fascicolo DELACQUA
2013-11-09 13:14 - 2013-11-09 13:14 - 00000372 _____ C:\Documents and Settings\Utente\Desktop\Documenti (2).lnk
2013-11-09 12:30 - 2013-11-09 12:28 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\-----     dalla chiavetta di silvano 8Novembre2013 firme
2013-11-09 11:27 - 2013-11-09 11:27 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PCHealth
2013-11-09 09:44 - 2013-11-09 09:44 - 00000355 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ussclean.tmp
2013-11-07 18:01 - 2013-11-07 18:01 - 00142392 _____ C:\Documents and Settings\Utente\Documenti\Sterno spezzato per rianimarlo  6 indagati per omicidio colposo - Cronaca - Il Piccolo.htm
2013-11-06 08:26 - 2013-01-02 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Skype
2013-11-06 08:25 - 2013-01-02 14:27 - 00000000 ___RD C:\Documents and Settings\Utente\Documenti\Skype 6
2013-11-05 17:23 - 2013-11-05 17:23 - 00018395 _____ C:\Documents and Settings\Utente\Documenti\coppia sorrentino de valle.odt
2013-11-05 16:28 - 2013-11-05 16:28 - 00000000 ____D C:\Programmi\Paperless Converter
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 ____D C:\Programmi\Rarefind
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Paperless Printer
2013-11-05 12:27 - 2013-11-05 12:16 - 00012151 _____ C:\Documents and Settings\Utente\Documenti\zannerini e marinella.odt
2013-11-04 20:42 - 2013-11-04 20:41 - 02788355 _____ C:\Documents and Settings\Utente\Documenti\marinella-zannerini.odt
2013-11-03 21:13 - 2012-11-12 10:49 - 00169937 _____ C:\WINDOWS\setupact.log
2013-11-03 20:23 - 2013-06-13 20:16 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\OpenOffice.org 3.4.1 (it) Installation Files
2013-11-03 20:06 - 2013-11-03 19:11 - 00000000 ____D C:\Documents and Settings\All Users\Documenti\FreeBurner
2013-11-03 19:47 - 2012-12-04 12:27 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\CRE
2013-11-03 19:13 - 2013-11-03 19:13 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\Blocchi appunti di OneNote
2013-11-03 19:13 - 2012-11-12 19:07 - 00000000 ___RD C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica
2013-11-03 19:11 - 2013-11-03 19:11 - 00000877 _____ C:\Documents and Settings\Utente\Menu Avvio\Programmi\Free Easy CD DVD Burner.lnk
2013-11-03 19:11 - 2013-11-03 19:11 - 00000831 _____ C:\Documents and Settings\Utente\Desktop\Free Easy Burner.lnk
2013-11-03 19:11 - 2013-11-03 19:11 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\FreeBurner
2013-11-03 19:11 - 2013-11-03 19:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Free Easy Burner
2013-11-03 19:11 - 2013-11-03 19:10 - 00000000 ____D C:\Programmi\Free Easy CD DVD Burner
2013-11-03 19:11 - 2012-11-12 10:50 - 00000000 ___RD C:\Documents and Settings\All Users\Documenti
2013-11-03 16:52 - 2013-08-10 22:10 - 00002051 _____ C:\WINDOWS\tabled32.ini
2013-11-03 15:46 - 2012-11-12 19:07 - 00000000 ___HD C:\Documents and Settings\Utente\Risorse di rete
2013-11-02 12:05 - 2013-11-02 12:05 - 02901262 _____ C:\Documents and Settings\All Users\Desktop\fsdiag.zip
2013-11-02 01:04 - 2013-11-02 01:04 - 00011225 _____ C:\Documents and Settings\Utente\Documenti\lista-indirizzi-TLT-con-virgole.odt
2013-11-01 12:31 - 2013-10-19 21:01 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\----------          TLT Al Jazeera
2013-11-01 00:20 - 2013-01-28 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\CanonIJPLM
2013-10-30 16:02 - 2013-10-30 09:57 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\---------     worrk area x filmato pulizie cimitero AU
2013-10-30 09:49 - 2013-10-30 09:49 - 00001734 _____ C:\Documents and Settings\Utente\Documenti\Disco 2013-10-30.MVP
2013-10-29 00:12 - 2013-02-22 22:26 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\--------------          GOOGLE MY DRIVE - source
2013-10-28 18:02 - 2013-10-28 18:00 - 01745408 _____ C:\Documents and Settings\Utente\Documenti\sentenza tar 13ott13.dot
2013-10-28 12:54 - 2013-10-28 10:42 - 00560198 _____ C:\Documents and Settings\Utente\Dati applicazioni\Scorch_Install.log
2013-10-28 12:18 - 2013-10-28 12:18 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Sibelius Software
2013-10-28 11:26 - 2013-10-28 11:26 - 00578522 _____ C:\Documents and Settings\Utente\Documenti\domio-abusi-01-.psd
2013-10-28 10:48 - 2013-10-28 10:48 - 00000000 ____D C:\Programmi\Sibelius Software
2013-10-24 22:26 - 2013-10-24 21:53 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\---          RINO copia documenti vari x lavoro x avv Pardi
2013-10-24 22:24 - 2013-03-25 23:32 - 00000000 ____D C:\Documents and Settings\Utente\Documenti\---          RINO INFORTUNIO NOVEMBRE 2011 - copia da hp)
2013-10-24 22:19 - 2012-11-16 09:57 - 00000000 ____D C:\-----     DISCO C EX COMPACT HP - 16ag12 35,7 GB
2013-10-23 23:41 - 2013-10-23 23:41 - 00015899 _____ C:\Documents and Settings\Utente\Documenti\alla casa del libro.odt
2013-10-23 09:21 - 2013-02-02 10:01 - 00002234 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-23 06:40 - 2013-10-23 06:40 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Sun

