Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » AVG security Toolbar

AVG security Toolbar Opzioni
Topic Precedente · Topic Sucessivo
patton
Inviato: Tuesday, February 19, 2013 5:24:53 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
so win 7
Non riesco a liberarmi della toolbar AVG Security.Chiedo un aiuto per risolvere il problema.
Vi Allego il log di HijackThis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:17:18, on 18/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Rim.DesktopHelper.exe] "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.redshift.maris.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFF2772-B973-42E8-96AD-0627B6F96425}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA7AA67-1238-429D-B2D0-DC15B899E155}: NameServer = 62.13.173.92 62.13.173.93
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Servizio Volume Shadow Copy (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Chiavetta Internet E353 21.6. OUC (Chiavetta Internet E353 21.6. RunOuc) - Unknown owner - C:\Program Files\Chiavetta Internet E353 21.6\UpdateDog\ouc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

--
End of file - 9499 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, February 19, 2013 5:24:53 AM

 
Torna in alto
 
shapiro
Inviato: Tuesday, February 19, 2013 8:39:44 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
Torna in alto
 
patton
Inviato: Tuesday, February 19, 2013 2:33:16 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
ecco i due log

OTL Extras logfile created on: 19/02/2013 08:17:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Download Remoto
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,17% Memory free
3,98 Gb Paging File | 2,16 Gb Available in Paging File | 54,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 236,49 Gb Free Space | 79,36% Space Free | Partition Type: NTFS
Drive D: | 3,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 111,76 Gb Total Space | 47,54 Gb Free Space | 42,53% Space Free | Partition Type: FAT32
Drive G: | 7,46 Gb Total Space | 6,57 Gb Free Space | 88,00% Space Free | Partition Type: FAT32
Drive J: | 30,07 Gb Total Space | 23,96 Gb Free Space | 79,70% Space Free | Partition Type: FAT32

