Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » webssearch ecc. ecc.

webssearch ecc. ecc. Opzioni
Topic Precedente · Topic Sucessivo
mitico56
Inviato: Friday, April 25, 2014 11:00:55 AM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
ciao a tutti, ho appena letto la guida di R16, visto che anch'io sono stato colpito dal falso aggiornamento di java.
la mia domanda è dopo gli aggiornamenti vari dei sw elencati, posso eseguire la scansione offline?
il risultato delle scansioni posso metterle su questo topic o, devo farne uno nuovo?
un' ultima cosa, il log delle scansioni, devo metterle sul forum una alla volta o tutte assieme?
grazie!
Torna in alto
 
Sponsor
Inviato: Friday, April 25, 2014 11:00:55 AM

 
Torna in alto
 
04maopapi
Inviato: Friday, April 25, 2014 12:51:37 PM

Rank: AiutAmico

Iscritto dal : 2/25/2014
Posts: 51


punto di ripristino precedente al problema

poi adwcleanear e pulisci
Torna in alto
 
r16
Inviato: Friday, April 25, 2014 1:27:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
mitico56 ha scritto:

il risultato delle scansioni posso metterle su questo topic o, devo farne uno nuovo?
un' ultima cosa, il log delle scansioni, devo metterle sul forum una alla volta o tutte assieme?
grazie!

Ciao.
1) I risultati mettili in questo topic. (non aprirne altri)
2) Tutti assieme .
3) Dimmi se o quali problemi riscontri, dopo la procedura che hai eseguito.
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:36:34 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
allora r16,
il problema è stato risolto già dopo la scansione con adwcleaner ma, giusto per fare le cose come si deve ho fatto tutto come scritto su manuale.
il problema è risaputo, pagine iniziali con webssearch, oppure avg nation search o, alrti che non ricordo il nome. tra l'altro questi citati me li ritrovo nei motori di riverca. (come posso eliminarli?)
nella cartella quarantena di Malwarebytes Anti-Malware, posso eliminare tutti i files che ho trovato?
ancora OTL mi ha dato solo un log e, non 2 due come è descritto sul manuale...
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:47:05 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2014.04.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Mauro :: MAURO-PC [amministratore]

25/04/2014 11:04:11
mbam-log-2014-04-25 (11-04-11).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 523533
Tempo impiegato: 1 ore, 19 minuti, 8 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentApp.dll.vir (PUP.Optional.Iminent) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentEng.dll.vir (PUP.Optional.Iminent) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentsrv.exe.vir (PUP.Optional.Iminent) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll.vir (PUP.Optional.Iminent) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll.vir (PUP.Optional.Iminent) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.vir (PUP.Optional.PutLockerDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Mauro\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip (PUP.Optional.NextLive.A) -> Spostato in quarantena ed eliminato con successo.

(fine)
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:47:54 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
# AdwCleaner v3.202 - Rapporto creato 25/04/2014 in 12:49:08
# Aggiornato 23/04/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Mauro - MAURO-PC
# In esecuzioen da : C:\Users\Mauro\Desktop\ANTIVIRUS\rimuovi pubblicità\adwcleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

[#] Servizio Eliminato : 70e6ca8c

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\WPM
Cartella Eliminato : C:\Program Files (x86)\MediaPlayerV1
Cartella Eliminato : C:\Program Files (x86)\MediaViewV1
Cartella Eliminato : C:\Program Files (x86)\MediaViewerV1
Cartella Eliminato : C:\Program Files (x86)\MediaWatchV1
Cartella Eliminato : C:\Users\Mauro\.android
Cartella Eliminato : C:\Users\Mauro\AppData\Local\genienext
Cartella Eliminato : C:\Users\Mauro\AppData\Local\Mobogenie
Cartella Eliminato : C:\Users\Mauro\AppData\Local\SwvUpdater
Cartella Eliminato : C:\Users\Mauro\AppData\Roaming\VOPackage
Cartella Eliminato : C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Cartella Eliminato : C:\Users\Mauro\Documents\Mobogenie
File Eliminato : C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\dwtal0c5.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
File Eliminato : C:\Users\Mauro\daemonprocess.txt
File Eliminato : C:\Users\Mauro\Desktop\Continue VuuPC Installation.lnk
File Eliminato : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Collegamenti ] *****