Some content of TEMP:
====================
C:\Documents and Settings\Utente\Impostazioni locali\Temp\161.03791846785137_Update.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\atl.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\BundleSweetIMSetup.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\fp_pl_pfs_installer-1.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\ICReinstall_ImageEditorSetup(1).exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\IminentSetup.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\installhelper.dll
C:\Documents and Settings\Utente\Impostazioni locali\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\Metainstaller.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\mgxfonts.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\mgxmcmp2.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MSETUP4.EXE
C:\Documents and Settings\Utente\Impostazioni locali\Temp\MybabylonTB.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\NEventMessages.dll
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nitro_reader3.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\NOSEventMessages.dll
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nsb7C.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nsl81.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nso68.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\nsv63.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\ose00000.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\propsys.dll
C:\Documents and Settings\Utente\Impostazioni locali\Temp\Quarantine.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\setup_wm.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\SkypeSetup.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\SPStub.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\SRAssetsHelper.dll
C:\Documents and Settings\Utente\Impostazioni locali\Temp\toolbar.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\unwise.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\vlc-2.0.5-win32.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\vlc-2.0.6-win32.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\vlc-2.0.7-win32.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\vlc-2.0.8-win32.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\wmaudio.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\wmf9.exe
C:\Documents and Settings\Utente\Impostazioni locali\Temp\wmpcdcs8.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-19 15:39] - [2008-04-13 19:14] - 1036288 ____A (Microsoft Corporation) 70d7f99d95615c3c278367756287db71

C:\Windows\System32\winlogon.exe
[2004-08-19 15:39] - [2008-04-13 19:14] - 0510464 ____A (Microsoft Corporation) 9259170d29b5a256735fcb8b80280857

C:\Windows\System32\svchost.exe
[2004-08-19 15:39] - [2008-04-13 19:14] - 0014336 ____A (Microsoft Corporation) bb8363abec09aa2f9b363484e282117c

C:\Windows\System32\services.exe
[2004-08-19 15:39] - [2009-02-09 12:22] - 0111104 ____A (Microsoft Corporation) 26845f272435302e0f3322e660a24f7d