Computer Name: UTENTE-PC | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096367C4-C97B-4C5F-A4DA-6E0281C0ECC5}" = lport=139 | protocol=6 | dir=in | app=system |
"{144D042B-5471-4101-BB5D-762389113048}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1C830492-4646-413A-8F00-E389232E8050}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20FDF882-BE66-40D8-AF10-451DEC298683}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{25A7C8A9-7BF5-4DD0-8847-1ECC4EEA809B}" = rport=137 | protocol=17 | dir=out | app=system |
"{386BC61B-E4BD-4608-8D98-EC5768D4A740}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{3EEDE98B-B9DB-411A-8461-5541F0CECBD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F926320-B0BD-4364-853A-705404F1C5DF}" = rport=445 | protocol=6 | dir=out | app=system |
"{436153F2-DBFD-4248-9660-E07B1E92AF64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{464297D1-9A1D-401C-9A1E-6E648F01D2A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E41FDFC-93A3-48C4-A075-EB654CD10C34}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{566D6420-C091-4062-89CE-E47ACE2F480F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A8847A0-6B97-4F1F-BED0-E3F08F299F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69EFEB16-550D-43FF-A382-536D57EF0A00}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D7AAA99-86E7-400F-9881-D48D863021C6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{958BA874-518F-4F09-BEC3-06C0BF0ED9B6}" = lport=138 | protocol=17 | dir=in | app=system |
"{A287B3A6-B32C-4F43-81F4-217AE750F21C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A492E1D7-B3ED-46D1-9BA0-46FB88E94234}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C3C8D8FA-98A1-4EED-8466-1D4FB2D146E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C51515C7-E679-4315-B237-EEC85041DA31}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7F26136-3618-46BA-A141-FC349243E1F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9094C8E-FF23-4748-9909-ED1CCC0B2A1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA09C3DC-0032-4261-AD62-99D6A27CB2CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D314F680-32D0-4DE5-AA7C-0DD7143881E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4F8AB62-707A-4CEA-82B6-AC3D99ABA12C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA23F21C-9167-43AE-A3B2-36537F230A07}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB537B8A-C63C-4C4A-80AB-EF8C0AC293BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1CD6B8A-8E52-4F7E-AD2F-2FAAEED72B93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F29A8F60-9A2F-4614-BB5B-A9523A4736A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FE9744BB-735A-4166-B04D-01A15CAED80E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0930D357-4A63-4639-8ED0-8371BF2BAC3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E37A575-71C4-4958-BA58-B784A3C33FAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14026628-91F7-4626-B615-2E3A3C2575C7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15886C02-ED89-4759-A338-9ED9D5447D0C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2272A159-4DEE-42E4-92F5-A0941E7EE958}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{252E87D2-6C65-49CD-B041-F5EF9D16FE61}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{28F19891-574B-432E-AC74-8AA35E820E70}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{36C564F3-7C0A-4D09-BD03-EA877AFF1F48}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{39806DBB-620C-4526-8C04-FD12995DE330}" = dir=out | app=c:\program files\misurainternetspeedtest\dist\mist.exe |
"{39BF2F82-AAF1-48E8-8FCA-0808939D131C}" = protocol=6 | dir=in | app=c:\program files\misurainternetspeedtest\dist\mist.exe |
"{3C455C3B-5DF0-4BBC-9AD0-7DD9C3EE01FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C5CB3DA-FB29-4A0F-9B36-0ECFA5B680A4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{44C9D702-04E7-4D91-A1FE-1B976206693D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4521E79D-68CB-4FC7-820A-B4F0D4911D74}" = protocol=17 | dir=in | app=c:\program files\misurainternetspeedtest\dist\mist.exe |
"{4E08F74E-B2A5-4EF1-889F-FFC6CB180B8B}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{4FD1BC9D-4FDC-491F-8992-68174E08E02E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52F9E710-0003-4C94-B723-89DB586B667A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{57FD3159-2A45-4F53-B006-42091D7B5198}" = protocol=17 | dir=in | app=c:\program files\misurainternetspeedtest\dist\mist.exe |
"{6A718242-3C86-46C2-B475-304F3C849E0A}" = protocol=6 | dir=out | app=system |
"{70146A8F-D57B-4279-8ADB-C66BF590C3FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{72B3C62B-A31E-45F0-BF54-7A51BE30D807}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{752C5B7B-AFE9-46FB-92F0-5487507709D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75BB8239-C4A8-44BE-8EB8-79848BA52C6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85A9385F-96DB-4AA3-B6D1-1DD5D1F654BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90DA9858-A43A-4EFC-A830-F8DC02681AD4}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{91E43359-9C94-4AA3-BCF7-2F2356306468}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{95814FEC-781F-4E10-9034-50522C279CF8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{9DCC383E-E7A8-4E87-869A-A9960606B872}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E253733-71FA-498E-8284-50BC94992BF6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B24D997F-20AF-4EAC-B7BF-AB13176602A3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B88B2C4D-3278-46E9-9C63-5FCD43BCA76A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BBA89E8B-ECE8-4CFE-AEED-BE93935DD402}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BEB231DD-2D9B-4C70-A8CB-C337C2CDAF28}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{C077DAE9-576E-4289-968E-189AFA749831}" = protocol=6 | dir=in | app=c:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe |
"{C4997946-1B8C-4171-858F-BD21271CD296}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C50A00D0-6063-4E23-86FC-DC049DEA2878}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C7A5C9BB-935C-41E5-A5F0-E8E0077C227E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAC40E55-F130-4D0B-B444-62D11CCF7B82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE817D6B-55F4-4D0D-9ECB-937AA64CC1FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D291A19A-689A-4F90-8946-D2CD4E1484C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D50C1988-8C80-412A-9125-8EBFF5C8DBC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7AFFB5E-4580-448A-86A2-954B2C7F02FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E704DF3E-F156-4EDD-AC9B-CD2A036F5772}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{EB870497-2BE7-430F-ACC1-13ABCE631C12}" = protocol=6 | dir=in | app=c:\program files\misurainternetspeedtest\dist\mist.exe |
"{ECB07AE1-6E43-4E66-AE4E-9315C6FBA9BB}" = protocol=17 | dir=in | app=c:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED035CC4-CFAB-4AB7-92BB-A2CE62C0A0A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF6629FE-C2AF-44B7-9B21-961FCAA04E3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1E7D32E6-7AF0-45D2-A256-42FD47AA0979}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{A6F40974-0C71-45D2-8454-0B580DBF702E}C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FDDD2958-9557-4D95-964D-EA51401CE125}C:\program files\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktophelper.exe |
"UDP Query User{1DE7B9C1-E7E7-413B-9D37-A5E2B5270BF9}F:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{95CFEC66-71EE-4EB7-84B4-917C1CACF521}C:\program files\research in motion\blackberry desktop\rim.desktophelper.exe" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktophelper.exe |
"UDP Query User{DA844F6E-C067-444B-A42D-4711D9B3B5F9}C:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\utente\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28D9739C-09D6-4761-9B41-5CB3ADEA4369}" = LibreOffice 3.6 Help Pack (Italian)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47AB8413-346A-4745-BC24-8520877313C1}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4E489FCF-FCE5-4347-A71E-3C5767832C95}" = HPLaserJetHelp_LearnCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client IT-IT Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{638b91e2-b5ee-49f3-8348-be72f2d65d13}" = IBM Lotus Symphony
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{6FB8135C-FF1B-4772-BFA7-197F75A75AB5}" = Microsoft Money 2006 System Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7462E859-C453-4E08-BE0D-7D5E13E4CD1F}" = Microsoft Antimalware Service IT-IT Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97E22DDC-203F-48DA-98CF-9BD16DFB0B98}" = RedShift 6 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A5A725A2-442A-455C-B1F7-027857C7DEB7}" = BlackBerry App World Browser Plugin
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Italiano
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C9FFC925-E27E-436E-A2DF-652324D51040}" = Nero 8 Ultra Edition HD
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Supporto applicazioni Apple
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.35
"{EA9A4A23-0306-4FDC-9D08-8C6F527DD824}" = Macrium Reflect Free Edition
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series
"{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"aignesamdeadlink_is1" = AM-DeadLink 4.5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Blender" = Blender
"BlueSprig_JetClean_is1" = JetClean
"CCleaner" = CCleaner
"Chiavetta Internet E353 21.6" = Chiavetta Internet E353 21.6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_152D0755" = Soft Data Fax Modem with SmartCP
"CobBackup11" = Cobian Backup 11 Gravity
"Defraggler" = Defraggler
"EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.7
"FBackup 4_is1" = FBackup 4
"FormatFactory" = FormatFactory 3.0.1
"Free Studio_is1" = Free Studio version 5.8.0.1201
"Free Window Registry Repair" = Free Window Registry Repair
"Freemake Video Converter_is1" = Freemake Video Converter versione 3.2.1
"Gadwin PrintScreen" = Gadwin PrintScreen
"GIMP-2_is1" = GIMP 2.8.0
"Glary Utilities_is1" = Glary Utilities 2.53.0.1726
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft Security Client" = Microsoft Security Essentials
"MisuraInternet Speed Test_is1" = MisuraInternet Speed Test 1.1.0
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 18.0.2 (x86 it)" = Mozilla Firefox 18.0.2 (x86 it)
"Mozilla Thunderbird 17.0.2 (x86 it)" = Mozilla Thunderbird 17.0.2 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.12.1707" = Opera 12.12
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"PhotoScape" = PhotoScape
"PicPick" = PicPick
"Qlock" = Qlock Pro
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.94
"SeaMonkey 2.15.2 (x86 it)" = SeaMonkey 2.15.2 (x86 it)
"Smart Defrag 2_is1" = Smart Defrag 2
"Songr" = Songr
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Stellarium_is1" = Stellarium 0.11.3
"SumatraPDF" = SumatraPDF
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.5
"WinFF_is1" = WinFF 1.4.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"XnView_is1" = XnView 1.99.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2012 07:39:42 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 14/10/2012 07:39:42 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 14/10/2012 07:39:42 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 14/10/2012 07:39:42 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 14/10/2012 07:39:43 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/10/2012 07:39:47 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/10/2012 07:39:47 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 14/10/2012 07:39:47 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 14/10/2012 07:39:47 | Computer Name = Utente-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 15/10/2012 13:49:03 | Computer Name = Utente-PC | Source = Application Hang | ID = 1002
Description = Il programma firefox.exe versione 16.0.1.4666 non interagisce più
con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: d28 Ora di avvio: 01cdaafc201ca023 Ora di chiusura: 16 Percorso
applicazione: C:\Program Files\Mozilla Firefox\firefox.exe ID segnalazione: 92f0aa8d-16f0-11e2-b2f4-0011e2fcf485