Collegamento Disinfetatti : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Collegamento Disinfetatti : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Collegamento Disinfetatti : C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Collegamento Disinfetatti : C:\Users\Mauro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Collegamento Disinfetatti : C:\Users\Mauro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Users\Mauro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902212}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906612}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902212}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906612}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKCU\Software\installedbrowserextensions
Chiave Eliminati : HKCU\Software\smarttweak
Chiave Eliminati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chiave Eliminati : HKLM\Software\MediaViewV1
Chiave Eliminati : HKLM\Software\MediaViewerV1
Chiave Eliminati : HKLM\Software\MediaWatchV1
Chiave Eliminati : HKLM\Software\supTab
Chiave Eliminati : HKLM\Software\supWPM
Chiave Eliminati : HKLM\Software\Vittalia
Chiave Eliminati : HKLM\Software\Wpm
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Dato Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Dato Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (it)

[ File : C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\dwtal0c5.default\prefs.js ]

Riga eliminata : user_pref("extensions.crossrider.bic", "143e05d9ac77b2dae9735ecdaa002821");

*************************

AdwCleaner[R0].txt - [30385 octets] - [10/01/2014 23:33:14]
AdwCleaner[R1].txt - [896 octets] - [10/01/2014 23:40:51]
AdwCleaner[R2].txt - [3961 octets] - [12/01/2014 01:40:28]
AdwCleaner[R3].txt - [6980 octets] - [25/04/2014 12:47:29]
AdwCleaner[S0].txt - [30532 octets] - [10/01/2014 23:35:04]
AdwCleaner[S1].txt - [3119 octets] - [12/01/2014 01:41:22]
AdwCleaner[S2].txt - [5654 octets] - [25/04/2014 12:49:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5714 octets] ##########
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:48:46 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mauro on 25/04/2014 at 12:55:39,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85A622AA-8A27-4632-8136-A6B14AE1E418}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{91004499-7A36-43CE-A342-598DCD0F2935}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CEE11034-AC16-4A25-81A5-338316D1BDC6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mauro\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Mauro\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ FireFox

Emptied folder: C:\Users\Mauro\AppData\Roaming\mozilla\firefox\profiles\dwtal0c5.default\minidumps [83 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/04/2014 at 13:04:40,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:49:37 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
OTL logfile created on: 25/04/2014 13:10:14 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mauro\Desktop\ANTIVIRUS\rimuovi pubblicità
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,19% Memory free
7,93 Gb Paging File | 5,70 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,71 Gb Total Space | 318,22 Gb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive D: | 12,86 Gb Total Space | 2,12 Gb Free Space | 16,46% Space Free | Partition Type: NTFS