C:\Windows\System32\User32.dll
[2004-08-19 15:39] - [2008-04-13 19:13] - 0579584 ____A (Microsoft Corporation) fa94696c0727bd59e517c674cd6e7c72

C:\Windows\System32\userinit.exe
[2004-08-19 15:39] - [2008-04-13 19:14] - 0026624 ____A (Microsoft Corporation) df69726907357c3add243f48902b0331

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-19 15:29] - [2008-04-13 18:49] - 0053376 ____A (Microsoft Corporation) e46c1b5a56da7da603d09dfcc79ec59e


==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by Utente at 2013-11-22 13:29:19
Running from C:\Documents and Settings\Utente\Documenti\Download
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Protezione Computer (Disabled - Up to date) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

==================== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.002)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Center 1.0 (Version: 001.000.0002)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.05) - Italiano (Version: 11.0.05)
Adobe Stock Photos 1.0 (Version: 1.0.2)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (Version: 1)
Aggiornamento della protezione per Windows Media Player  (KB2378111)
Aggiornamento della protezione per Windows Media Player  (KB2834904)
Aggiornamento della protezione per Windows Media Player  (KB2834904-v2)
Aggiornamento della protezione per Windows Media Player  (KB952069)
Aggiornamento della protezione per Windows Media Player  (KB954155)
Aggiornamento della protezione per Windows Media Player  (KB973540)
Aggiornamento della protezione per Windows Media Player  (KB975558)
Aggiornamento della protezione per Windows Media Player  (KB978695)
Aggiornamento della protezione per Windows Media Player 11  (KB954154)
Aggiornamento della protezione per Windows XP (KB2115168) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2229593) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2296011) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2347290) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2360937) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2387149) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2393802) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2419632) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2423089) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2440591) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2443105) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2478960) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2478971) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2479943) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2481109) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2483185) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2485663) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2506212) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2507938) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2508429) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2509553) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2510581) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2535512) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2536276-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2544893-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2566454) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2570947) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2584146) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2585542) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2592799) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2598479) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2603381) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2618451) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2619339) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2620712) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2624667) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2631813) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2653956) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2655992) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2659262) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2661637) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2676562) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2686509) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2691442) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2698365) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2705219-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2712808) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2719985) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2723135-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2727528) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2753842-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB2757638) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2758857) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2770660) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2780091) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2802968) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2807986) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2813170) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2813345) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2820197) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2820917) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2829361) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2829530) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2834886) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2839229) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2845187) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2847311) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2849470) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2850851) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2850869) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2859537) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2862152) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2862330) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2862335) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2864063) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2868038) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2868626) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2876217) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2876315) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2876331) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2883150) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2884256) (Version: 1)
Aggiornamento della protezione per Windows XP (KB2900986) (Version: 1)
Aggiornamento della protezione per Windows XP (KB923561) (Version: 1)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB946648) (Version: 1)
Aggiornamento della protezione per Windows XP (KB950762) (Version: 1)
Aggiornamento della protezione per Windows XP (KB950974) (Version: 1)
Aggiornamento della protezione per Windows XP (KB951376-v2) (Version: 2)
Aggiornamento della protezione per Windows XP (KB952004) (Version: 1)
Aggiornamento della protezione per Windows XP (KB952954) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956572) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956802) (Version: 1)
Aggiornamento della protezione per Windows XP (KB956844) (Version: 1)
Aggiornamento della protezione per Windows XP (KB959426) (Version: 1)
Aggiornamento della protezione per Windows XP (KB960803) (Version: 1)
Aggiornamento della protezione per Windows XP (KB960859) (Version: 1)
Aggiornamento della protezione per Windows XP (KB969059) (Version: 1)
Aggiornamento della protezione per Windows XP (KB970430) (Version: 1)
Aggiornamento della protezione per Windows XP (KB971657) (Version: 1)
Aggiornamento della protezione per Windows XP (KB972270) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973507) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973869) (Version: 1)
Aggiornamento della protezione per Windows XP (KB973904) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974112) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974318) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974392) (Version: 1)
Aggiornamento della protezione per Windows XP (KB974571) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975025) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975467) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975560) (Version: 1)
Aggiornamento della protezione per Windows XP (KB975713) (Version: 1)
Aggiornamento della protezione per Windows XP (KB977816) (Version: 1)
Aggiornamento della protezione per Windows XP (KB977914) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978338) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978542) (Version: 1)
Aggiornamento della protezione per Windows XP (KB978706) (Version: 1)
Aggiornamento della protezione per Windows XP (KB979309) (Version: 1)
Aggiornamento della protezione per Windows XP (KB979482) (Version: 1)
Aggiornamento della protezione per Windows XP (KB979687) (Version: 1)
Aggiornamento della protezione per Windows XP (KB981322) (Version: 1)
Aggiornamento della protezione per Windows XP (KB981997) (Version: 1)
Aggiornamento della protezione per Windows XP (KB982132) (Version: 1)
Aggiornamento della protezione per Windows XP (KB982665) (Version: 1)
Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
Aggiornamento per Windows Internet Explorer 8 (KB2598845) (Version: 1)
Aggiornamento per Windows XP (KB2345886) (Version: 1)
Aggiornamento per Windows XP (KB2467659) (Version: 1)
Aggiornamento per Windows XP (KB2661254-v2) (Version: 2)
Aggiornamento per Windows XP (KB2749655) (Version: 1)
Aggiornamento per Windows XP (KB2863058) (Version: 1)
Aggiornamento per Windows XP (KB898461) (Version: 1)
Aggiornamento per Windows XP (KB951978) (Version: 1)
Aggiornamento per Windows XP (KB955759) (Version: 1)