[ Cobian Backup Gravity VSC Requester Events ]
Error - 13/05/2012 15:55:10 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The requested object does not exist.

Error - 17/07/2012 15:55:07 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The requested object does not exist.

Error - 24/07/2012 15:55:10 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The requested object does not exist.

Error - 03/08/2012 15:55:10 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The requested object does not exist.

Error - 07/12/2012 16:55:09 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The requested object does not exist.

Error - 07/12/2012 17:51:48 | Computer Name = Utente-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = Riferimento a un oggetto non impostato su un'istanza di oggetto.

[ Media Center Events ]
Error - 19/05/2012 17:24:34 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 23:24:34 - Errore di connessione a Internet. 23:24:34 - Impossibile
contattare il server..

Error - 19/05/2012 17:24:46 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 23:24:40 - Errore di connessione a Internet. 23:24:40 - Impossibile
contattare il server..

Error - 22/05/2012 11:01:58 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 17:01:58 - Errore di connessione a Internet. 17:01:58 - Impossibile
contattare il server..

Error - 22/05/2012 11:02:09 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 17:02:03 - Errore di connessione a Internet. 17:02:03 - Impossibile
contattare il server..

Error - 18/06/2012 10:49:46 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 16:49:46 - Errore di connessione a Internet. 16:49:46 - Impossibile
contattare il server..

Error - 18/06/2012 10:50:01 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 16:49:51 - Errore di connessione a Internet. 16:49:51 - Impossibile
contattare il server..

Error - 20/06/2012 10:10:50 | Computer Name = Utente-PC | Source = MCUpdate | ID = 0
Description = 16:10:50 - Errore di connessione a Internet. 16:10:50 - Impossibile
contattare il server..

[ OSession Events ]
Error - 01/09/2012 03:38:21 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 596
seconds with 540 seconds of active time. This session ended with a crash.

Error - 03/11/2012 06:59:46 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 109
seconds with 60 seconds of active time. This session ended with a crash.

Error - 03/11/2012 07:00:14 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/11/2012 16:58:00 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1116
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/11/2012 10:01:41 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1894
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 12/11/2012 10:02:04 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/01/2013 03:54:42 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1370
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 10/01/2013 08:05:11 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 805
seconds with 780 seconds of active time. This session ended with a crash.

Error - 10/01/2013 08:10:36 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 304
seconds with 60 seconds of active time. This session ended with a crash.

Error - 05/02/2013 09:55:06 | Computer Name = Utente-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 260
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/02/2013 21:59:16 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet E353 21.6. OUC.

Error - 17/02/2013 21:59:16 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet E353 21.6. OUC non è stato avviato
per il seguente errore: %%1053

Error - 18/02/2013 08:38:12 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet E353 21.6. OUC.

Error - 18/02/2013 08:38:12 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet E353 21.6. OUC non è stato avviato
per il seguente errore: %%1053

Error - 18/02/2013 08:38:43 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio HP LaserJet Service.

Error - 18/02/2013 08:38:43 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio HP LaserJet Service non è stato avviato per il seguente
errore: %%1053

Error - 18/02/2013 22:31:44 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet E353 21.6. OUC.

Error - 18/02/2013 22:31:44 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet E353 21.6. OUC non è stato avviato
per il seguente errore: %%1053

Error - 19/02/2013 08:28:44 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet E353 21.6. OUC.

Error - 19/02/2013 08:28:44 | Computer Name = Utente-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet E353 21.6. OUC non è stato avviato
per il seguente errore: %%1053


< End of report >
Torna in alto
 
patton
Inviato: Tuesday, February 19, 2013 2:36:55 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
OTL logfile created on: 19/02/2013 08:17:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Download Remoto
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,17% Memory free
3,98 Gb Paging File | 2,16 Gb Available in Paging File | 54,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 236,49 Gb Free Space | 79,36% Space Free | Partition Type: NTFS
Drive D: | 3,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 111,76 Gb Total Space | 47,54 Gb Free Space | 42,53% Space Free | Partition Type: FAT32
Drive G: | 7,46 Gb Total Space | 6,57 Gb Free Space | 88,00% Space Free | Partition Type: FAT32
Drive J: | 30,07 Gb Total Space | 23,96 Gb Free Space | 79,70% Space Free | Partition Type: FAT32

