Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllare log di HiJack

2 pages: [1] 2
Controllare log di HiJack Opzioni
Topic Precedente · Topic Sucessivo
uistitipigmeo
Inviato: Thursday, February 21, 2013 9:48:06 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Il mio problema è che spesso si insinuano siti non voluti. Grazie a chi mi può aiutare. Ps navigo in collegamento wireless liberod'oh!
Scusate per l'errore precedente di invio.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:32:34, on 21/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: (no name) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [Sidebar] C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{69514A6A-52A5-4FEA-8557-412E72187658}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB347066-7803-4193-8712-234841F87BCB}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\massimo\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\massimo\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\massimo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15759 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:32:34, on 21/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Torna in alto
 
Sponsor
Inviato: Thursday, February 21, 2013 9:48:06 PM

 
Torna in alto
 
cbbusto
Inviato: Friday, February 22, 2013 12:01:27 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Scusa ma quanti log hai postato ? vai nel post clic su edit, lascia solo il primo log e cancella tutti gli altri.
Poi ti dico cosa devi fare. Ciao
Torna in alto
 
uistitipigmeo
Inviato: Friday, February 22, 2013 1:46:26 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Ho provveduto a correggere l'errore di invio.
Torna in alto
 
cbbusto
Inviato: Friday, February 22, 2013 2:57:56 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora ha Power Offer che ti dirotta verso siti sconosciuti di pubblicità.
Poi hai troppe toolbar e troppe voci in avvio, fai le operazioni che ti indico nell'ordine.

Vai in programmi installati cerca la Power Offer e se la trovi elimina il programma, potrebbe anche non esserci.

Poi bisogna disattivare dei servizi collegati: da Start“, digita “services.msc“, premi il tasto Invio e cerca queste voci:
Serv Updater (ServUpdater)
Software Upd (SoftwareUpd)
Fai doppio clic su ogni voce e poi nella finestra seguente in tipo di Avvio metti Disabilitato, ok esci.

Poi chiudi tutti i programmi e disconnesso lanci HJT clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

O3 - Toolbar: (no name) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - (no file)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup

O4 - HKCU\..\Run: [Sidebar] C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE /autoRun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SERVIZIO LOCALE') (ATT. i siti di giochi portano ad altre pagine e siti di pubblicità)

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'Default user')

O8 - Extra context menu item: Crawler Search - tbr:iemenu

Poi fai questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Alla fine rifai una scansione con HJT e posta il log aggiornato.
Non dovresti più avere siti non richiesti fai sapere. Ciao
Torna in alto
 
uistitipigmeo
Inviato: Saturday, February 23, 2013 1:54:29 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Ecco il log di ADV Cleaner:


# AdwCleaner v2.112 - Logfile creato il 23/02/2013 alle 13:51:54
# Aggiornamento 10/02/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : massimo - MASSIMO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\massimo\Desktop\adwcleaner0.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****


***** [Registro] *****


***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registro Pulito.

-\\ Mozilla Firefox v18.0.1 (it)

File : C:\Users\massimo\AppData\Roaming\Mozilla\Firefox\Profiles\5gdjgzo5.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\massimo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [14780 octets] - [03/01/2013 14:05:48]
AdwCleaner[R2].txt - [1087 octets] - [23/02/2013 13:44:31]
AdwCleaner[R3].txt - [958 octets] - [23/02/2013 13:51:54]
AdwCleaner[S1].txt - [14837 octets] - [03/01/2013 14:12:00]

########## EOF - C:\AdwCleaner[R3].txt - [1078 octets] ##########
Torna in alto
 
uistitipigmeo
Inviato: Saturday, February 23, 2013 1:58:01 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
E questo di HiJack:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:40, on 23/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{69514A6A-52A5-4FEA-8557-412E72187658}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB347066-7803-4193-8712-234841F87BCB}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\massimo\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\massimo\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\massimo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13146 bytes
Torna in alto
 
uistitipigmeo
Inviato: Saturday, February 23, 2013 2:11:16 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Ho provato a navigare e per ora non si è verificato il problema. Cosa dovrei fare perchè non si ripresenti?
Torna in alto
 
cbbusto
Inviato: Saturday, February 23, 2013 4:44:34 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Non ci siamo non hai disattivato i servizi come ti avevo scritto quindi potresti avere ancora pagine non richieste.
Avevo scritto questo:
Poi bisogna disattivare dei servizi collegati: da Start“, digita “services.msc“, premi il tasto Invio e cerca queste voci:
Serv Updater (ServUpdater)
Software Upd (SoftwareUpd)
Fai doppio clic su ogni voce e poi nella finestra seguente in tipo di Avvio metti Disabilitato, ok esci.
Se non riesci in modalità normale avvia il pc in provvisoria.