Aggiornamento per Windows XP (KB968389) (Version: 1)
Aggiornamento per Windows XP (KB971029) (Version: 1)
Aggiornamento per Windows XP (KB973815) (Version: 1)
Aggiornamento rapido per Windows Media Player 11  (KB939683)
Aggiornamento rapido per Windows XP (KB2779562) (Version: 1)
Aggiornamento rapido per Windows XP (KB952287) (Version: 1)
Aggiornamento rapido per Windows XP (KB961118) (Version: 1)
AMD Catalyst Install Manager (Version: 8.0.891.0)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.0)
aTube Catcher (Version: 2.9.1482)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG6100 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1028.1114.18274)
Catalyst Control Center Localization All (Version: 2010.1028.1114.18274)
CCC Help Chinese Standard (Version: 2010.1028.1113.18274)
CCC Help Chinese Traditional (Version: 2010.1028.1113.18274)
CCC Help Czech (Version: 2010.1028.1113.18274)
CCC Help Danish (Version: 2010.1028.1113.18274)
CCC Help Dutch (Version: 2010.1028.1113.18274)
CCC Help English (Version: 2010.1028.1113.18274)
CCC Help Finnish (Version: 2010.1028.1113.18274)
CCC Help French (Version: 2010.1028.1113.18274)
CCC Help German (Version: 2010.1028.1113.18274)
CCC Help Greek (Version: 2010.1028.1113.18274)
CCC Help Hungarian (Version: 2010.1028.1113.18274)
CCC Help Italian (Version: 2010.1028.1113.18274)
CCC Help Japanese (Version: 2010.1028.1113.18274)
CCC Help Korean (Version: 2010.1028.1113.18274)
CCC Help Norwegian (Version: 2010.1028.1113.18274)
CCC Help Polish (Version: 2010.1028.1113.18274)
CCC Help Portuguese (Version: 2010.1028.1113.18274)
CCC Help Russian (Version: 2010.1028.1113.18274)
CCC Help Spanish (Version: 2010.1028.1113.18274)
CCC Help Swedish (Version: 2010.1028.1113.18274)
CCC Help Thai (Version: 2010.1028.1113.18274)
CCC Help Turkish (Version: 2010.1028.1113.18274)
ccc-core-static (Version: 2010.1028.1114.18274)
ccc-utility (Version: 2010.1028.1114.18274)
CD-LabelPrint
Computer Security 12.71.102.0 (release) (Version: 12.71.102.0)
Connect DLC 5 Toolbar for IE (Version: 6.17.1.25)
CustomerResearchQFolder (Version: 1.00.0000)
Email Extractor (Version: 5.0)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
Free Easy Burner V 5.1 (Version: 5.1.0.0)
F-Secure CCF Reputation (Version: 1.0.25.1877)
F-Secure CCF Scanning 1.23.124.8831 (release) (Version: 1.23.124.8831)
F-Secure Network CCF 1.02.126 (Version: 1.02.126)
Google Chrome (Version: 31.0.1650.57)
Google Drive (Version: 1.12.5329.1887)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HP Color LaserJet CP1510 Series 4.0 (Version: 4.0)
HP Customer Participation Program 9.0 (Version: 9.0)
hppFonts (Version: 001.001.00061)
hppusgCP1510 (Version: 000.000.00012)
Image Converter (Version: 1.0.0)
Image Editor Packages
Image Editor Packages 53
Iminent (Version: 6.25.21.0)
IrfanView (remove only) (Version: 4.35)
iriver Music Manager (Version: 2.00.000)
iTunes (Version: 11.0.5.5)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LibreOffice 4.1.0.4 (Version: 4.1.0.4)
MAGIX 3D Maker (embeded) (Version: 6.0.0.6)
MAGIX Film su CD & DVD 6 6.0.2.3 (I) (Version: 6.0.2.3)
MAGIX Foto Manager 2008 5.0.3.355 (I) (Version: 5.0.3.355)
MAGIX Goya burnR 1.3.1.2 (I) (Version: 1.3.1.2)
MAGIX Music Manager 2007 8.1.1.100 (I) (Version: 8.1.1.100)
MAGIX Screenshare 4.3.6.1987 (I) (Version: 4.3.6.1987)
MAGIX Video deluxe 15 Plus 8.0.0.62 (I) (Version: 8.0.0.62)
MAGIX Xtreme Photo Designer 6 6.0.24.0 (I) (Version: 6.0.24.0)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (Italian) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Movavi Screen Capture Studio 4 (Version: 4.3.3)
Mozilla Firefox 25.0.1 (x86 it) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 it) (Version: 24.1.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
Mufin MusicFinder Base 1.5.3.253 (I) (Version: 1.5.3.253)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (Version: 1.32.2)
Nitro Reader 3 (Version: 3.1.1.12)
Nokia Connectivity Cable Driver (Version: 7.1.101.0)
Nokia Suite (Version: 3.7.22.0)
OmniPage Pro 12.0 (Version: 12.00.0004)
Online Safety 2.71.927.655 (Version: 2.71.927.655)
Opzione Sicurezza Internet (Version: 1.71.340.0)
Pacchetto driver Windows - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Paperless Converter version 9.07 (Version: 9.07)
Paperless Printer version 5.3.0.3 (Version: 5.3.0.3)
PC Connectivity Solution (Version: 12.0.76.0)
Product_SF_Min_QFolder (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
ReadingFanatic Toolbar
Realtek High Definition Audio Driver (Version: 5.10.0.6657)
Registrazione utente Canon MG6100 series
ScanSoft RealSpeak (Version: 12.00.0000)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (Version: 6.2.0)
Skype™ 6.10 (Version: 6.10.104)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Supporto applicazioni Apple (Version: 2.3.4)
TablEdit 2.73
Update for 2007 Microsoft Office System (KB967642)
Update for Image Editor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.8 (Version: 2.0.8)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080413.144514)