Computer Name: UTENTE-PC | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - E:\Download Remoto\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe (Research In Motion)
PRC - C:\Program Files\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\ProgramData\Chiavetta Internet E353 21.6\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\Qlock\qlock.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files\Qlock\qlock.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater14.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cbVSCService11) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Chiavetta Internet E353 21.6. RunOuc) -- C:\Program Files\Chiavetta Internet E353 21.6\UpdateDog\ouc.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MpKsl82bba66e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82DD7113-64F8-4701-BCEF-13FFB6774E70}\MpKsl82bba66e.sys (Microsoft Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys (IObit.com)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (huawei_wwanecm) -- C:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys (IObit)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (HPFXBULKLEDM) -- C:\Windows\System32\drivers\hppcbulkio.sys (Hewlett Packard)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 66 5D 4B 0E 09 CD 01 [binary data]
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - No CLSID value found
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\SearchScopes\{0493ED0E-2F44-487E-9479-1F25E06AEA9D}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=6046cb260000000000000011e2fcf485
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..\SearchScopes\{EFFEAADF-532F-4F9E-9EAA-571080AB8A8D}: "URL" = http://www.bing.com/search?FORM=UP30DF&PC=UP30&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=2&CUI=SB_CUI&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/01/11 15:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/04 03:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 22:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 07:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.15.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2013/02/06 07:56:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 15:37:51 | 000,000,000 | ---D | M]

[2012/04/02 15:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions
[2012/04/02 15:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013/01/11 04:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\pw4lsdkf.default\extensions
[2013/01/11 04:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\SeaMonkey\Profiles\9tihczen.default\extensions
[2012/10/11 02:52:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Utente\AppData\Roaming\mozilla\SeaMonkey\Profiles\9tihczen.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/13 08:04:14 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Utente\AppData\Roaming\mozilla\SeaMonkey\Profiles\9tihczen.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2012/12/21 08:48:36 | 000,002,402 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\pw4lsdkf.default\searchplugins\bingp.xml
[2012/06/08 14:35:20 | 000,005,310 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\pw4lsdkf.default\searchplugins\footiefox.xml
[2013/01/11 04:16:03 | 000,001,050 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\pw4lsdkf.default\searchplugins\myashampoo-customized-web-search.xml
[2013/02/13 21:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/13 21:25:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/01 13:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 16:59:36 | 000,001,606 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2013/02/18 22:34:59 | 000,003,688 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/01 16:59:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 16:59:36 | 000,000,957 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2013/02/01 16:59:36 | 000,001,030 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2013/02/01 16:59:36 | 000,001,395 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2013/02/01 16:59:36 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgchmkmjfjloickkmkdgibpmboaphdei\10.13.20.29_0\
CHR - Extension: No name found = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdghcmanhfigpijjllopocpcnjffkhl\2.3.11.0_0\