Computer Name: MAURO-PC | User Name: Mauro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Mauro\Desktop\ANTIVIRUS\rimuovi pubblicità\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programmi\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~4\Office12\OUTLCTL.DLL ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.)
SRV - (btwdins) -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MAUSBFASTTRACK) -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys (Avid Technology, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = http://go.findrsearch.com/search/web?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{91004499-7A36-43CE-A342-598DCD0F2935}: "URL" = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE:64bit: - HKLM\..\SearchScopes\{CEE11034-AC16-4A25-81A5-338316D1BDC6}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE:64bit: - HKLM\..\SearchScopes\{EF367816-6349-4E6E-A6FD-EFFB30A2331D}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EF367816-6349-4E6E-A6FD-EFFB30A2331D}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/"
FF - prefs.js..extensions.enabledAddons: renrenphotozoom%40snowind.org:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/24 21:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{43197567-e651-4b4a-85be-9700454c88b6}: C:\Program Files (x86)\Re-markit\150.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/24 21:40:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/27 19:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mauro\AppData\Roaming\mozilla\Extensions
[2014/04/25 12:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mauro\AppData\Roaming\mozilla\Firefox\Profiles\dwtal0c5.default\extensions
[2013/08/10 19:26:13 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Mauro\AppData\Roaming\mozilla\Firefox\Profiles\dwtal0c5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2013/03/08 00:35:38 | 000,026,872 | ---- | M] () (No name found) -- C:\Users\Mauro\AppData\Roaming\mozilla\firefox\profiles\dwtal0c5.default\extensions\renrenphotozoom@snowind.org.xpi
[2014/04/18 23:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/04/18 23:36:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/06 02:07:36 | 000,450,639 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Feven 2.2) - {11111111-1111-1111-1111-110411901112} - C:\Program Files (x86)\Feven 2.2\Feven 2.2-bho64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer_it.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000..\Run: [uTorrent] C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3503085612-177643984-3292543762-1000\..Trusted Domains: samsungsetup.com ([www] http in Siti attendibili)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C128D75-0649-4965-AAC1-C995581C3717}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/05 01:05:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2014/04/25 10:36:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/25 01:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Mauro\AppData\Local\EmieUserList
[2014/04/25 01:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Mauro\AppData\Local\EmieSiteList
[2014/04/25 00:12:37 | 000,000,000 | ---D | C] -- C:\Users\Mauro\AppData\Local\Thinstall
[2014/04/24 23:24:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/24 23:24:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/24 23:24:12 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/24 23:24:09 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/24 23:24:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/24 23:24:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/24 23:24:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/24 23:24:07 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/24 23:24:07 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/24 23:24:07 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/24 23:24:07 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/24 23:24:07 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/24 23:24:07 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/24 23:24:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/24 23:24:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/24 23:24:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/24 23:24:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/24 23:24:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/24 23:24:06 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/24 23:24:04 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/24 23:24:04 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/24 23:24:04 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/24 23:24:04 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/24 23:24:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/24 23:24:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/24 23:24:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/24 23:24:02 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/24 23:24:02 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/24 23:24:00 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/24 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/24 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/24 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/24 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/24 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/24 21:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/04/24 21:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/04/24 21:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0414b
[2014/04/19 22:03:59 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\m3
[2014/04/18 23:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/18 23:01:19 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\smarth
[2014/04/18 22:30:08 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/18 22:30:08 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/18 22:30:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/18 22:30:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/18 22:27:18 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/18 22:27:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/18 22:27:18 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/18 22:27:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/18 22:27:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/18 22:27:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/18 22:27:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/18 22:27:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/18 22:27:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/18 22:27:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/18 22:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\athos
[2014/04/18 22:16:34 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/18 22:16:28 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/18 22:16:28 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/18 22:16:28 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/18 22:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/27 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\files trasparenti
[2014/03/26 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Mauro\AppData\Local\AVG