==================== Restore Points  =========================

24-08-2013 15:32:14 Punto di arresto del sistema
25-08-2013 19:55:18 Punto di arresto del sistema
27-08-2013 08:27:10 Punto di arresto del sistema
28-08-2013 11:02:25 Punto di arresto del sistema
28-08-2013 23:04:03 Software Distribution Service 3.0
30-08-2013 07:08:14 Punto di arresto del sistema
30-08-2013 22:39:06 Software Distribution Service 3.0
01-09-2013 08:09:28 Punto di arresto del sistema
02-09-2013 12:29:11 Punto di arresto del sistema
03-09-2013 13:02:24 Punto di arresto del sistema
04-09-2013 13:50:03 Punto di arresto del sistema
05-09-2013 17:37:41 Punto di arresto del sistema
06-09-2013 18:37:56 Punto di arresto del sistema
07-09-2013 19:56:49 Punto di arresto del sistema
09-09-2013 07:21:52 Punto di arresto del sistema
10-09-2013 09:36:46 Punto di arresto del sistema
10-09-2013 13:38:00 Installed iriver Music Manager
10-09-2013 13:39:35 Installed iriver Music Manager
10-09-2013 13:43:35 Installazione driver non firmato
10-09-2013 13:46:39 Software Distribution Service 3.0
10-09-2013 22:31:26 Software Distribution Service 3.0
12-09-2013 07:36:30 Punto di arresto del sistema
12-09-2013 23:12:19 Software Distribution Service 3.0
13-09-2013 22:41:50 Software Distribution Service 3.0
14-09-2013 21:40:49 Software Distribution Service 3.0
16-09-2013 07:51:54 Punto di arresto del sistema
17-09-2013 08:24:10 Punto di arresto del sistema
17-09-2013 19:59:52 Installazione driver non firmato
18-10-2013 20:05:13 Punto di arresto del sistema
18-10-2013 20:30:47 Software Distribution Service 3.0
19-10-2013 21:03:58 Punto di arresto del sistema
21-10-2013 12:12:52 Punto di arresto del sistema
22-10-2013 07:17:53 Java™ 6 Update 22 rimosso
22-10-2013 07:19:11 Java 7 Update 45 installato
23-10-2013 09:04:01 Punto di arresto del sistema
24-10-2013 11:59:02 Punto di arresto del sistema
25-10-2013 12:54:34 Punto di arresto del sistema
26-10-2013 14:15:22 Punto di arresto del sistema
27-10-2013 15:58:34 Punto di arresto del sistema
28-10-2013 09:48:21 Installed Sibelius Scorch (Firefox, Opera, Netscape, Chrome only).
29-10-2013 09:52:58 Punto di arresto del sistema
30-10-2013 10:17:38 Punto di arresto del sistema
31-10-2013 10:28:36 Punto di arresto del sistema
01-11-2013 11:00:10 Punto di arresto del sistema
02-11-2013 11:42:07 Punto di arresto del sistema
03-11-2013 11:57:49 Punto di arresto del sistema
04-11-2013 12:21:12 Punto di arresto del sistema
05-11-2013 12:45:51 Punto di arresto del sistema
05-11-2013 15:10:27 Driver della stampante Paperless Printer installato
06-11-2013 15:17:39 Punto di arresto del sistema
07-11-2013 15:57:02 Punto di arresto del sistema
08-11-2013 19:05:49 Punto di arresto del sistema
09-11-2013 19:16:29 Punto di arresto del sistema
10-11-2013 20:35:20 Punto di arresto del sistema
11-11-2013 20:47:32 Punto di arresto del sistema
12-11-2013 19:04:27 Installed Windows Media Player 11
12-11-2013 19:04:43 Software Distribution Service 3.0
12-11-2013 23:00:16 Software Distribution Service 3.0
14-11-2013 12:44:08 Punto di arresto del sistema
14-11-2013 23:47:30 Software Distribution Service 3.0
16-11-2013 08:39:23 Punto di arresto del sistema
16-11-2013 23:14:12 Software Distribution Service 3.0
18-11-2013 16:39:56 Punto di arresto del sistema
18-11-2013 23:20:53 Software Distribution Service 3.0
19-11-2013 16:59:15 Software Distribution Service 3.0
19-11-2013 18:58:58 AVG 2014 installato
19-11-2013 18:59:30 AVG 2014 installato
20-11-2013 08:53:14 Removed Qtrax Player.
20-11-2013 09:01:52 Removed MSXML 4.0 SP2 (KB954430)
20-11-2013 09:03:04 Removed MSXML 4.0 SP2 (KB973688)
21-11-2013 09:33:58 Punto di arresto del sistema
22-11-2013 09:02:36 AVG 2014 rimosso
22-11-2013 09:04:21 AVG 2014 rimosso