O1 HOSTS File: ([2012/03/24 18:28:54 | 000,441,409 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15170 more lines...
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKU\S-1-5-21-2290898824-930106310-2662002411-1000..\Run: [Rim.DesktopHelper.exe] C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe (Research In Motion)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2290898824-930106310-2662002411-1000\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26D58F30-9F47-411B-8A1A-E92D920863BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAA1C05-7314-4804-A8A6-0C1A2CC41F0D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFF2772-B973-42E8-96AD-0627B6F96425}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA7AA67-1238-429D-B2D0-DC15B899E155}: NameServer = 62.13.173.92 62.13.173.93
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/21 10:20:56 | 000,000,048 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{465ad38c-8941-11e1-8800-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{465ad38c-8941-11e1-8800-001636bedc91}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{59666379-74d6-11e1-ad53-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{59666379-74d6-11e1-ad53-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Go.exe -- [2007/02/15 05:18:10 | 000,372,736 | R--- | M] (Maris Technologies, Ltd.)
O33 - MountPoints2\{6f7fc570-8945-11e1-8d12-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7fc570-8945-11e1-8d12-0011e2fcf485}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{850d9bfb-8980-11e1-a7f7-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{850d9bfb-8980-11e1-a7f7-001636bedc91}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{999daa0a-871c-11e1-b45e-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{999daa0a-871c-11e1-b45e-0011e2fcf485}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{999daa2b-871c-11e1-b45e-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{999daa2b-871c-11e1-b45e-0011e2fcf485}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{b6e5fcfd-86af-11e1-9f25-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{b6e5fd08-86af-11e1-9f25-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{d171329f-887f-11e1-88f6-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{d171329f-887f-11e1-88f6-0011e2fcf485}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{d17132b0-887f-11e1-88f6-0011e2fcf485}\Shell - "" = AutoRun
O33 - MountPoints2\{d17132b0-887f-11e1-88f6-0011e2fcf485}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{fbc7fc0d-8922-11e1-8c00-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{fbc7fc0d-8922-11e1-8c00-001636bedc91}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{fbc7fc3b-8922-11e1-8c00-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{fbc7fc3b-8922-11e1-8c00-001636bedc91}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{fbc7fc54-8922-11e1-8c00-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{fbc7fc6d-8922-11e1-8c00-001636bedc91}\Shell - "" = AutoRun
O33 - MountPoints2\{fbc7fc6d-8922-11e1-8c00-001636bedc91}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/02/18 22:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/02/17 09:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2013/02/13 09:11:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 09:11:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 09:11:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 09:11:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 09:11:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 09:11:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 09:11:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 09:11:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 07:50:03 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 07:49:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 07:49:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 07:49:37 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 07:49:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/10 22:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/02/08 08:49:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{843D6C1A-5D96-429A-B03D-5668B1ECDD40}
[2013/02/08 08:03:00 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/02/07 08:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/02/06 07:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[2013/02/06 07:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/02/03 20:54:18 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/03 20:53:54 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/03 20:53:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/03 20:53:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/31 12:55:12 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | C] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2013/01/29 06:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
[2013/01/29 06:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2013/01/23 03:59:12 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{4C568CB1-8B9A-4317-AC55-0D1F605D7F16}
[2013/01/21 03:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/01/21 03:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/01/20 03:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/15 08:58:16 | 000,000,000 | ---D | C] -- C:\boot
[2013/01/11 11:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/11 11:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/09 15:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/01/09 00:39:19 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 00:39:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 00:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 00:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 00:39:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 00:39:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 00:39:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 00:39:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 00:39:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 00:39:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 00:39:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 00:39:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 00:39:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 00:39:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 00:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 00:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 00:39:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 00:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 00:39:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 00:39:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 00:39:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 00:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 00:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 00:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 00:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 00:39:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 00:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 00:39:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 00:39:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 00:38:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 00:38:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 00:38:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 00:38:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 00:38:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 00:38:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 00:38:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 00:38:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 00:38:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 00:38:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 00:38:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 00:38:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 00:38:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 00:38:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 00:38:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 00:38:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 00:38:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 00:38:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/05 15:36:59 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Stellarium
[2013/01/01 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{2B7760FD-AD05-4739-BB48-A1E0A75019C2}
[2012/12/30 03:44:22 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\{AC808C12-8BA5-4564-8D95-9370919C95D5}
[2012/12/28 13:45:27 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\AVG Secure Search
[2012/12/28 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/12/28 13:42:53 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/12/28 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/12/28 13:40:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/12/22 07:17:22 | 000,000,000 | ---D | C] -- C:\Users\Utente\Documents\ccsetup326

========== Files - Modified Within 60 Days ==========

[2013/02/19 07:48:06 | 000,000,132 | ---- | M] () -- C:\Users\Utente\Documents\cc_20130219_074746.reg
[2013/02/19 07:47:33 | 000,701,426 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/02/19 07:47:33 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/19 07:47:33 | 000,128,740 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/02/19 07:47:33 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/19 07:43:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/19 07:36:51 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 07:36:51 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 07:36:03 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/19 07:29:13 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2290898824-930106310-2662002411-1000UA.job
[2013/02/19 07:28:47 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/19 07:28:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/02/19 07:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 07:27:54 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/18 22:32:23 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/02/18 08:05:42 | 000,005,336 | ---- | M] () -- C:\Users\Utente\Documents\cc_20130218_080458.reg
[2013/02/17 21:49:44 | 000,031,999 | ---- | M] () -- C:\Users\Utente\Desktop\Fuori era -12.htm
[2013/02/17 21:39:35 | 004,739,072 | ---- | M] () -- C:\Users\Utente\Documents\Money 2011.mny
[2013/02/17 21:39:34 | 000,957,726 | R--- | M] () -- C:\Users\Utente\Documents\Money 2011 Backup_2013-02-17_213931.mbf
[2013/02/17 21:29:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2290898824-930106310-2662002411-1000Core.job
[2013/02/16 07:36:56 | 000,000,132 | ---- | M] () -- C:\Users\Utente\Documents\cc_20130216_073639.reg
[2013/02/13 21:39:16 | 002,347,059 | ---- | M] () -- C:\Users\Utente\Desktop\IMG_0401.JPG
[2013/02/13 09:31:27 | 000,455,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 22:06:31 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/12 21:14:04 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/12 21:14:04 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/06 08:05:01 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/05 07:36:38 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/03 20:53:38 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/03 20:53:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/03 20:53:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/03 20:53:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/03 20:53:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/02/03 20:53:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/01/31 12:55:12 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | M] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2013/01/31 12:53:54 | 000,055,416 | ---- | M] () -- C:\Windows\System32\drivers\psmounterex.sys
[2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/27 06:22:09 | 000,032,256 | ---- | M] () -- C:\Users\Utente\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/26 08:07:29 | 000,299,893 | ---- | M] () -- C:\Users\Utente\Desktop\Telecom.pdf
[2013/01/26 07:16:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/01/26 07:16:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/01/24 08:36:49 | 000,001,051 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
[2013/01/11 11:51:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/10 08:52:05 | 000,496,452 | ---- | M] () -- C:\Users\Utente\Desktop\Guida 730.pdf
[2013/01/10 08:51:00 | 000,316,887 | ---- | M] () -- C:\Users\Utente\Desktop\Modulo 730.pdf
[2013/01/08 17:11:21 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/08 17:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/08 17:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/08 17:00:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/08 16:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/08 16:57:49 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/08 16:56:23 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/08 16:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/05 00:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/01/05 00:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/01/03 23:50:52 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/03 22:00:29 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/03 00:04:43 | 000,187,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/12/28 01:18:21 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 08:25:30 | 000,000,083 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\default.pls