Il resto è a posto.
Per la domanda che hai posto, devi stare attento ai siti che visiti e le pagine che apri, controlla sempre se c'è qualche spunta che ti fa scaricare cose non richieste, qundo scarichi programmi non scaricare mai le toolbar e controlla sempre di non essere dirottato verso siti che non conosci.
Attenzione ai giochi online, facile trovare spyware e siti pubblicitari.
Ciao
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 1:32:15 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
OK ci sono riuscito. Ho anche rifatto la scansione con HiJack spero sia tutto a posto grazie ciao.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:22, on 24/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{69514A6A-52A5-4FEA-8557-412E72187658}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB347066-7803-4193-8712-234841F87BCB}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\massimo\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13004 bytes
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 1:51:56 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Purtroppo continua lo stesso problema ho sbagliato qualcosa?
Torna in alto
 
r16
Inviato: Sunday, February 24, 2013 2:00:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Vediamo se OTL ci racconta qualcosa di più:

Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per postare i log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

Poi segui le indicazioni di cbbusto
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 3:20:54 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
OTL Extras logfile created on: 24/02/2013 14:40:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\massimo\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,68 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 34,76% Memory free 7,36 Gb Paging File | 4,92 Gb Available in Paging File | 66,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 217,72 Gb Free Space | 76,13% Space Free | Partition Type: NTFS Computer Name: MASSIMO-PC | User Name: massimo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3279544263-110991942-1808720350-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CBC0034-7D72-467E-8DA7-8357F9CE8375}" = rport=10243 | protocol=6 | dir=out | app=system | "{0DE7EAC7-4913-4537-A444-28CAC0D3381D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1F370AF1-0581-49D6-9C39-FA87D05A70A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2287F87C-9CA2-4853-B36B-C0061F10C1D9}" = lport=445 | protocol=6 | dir=in | app=system | "{28517FC4-1FFE-42AB-A3BD-2C18A3C75076}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{32F0E8C0-02DF-40FE-8161-3AF0529A82C7}" = rport=445 | protocol=6 | dir=out | app=system | "{5161C39A-F551-4B0E-8307-4ED20E71DAAB}" = lport=138 | protocol=17 | dir=in | app=system | "{5C4D5916-991B-4F29-8205-5C22AED78603}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D1C685A-EA4F-43CA-8458-D93A08EFBEA4}" = rport=139 | protocol=6 | dir=out | app=system | "{5D69D116-C625-475C-A79F-2597A4A30CFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{615B0237-4DC2-413C-9C90-3C45D11BABF1}" = lport=2869 | protocol=6 | dir=in | app=system | "{62B66278-FC50-4D0D-9466-22DAC1FA2B8F}" = lport=137 | protocol=17 | dir=in | app=system | "{69297C19-1215-42A7-B384-1E3CE70E220D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F2A21EE-ABFF-474A-BC7E-E40A1B23DB2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{79F89746-BE57-4E02-B4EE-D91170BA0819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7C2F5A90-066D-4F37-842A-F98920B5A5D3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8A8D5D87-0AFB-48C2-8A99-CCACE5FB753C}" = rport=138 | protocol=17 | dir=out | app=system | "{91DF1703-FEF5-4EE1-B9BC-9114211E943C}" = rport=137 | protocol=17 | dir=out | app=system | "{A2C1CB4D-CA4E-4749-B013-C33799158AC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACC49DFB-ADD2-4C3F-969D-23394C0374F3}" = lport=2869 | protocol=6 | dir=in | app=system | "{AFAC9E9F-22CF-4D93-89FF-682AFC0FFA03}" = lport=139 | protocol=6 | dir=in | app=system | "{B9CBD4FF-EA32-4D83-9AE6-3D23F272B3B2}" = lport=10243 | protocol=6 | dir=in | app=system | "{BCFA5AC9-34A6-4C50-BC51-EF7B8AD0F330}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C125AFC4-57B4-4B94-B618-71CCDA062527}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05CC6792-DF0A-49A2-842E-D6FD91CD6821}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{23CB7A43-608E-48B2-A976-757E274E7952}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2F0A0CE1-7FC0-4B3C-95C1-F320FABE28C6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3731C02A-A3C6-4742-B544-F7128A4B6E1F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3AA3FB37-6BE6-4CC4-AE4A-4BF09A075A27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3E00CC72-3FA2-4BEC-9BC1-5E11E973B63B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3E01709F-C398-4B16-A6CA-8AB35786B346}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{40EAB194-A0CF-481F-990A-77F24F159B53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{42B588C7-BBE1-4F96-9029-CDD4897A4DF3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{44B4ABC1-1DA2-4370-99E9-BAACD0405EAE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{497B970F-BEC2-4C5C-A142-02E3ED40101A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{5075F305-8AA2-4B46-81AC-FD0C70DD68C0}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{549CEDAC-7390-48AB-9C19-7855F70E7104}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6565E130-20AB-4F8B-BA7D-3C47B79A00D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{6A62BE41-758F-4318-B0C8-167490FAC7DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{80843DE3-8A63-4B5A-BA6C-9A2EB1E2D5FF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{8F199D6E-8BE6-41F8-A9B6-3C41CB752433}" = protocol=6 | dir=out | app=system | "{9B5076C2-FAF7-4ED7-BC1B-4F3395AEE84B}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{9D984279-08A7-4FFF-BCF1-BA27C2FFA650}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A0C5F64F-7637-4031-A40E-5429CA42CE11}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{A32F0C92-E674-4944-897A-E85A6E4466D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A578BB8D-6732-4BF1-AE05-30FC4CD31227}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{A6AE64D3-B4B7-4D82-94E4-F64F5F667C01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE45E2DD-C1EB-43A6-BBC2-F54E2BE0D4D4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{B3C610A1-86DD-4692-A005-B494888E96D0}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{B55321E5-B2AD-48EE-A53B-4B413189AAA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B6020C82-85AC-4775-AEE6-F40F99F31606}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BE3BAA22-BB68-442A-9FA4-D64C1FF9B9DB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C8914027-F896-494D-B3D9-222A537101BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB2E908B-7E80-4346-9D08-EEAD28A29F20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{CEB7A886-452A-4DCF-A140-453A20A86622}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D8979B73-833B-43FC-8992-815CA19C7180}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DB472981-7D53-48D9-A46B-5FA8F0C4E97F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DC3D7901-CA78-426A-9249-6D529363E8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{DD9A5D67-89BF-44EB-8FAA-793AB38EC129}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E11B312B-8029-409F-B724-92372CDD9702}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{EB897774-B47E-4C3D-9949-16AF46805092}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{EE4EFF31-628F-4E16-9C33-AD6BB46D0B6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4AB1177-B564-455D-B168-F73266614AB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F9965DC6-BA61-425A-BBD2-6A5C397322CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA2BC69E-11BF-40A6-8DE9-973DF7B46996}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD08F373-D13D-4C3B-830D-EE57894F75A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FE01F2BC-FC35-402C-B490-4359E299A8F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013 "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013 "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1ADB558F-1E50-43F2-8EAC-E7D75294C1D8}" = OpenOffice.org 3.4.1 "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Fantastigames "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth "{707bfad4-e437-40ed-9c9c-32dbc1d89a23}" = Nero 9 Essentials "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D5088A9-4376-4765-B5E4-695AFFBA4F7A}" = TuneUp Utilities Language Pack (it-IT) "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007 "{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{7B241DBB-A985-46B4-866B-DD59E0284032}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007 "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0410-1000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007 "{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007 "{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007 "{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007 "{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Supporto applicazioni Apple "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup "LManager" = Launch Manager "Metaboli" = Metaboli "Mozilla Firefox 18.0.1 (x86 it)" = Mozilla Firefox 18.0.1 (x86 it) "MozillaMaintenanceService" = Mozilla Maintenance Service "OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "Revo Uninstaller" = Revo Uninstaller 1.94 "Security Task Manager" = Security Task Manager 1.8f "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite" = Windows Live Essentials "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15/02/2013 16:00:13 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 15/02/2013 16:00:14 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15/02/2013 16:00:14 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2075 Error - 15/02/2013 16:00:14 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2075 Error - 15/02/2013 16:00:15 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15/02/2013 16:00:15 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3089 Error - 15/02/2013 16:00:15 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3089 Error - 15/02/2013 16:00:16 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15/02/2013 16:00:16 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4087 Error - 15/02/2013 16:00:16 | Computer Name = massimo-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4087 [ Media Center Events ] Error - 21/01/2013 08:02:44 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 13:02:39 - Errore di connessione a Internet. 