==================== Hosts content: ==========================

2001-08-31 13:00 - 2013-08-23 13:25 - 00000815 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 mpa.one.microsoft.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programmi\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-05 16:10 - 2011-02-17 00:09 - 00018944 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\QWrite.dll
2012-11-25 00:11 - 2008-01-16 18:46 - 00139264 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpi5k4.dll
2013-06-05 08:24 - 2013-06-05 08:24 - 00593464 _____ () C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.482.65_x-ww_a8ee95a1\QtMultimediaKit1.dll
2013-06-05 08:35 - 2012-10-18 17:43 - 00049152 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-06-05 08:35 - 2012-10-18 17:43 - 00086016 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\FSGUI\strres.eng
2013-06-05 08:35 - 2012-10-18 17:43 - 00147456 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\FSGUI\flyerres.eng
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll
2004-08-19 15:39 - 2008-04-13 19:13 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 08507384 _____ () C:\Programmi\Nokia\Nokia Suite\QtGui4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02354168 _____ () C:\Programmi\Nokia\Nokia Suite\QtCore4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01014776 _____ () C:\Programmi\Nokia\Nokia Suite\QtNetwork4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00364536 _____ () C:\Programmi\Nokia\Nokia Suite\QtXml4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02481144 _____ () C:\Programmi\Nokia\Nokia Suite\QtDeclarative4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01347064 _____ () C:\Programmi\Nokia\Nokia Suite\QtScript4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00206328 _____ () C:\Programmi\Nokia\Nokia Suite\QtSql4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02653176 _____ () C:\Programmi\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00033272 _____ () C:\Programmi\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00035832 _____ () C:\Programmi\Nokia\Nokia Suite\imageformats\qico4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00207352 _____ () C:\Programmi\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 11166712 _____ () C:\Programmi\Nokia\Nokia Suite\QtWebKit4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00276984 _____ () C:\Programmi\Nokia\Nokia Suite\phonon4.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00391600 _____ () C:\Programmi\Nokia\Nokia Suite\ssoengine.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00059280 _____ () C:\Programmi\Nokia\Nokia Suite\securestorage.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00438264 _____ () C:\Programmi\Nokia\Nokia Suite\NService.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00446456 _____ () C:\Programmi\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00520696 _____ () C:\Programmi\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00720888 _____ () C:\Programmi\Nokia\Nokia Suite\QtOpenGL4.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00606200 _____ () C:\Programmi\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00093176 _____ () C:\Programmi\Nokia\Nokia Suite\qjson.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00110080 _____ () C:\Programmi\Nokia\Nokia Suite\mediaservice\dsengine.dll
2013-06-05 08:35 - 2012-10-18 17:43 - 00038400 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-06-05 08:43 - 2013-06-05 08:43 - 00030888 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2012-11-26 12:49 - 2012-11-26 12:49 - 00216632 _____ () C:\Programmi\Opzione Sicurezza Internet\daas2.dll
2013-06-05 08:35 - 2013-10-18 20:14 - 00949184 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-06-05 08:35 - 2013-06-05 08:43 - 00213048 _____ () C:\Programmi\Opzione Sicurezza Internet\apps\ComputerSecurity\Spam Control\fsas.dll
2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-08-26 13:49 - 2010-08-26 13:49 - 00016384 ____R () C:\Programmi\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-28 10:13 - 2010-10-28 10:13 - 00270336 _____ () C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-15 21:56 - 2013-11-15 21:56 - 03363952 _____ () C:\Programmi\Mozilla Firefox\mozjs.dll
2013-10-19 12:56 - 2013-10-19 12:56 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2013 11:04:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78375

Error: (11/21/2013 11:04:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78375