========== Files Created - No Company Name ==========

[2013/02/19 07:48:02 | 000,000,132 | ---- | C] () -- C:\Users\Utente\Documents\cc_20130219_074746.reg
[2013/02/18 08:05:35 | 000,005,336 | ---- | C] () -- C:\Users\Utente\Documents\cc_20130218_080458.reg
[2013/02/17 21:49:43 | 000,031,999 | ---- | C] () -- C:\Users\Utente\Desktop\Fuori era -12.htm
[2013/02/17 21:39:34 | 000,957,726 | R--- | C] () -- C:\Users\Utente\Documents\Money 2011 Backup_2013-02-17_213931.mbf
[2013/02/16 07:36:50 | 000,000,132 | ---- | C] () -- C:\Users\Utente\Documents\cc_20130216_073639.reg
[2013/02/13 21:39:05 | 002,347,059 | ---- | C] () -- C:\Users\Utente\Desktop\IMG_0401.JPG
[2013/01/31 12:53:54 | 000,055,416 | ---- | C] () -- C:\Windows\System32\drivers\psmounterex.sys
[2013/01/26 08:07:27 | 000,299,893 | ---- | C] () -- C:\Users\Utente\Desktop\Telecom.pdf
[2013/01/26 07:16:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/01/26 07:16:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/01/26 06:55:24 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/11 11:51:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/10 08:52:04 | 000,496,452 | ---- | C] () -- C:\Users\Utente\Desktop\Guida 730.pdf
[2013/01/10 08:51:00 | 000,316,887 | ---- | C] () -- C:\Users\Utente\Desktop\Modulo 730.pdf
[2012/12/29 01:28:06 | 000,001,051 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/20 16:56:21 | 000,001,091 | ---- | C] () -- C:\Users\Utente\Documenti - collegamento.lnk
[2012/12/18 01:12:35 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/11/15 16:40:30 | 000,032,256 | ---- | C] () -- C:\Users\Utente\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 10:58:27 | 000,000,083 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\default.pls
[2012/05/05 06:37:08 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/03/27 01:53:37 | 000,043,656 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/03/26 14:53:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/24 07:11:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/03/24 07:09:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/23 11:56:12 | 000,001,024 | ---- | C] () -- C:\Users\Utente\.rnd

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/07 16:48:03 | 000,000,000 | -HSD | M] -- C:\Users\Utente\AppData\Roaming\.#
[2012/08/12 05:36:18 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\602Installer
[2012/03/25 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\AbelCam
[2012/06/23 03:31:15 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\aignes
[2012/03/27 01:55:56 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Ashampoo
[2012/05/07 07:38:33 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Auslogics
[2012/04/12 08:01:59 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\BlueSprig
[2012/03/27 01:57:55 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Canneverbe Limited
[2012/03/25 06:50:34 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Canon
[2013/02/19 07:30:09 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Dropbox
[2012/12/04 03:06:53 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\DVDVideoSoft
[2012/12/04 03:06:55 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/25 02:19:22 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Easeware
[2012/04/04 05:29:21 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Foxit Software
[2012/11/29 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\GlarySoft
[2012/10/17 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\IObit
[2012/05/11 06:18:07 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\LibreOffice
[2012/03/28 06:26:52 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Opera
[2012/10/24 07:38:09 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\pdfforge
[2012/05/04 02:13:44 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\PhotoScape
[2012/07/30 17:22:16 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Qlock
[2012/11/15 16:32:42 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Research In Motion
[2012/03/27 01:49:59 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Softland
[2013/01/05 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Stellarium
[2012/04/26 01:57:14 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\SumatraPDF
[2012/04/12 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Thunderbird
[2012/04/02 15:08:51 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\TomTom
[2013/02/19 07:46:09 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\uTorrent
[2012/03/29 02:07:29 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Windows Live Writer
[2012/04/23 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\WinFF
[2012/12/17 17:02:38 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0CFF5F08