[2014/03/22 18:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mauro\AppData\Roaming\AVG
[2014/03/22 18:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/03/22 18:16:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/22 18:02:54 | 078,353,832 | ---- | C] (AVG) -- C:\Users\Mauro\Desktop\avg_tuh_stf_all_2014_295_24c28.exe
[2014/03/22 17:49:14 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\modiano
[2014/03/22 01:50:22 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/22 01:50:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/22 01:45:15 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/22 01:45:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/22 01:41:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/20 15:50:52 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/11 22:07:42 | 004,550,656 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/02/24 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\Mauro\Desktop\Images
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2014/04/25 13:04:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/25 12:59:29 | 001,689,636 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/25 12:59:29 | 000,744,530 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/04/25 12:59:29 | 000,657,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/25 12:59:29 | 000,148,672 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/04/25 12:59:29 | 000,123,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/25 12:58:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/25 12:58:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/25 12:51:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/25 12:51:23 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/25 12:49:19 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/24 23:37:20 | 000,067,973 | ---- | M] () -- C:\Users\Mauro\Desktop\$(KGrHqJ,!roFBBvR5-LBBQkOOojZrw~~60_57.JPG
[2014/04/24 23:16:43 | 000,040,428 | ---- | M] () -- C:\Users\Mauro\Desktop\honda_dn_01_base_usata_99020035750588884.jpg
[2014/04/24 23:04:56 | 000,163,217 | ---- | M] () -- C:\Users\Mauro\Desktop\$_57.JPG
[2014/04/24 21:50:55 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/24 21:40:07 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/04/23 22:59:19 | 000,129,664 | ---- | M] () -- C:\Users\Mauro\Desktop\1.cpr
[2014/04/23 22:49:16 | 001,661,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 14:07:51 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/19 14:07:51 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/03/26 13:49:11 | 000,000,270 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/22 18:16:04 | 078,353,832 | ---- | M] (AVG) -- C:\Users\Mauro\Desktop\avg_tuh_stf_all_2014_295_24c28.exe
[2014/03/22 17:41:15 | 000,470,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/20 15:50:52 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/11 22:07:42 | 004,550,656 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/03/06 11:31:33 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/06 10:59:04 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/06 10:57:34 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/03/06 10:57:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/06 10:39:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/06 10:32:38 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/06 10:29:40 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/06 10:28:15 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/06 10:15:54 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/06 10:11:41 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/06 10:09:51 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/03/06 10:03:58 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/06 10:02:34 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/06 10:01:01 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/06 09:56:43 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/03/06 09:48:35 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/06 09:45:39 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/06 09:42:24 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/03/06 09:40:32 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/06 09:38:13 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/06 09:36:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/06 09:21:40 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/06 09:13:43 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/03/06 09:11:15 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/06 09:07:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/06 08:40:39 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/06 07:50:22 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/06 07:43:59 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/04 11:44:21 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/03/04 11:44:21 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/03/04 11:44:21 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/03/04 11:44:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/03/04 11:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/03/04 11:17:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/03/04 11:16:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/03/04 11:16:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/03/04 10:09:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/03/04 10:09:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/24 23:37:19 | 000,067,973 | ---- | C] () -- C:\Users\Mauro\Desktop\$(KGrHqJ,!roFBBvR5-LBBQkOOojZrw~~60_57.JPG
[2014/04/24 23:16:43 | 000,040,428 | ---- | C] () -- C:\Users\Mauro\Desktop\honda_dn_01_base_usata_99020035750588884.jpg
[2014/04/24 23:04:56 | 000,163,217 | ---- | C] () -- C:\Users\Mauro\Desktop\$_57.JPG
[2014/04/24 21:50:55 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/24 21:40:07 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/19 22:42:33 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/22 18:21:52 | 003,535,842 | ---- | C] () -- C:\Users\Mauro\DN01.pdf
[2013/12/06 03:47:13 | 000,003,501 | ---- | C] () -- C:\Windows\wininit.ini
[2013/12/06 01:24:13 | 000,036,862 | ---- | C] () -- C:\Users\Mauro\A
[2013/09/29 11:17:52 | 000,001,704 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxnation-secure-search.xml
[2013/07/23 23:56:42 | 000,008,704 | ---- | C] () -- C:\Users\Mauro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/20 22:26:03 | 000,154,691 | ---- | C] () -- C:\Users\Mauro\osmand plugin.JPG
[2013/06/17 10:17:54 | 000,000,374 | ---- | C] () -- C:\Users\Mauro\AppData\Roaming\wklnhst.dat
[2013/06/09 23:17:31 | 000,001,482 | ---- | C] () -- C:\Users\Mauro\AppData\Local\recently-used.xbel
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/05/17 22:10:41 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/05/09 22:09:41 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/03/20 23:59:12 | 001,689,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/06 23:44:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/03/06 01:32:40 | 000,077,739 | ---- | C] () -- C:\Users\Mauro\pass dn01.JPG
[2013/03/03 03:15:59 | 000,049,683 | ---- | C] () -- C:\Users\Mauro\AppData\Local\tmpMOTO_HONDA_DN01_1.JPG