Error: (11/21/2013 11:04:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2013 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

Error: (11/21/2013 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1953

Error: (11/21/2013 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2013 10:08:08 PM) (Source: Application Hang) (User: )
Description: Applicazione in stallo soffice.bin, versione 4.1.0.4, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (11/21/2013 06:47:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2013 02:22:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 641015

Error: (11/21/2013 02:22:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 641015


System errors:
=============
Error: (11/22/2013 10:30:28 AM) (Source: PlugPlayManager) (User: )
Description: La periferica Root\LEGACY_FSBL\0000 è scomparsa dal sistema senza essere stata prima preparata per la rimozione.

Error: (11/21/2013 01:53:22 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume1...ion.Private.dll

Error: (11/21/2013 08:56:38 AM) (Source: Dhcp) (User: )
Description: Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo 68A3C43997F7 è stato
negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK.

Error: (11/20/2013 09:55:55 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPC-ACER1NetBT_Tcpip_{8F4575FC-8A5B-4C67-

Error: (11/20/2013 08:59:53 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPC-ACER1NetBT_Tcpip_{8F4575FC-8A5B-4C67-

Error: (11/20/2013 05:50:14 PM) (Source: PlugPlayManager) (User: )
Description: La periferica Root\LEGACY_FSBL\0000 è scomparsa dal sistema senza essere stata prima preparata per la rimozione.

Error: (11/20/2013 04:51:02 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPC-ACER1NetBT_Tcpip_{8F4575FC-8A5B-4C67-

Error: (11/20/2013 04:23:46 PM) (Source: PlugPlayManager) (User: )
Description: La periferica Root\LEGACY_FSBL\0000 è scomparsa dal sistema senza essere stata prima preparata per la rimozione.

Error: (11/20/2013 08:17:23 AM) (Source: Service Control Manager) (User: )
Description: Servizio Wsys Service bloccato in partenza.

Error: (11/20/2013 08:15:02 AM) (Source: Dhcp) (User: )
Description: Il lease 192.168.1.2 dell'indirizzo IP della scheda di rete con indirizzo 68A3C43997F7 è stato
negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3578.82 MB
Available physical RAM: 2426.2 MB
Total Pagefile: 5461.18 MB
Available Pagefile: 4238.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.17 GB) (Free:174.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: AB28AB28)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 22 November 2013 - 09:47 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...\Run: [iLivid] - "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\iLivid\iLivid.exe" -autorun
    IMEO\Your Image File Name Here without a path: [Debugger]
    SearchScopes: HKCU - {042ECBEC-16CD-48FA-AE79-58BABCE46A31} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN27174302163369278&UM=2
    FF SelectedSearchEngine: Web Search
    FF Homepage: hxxp://static.flipora.com/websearch.html?u=21723774&t=60.0&gl=it&tv=v60
    FF Plugin: @ReadingFanatic_6x.com/Plugin - C:\Programmi\ReadingFanatic_6x\bar\1.bin\NP6xStub.dll No File
    FF SearchPlugin: C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\searchplugins\bestsocialfeed.xml
    FF SearchPlugin: C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\searchplugins\infoaxe.xml
    FF Extension: ReadingFanatic - C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\k7lmgwgx.default\Extensions\6xffxtbr@ReadingFanatic_6x.com
    FF HKLM\...\Firefox\Extensions: [6xffxtbr@ReadingFanatic_6x.com] - C:\Programmi\ReadingFanatic_6x\bar\1.bin
    CHR HKLM\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Programmi\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx
    CHR HKLM\...\Chrome\Extension: [loemjcdefhdidbjiflmobkpjohbfefee] - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\CRE\loemjcdefhdidbjiflmobkpjohbfefee.crx
    
    
    C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\iLivid
    C:\Programmi\ReadingFanatic_6x
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TLT

TLT
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 November 2013 - 02:41 PM

 
Hi Marius.
The problems have been solved!
Thank you very much for your valuable assistance and for your patience.
 
 


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 25 November 2013 - 03:21 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 06 December 2013 - 06:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users