< End of report >
Torna in alto
 
patton
Inviato: Friday, February 22, 2013 9:32:36 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Per Shapiro,
non ho mai adoperato Wikisend ma sono riuscito a inviare i due file OTL.txt e EXTras.txt. Ne vorrei la conferma.Ti ringrazio in anticipo.Ciao
Torna in alto
 
patton
Inviato: Wednesday, February 27, 2013 9:38:32 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
per shapero,
ho inviato quanto da te richiesto per aiutarmi a risolvere il problema in oggetto.Se ci sono problemi per una risposta da parte tua desidererei saperlo.Ti ringrazio.Ciao
Torna in alto
 
cbbusto
Inviato: Thursday, February 28, 2013 12:43:37 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, probabilmente shapiro si è dimenticato del tuo post, cerco di risponderti io.
Vediamo di disbilitare il servizio, da Start“, digita “services.msc“, premi il tasto Invio e cerca questa voce:

vToolbarUpdater14.2.0 se la trovi in alto a sinistra clicca su Arresta il servizio poi fai doppio clic sulla voce e in tipo di avvio metti Disabilitato.

Poi fai questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui. Mi raccomando clicca su Elimina e non su Cerca.

Quindi rifai una scansione con HJT e posta il log aggiornate e vediamo di eliminare altre voci.
Ci risentiamo.
Torna in alto
 
patton
Inviato: Thursday, February 28, 2013 4:06:51 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ecco il log di Adwcleaner:

# AdwCleaner v2.113 - Logfile creato il 28/02/2013 alle 09:52:34
# Aggiornamento 23/02/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : Utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : H:\New Download\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Common Files\AVG Secure Search

***** [Registro] *****


***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registro Pulito.

-\\ Mozilla Firefox v19.0.1 (it)

File : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\pw4lsdkf.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v12.12.1707.0

File : C:\Users\Utente\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [21590 octets] - [19/02/2013 21:58:17]
AdwCleaner[R2].txt - [21651 octets] - [19/02/2013 22:51:57]
AdwCleaner[R3].txt - [22848 octets] - [27/02/2013 10:15:23]
AdwCleaner[S1].txt - [340 octets] - [19/02/2013 22:54:46]
AdwCleaner[S2].txt - [23363 octets] - [27/02/2013 10:16:17]
AdwCleaner[S3].txt - [1311 octets] - [28/02/2013 09:52:34]

########## EOF - C:\AdwCleaner[S3].txt - [1371 octets] ##########


Il log di HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:08, on 28/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Qlock\qlock.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Rim.DesktopHelper.exe] "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.redshift.maris.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFF2772-B973-42E8-96AD-0627B6F96425}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA7AA67-1238-429D-B2D0-DC15B899E155}: NameServer = 62.13.173.92 62.13.173.93
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Servizio Volume Shadow Copy (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Chiavetta Internet E353 21.6. OUC (Chiavetta Internet E353 21.6. RunOuc) - Unknown owner - C:\Program Files\Chiavetta Internet E353 21.6\UpdateDog\ouc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9621 bytes

Ciao a risentirci
Torna in alto
 
cbbusto
Inviato: Thursday, February 28, 2013 5:09:57 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ADW ha eliminato AVG security Toolbar, non mi hai detto se ti appare ancora o no.

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Rim.DesktopHelper.exe] "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe

Poi fai una pulizia con Ccleaner compreso il Registro, non c'è altro, se la voce non appare più abbiamo finito. Ciao
Torna in alto
 
patton
Inviato: Friday, March 01, 2013 4:33:38 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
ADW ha eliminato AVG.
Ho eseguito le tue segnalazioni. La voce AVG no compare più.
Ti ringrazio dei consigli. Ciao
Torna in alto
 
cbbusto
Inviato: Friday, March 01, 2013 4:41:49 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Contento che tu abbia risolto. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » AVG security Toolbar


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.