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/07 23:15:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/07 23:15:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/03/22 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\AVG
[2013/02/27 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\AVG2013
[2013/02/28 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/28 00:20:50 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Convivea
[2013/12/03 23:42:44 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\do-search
[2014/01/17 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\DVDVideoSoft
[2013/08/11 23:06:39 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\GrabPro
[2013/12/05 03:04:01 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Internet Download Accelerator
[2013/11/04 01:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\MAGIX
[2013/06/07 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Maize Sampler Player
[2013/06/17 00:40:55 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\MusicNet
[2013/08/12 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Orbit
[2013/02/27 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\proDAD
[2013/08/11 23:06:43 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\ProgSense
[2014/01/18 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Samsung
[2014/01/18 01:37:10 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Steinberg
[2013/02/27 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\TeamViewer
[2013/06/17 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\Template
[2013/02/27 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\TuneUp Software
[2014/04/25 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\uTorrent
[2013/11/02 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\VST3 Presets
[2013/12/01 00:47:28 | 000,000,000 | ---D | M] -- C:\Users\Mauro\AppData\Roaming\xrecode2

========== Purity Check ==========



< End of report >
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 4:51:32 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
mi deovete scusare ma non sono riuscito a fare la procedura di wiki send. va bene ugualmente???
Grazie!!!
Torna in alto
 
mitico56
Inviato: Friday, April 25, 2014 11:01:25 PM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
ho parlato troppo presto...
come potete vedere dall'imagine, ho risolto la pagina iniziale ma, quando apro una nuova pagina ecco che mi si apre avg navigation....
come posso fare per eliminarlo???

caricare immagini
Torna in alto
 
04maopapi
Inviato: Friday, April 25, 2014 11:28:54 PM

Rank: AiutAmico

Iscritto dal : 2/25/2014
Posts: 51
se facevi come ti dicevo prima, avevi già risolto

incomincia a solo a scaricare e non fare nulla
scarica questo
http://punto-informatico.it/s_3740543/Download/News/avast-browser-cleanup.aspx
POI
distaccati dal net entra in modalità provvisoria e passaci di nuovo adwcleanear .... spegni e riaccendi normalmente ( no net )
fai pulizia con ccleanear
e fai la scansione con avast-browser-cleanup ( come amministratore )
cancella tutto e dovresti aver risolto tutto


QUANDO TUTTO è A POSTO FATTI UNA IMMAGINE DEL DISCO ! E TI ELIMINI QUESTI CASINI per sempre :o)))
Torna in alto
 
mitico56
Inviato: Saturday, April 26, 2014 12:00:30 AM

Rank: AiutAmico

Iscritto dal : 10/13/2006
Posts: 621
04maopapi ha scritto:
se facevi come ti dicevo prima, avevi già risolto

incomincia a solo a scaricare e non fare nulla
scarica questo
http://punto-informatico.it/s_3740543/Download/News/avast-browser-cleanup.aspx
POI
distaccati dal net entra in modalità provvisoria e passaci di nuovo adwcleanear .... spegni e riaccendi normalmente ( no net )
fai pulizia con ccleanear
e fai la scansione con avast-browser-cleanup ( come amministratore )
cancella tutto e dovresti aver risolto tutto


QUANDO TUTTO è A POSTO FATTI UNA IMMAGINE DEL DISCO ! E TI ELIMINI QUESTI CASINI per sempre :o)))

ok. vedrò di fare come dici, anche se alcune cose non mi sono chiare ma, quelle te le chiederò man mano che faccio i passi che mi hai indicato, grazie!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » webssearch ecc. ecc.


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.