13:02:41 - Impossibile contattare il server.. Error - 21/01/2013 08:05:17 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 13:03:21 - Errore di connessione a Internet. 13:03:21 - Impossibile contattare il server.. Error - 21/01/2013 09:12:01 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 14:12:01 - Errore di connessione a Internet. 14:12:01 - Impossibile contattare il server.. Error - 21/01/2013 09:12:11 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 14:12:07 - Errore di connessione a Internet. 14:12:07 - Impossibile contattare il server.. Error - 26/01/2013 09:12:35 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 14:12:34 - Errore di connessione a Internet. 14:12:35 - Impossibile contattare il server.. Error - 26/01/2013 09:13:09 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 14:13:05 - Errore di connessione a Internet. 14:13:05 - Impossibile contattare il server.. Error - 17/02/2013 07:08:12 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 12:08:12 - Errore di connessione a Internet. 12:08:12 - Impossibile contattare il server.. Error - 17/02/2013 07:08:47 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 12:08:41 - Errore di connessione a Internet. 12:08:41 - Impossibile contattare il server.. Error - 20/02/2013 07:20:00 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 12:20:00 - Impossibile recuperare Directory (Errore: Impossibile risolvere il nome remoto.: 'data.tvdownload.microsoft.com') Error - 20/02/2013 07:21:14 | Computer Name = massimo-PC | Source = MCUpdate | ID = 0 Description = 12:21:08 - Errore di connessione a Internet. 12:21:08 - Impossibile contattare il server.. [ System Events ] Error - 17/02/2013 14:17:11 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:39 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:39 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:39 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:39 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:49 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:49 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:50 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:36:50 | Computer Name = massimo-PC | Source = Schannel | ID = 36887 Description = Ricevuto avviso di errore irreversibile: 10. Error - 17/02/2013 17:41:59 | Computer Name = massimo-PC | Source = Service Control Manager | ID = 7006 Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con l'errore %%5. < End of report >
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 3:21:52 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Ora vi invio il secondo log.
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 3:26:54 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
OTL logfile created on: 24/02/2013 14:40:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\massimo\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 3,68 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 34,76% Memory free 7,36 Gb Paging File | 4,92 Gb Available in Paging File | 66,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 217,72 Gb Free Space | 76,13% Space Free | Partition Type: NTFS Computer Name: MASSIMO-PC | User Name: massimo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\massimo\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\IGUtils.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll () MOD - C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll () MOD - C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll () MOD - C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll () MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SoftwareUpd) -- C:\Users\massimo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (PowerOffer Service) -- C:\Users\massimo\AppData\Local\PosService\Pos.exe (PowerOfferService) SRV - (ServUpdater) -- C:\Users\massimo\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (X5XSEx_Pr143) -- C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.sys (Exent Technologies Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273611120345l04c4z135f4532c214 IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_itIT510 IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/01 18:40:16 | 000,000,000 | ---D | M] [2013/02/01 18:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\massimo\AppData\Roaming\mozilla\Extensions [2013/02/01 18:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\massimo\AppData\Roaming\mozilla\Firefox\Profiles\5gdjgzo5.default\extensions [2013/02/01 18:45:58 | 000,111,083 | ---- | M] () (No name found) -- C:\Users\massimo\AppData\Roaming\mozilla\firefox\profiles\5gdjgzo5.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013/02/01 18:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/17 03:28:12 | 000,001,606 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2013/01/17 03:28:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/17 03:28:12 | 000,000,957 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2013/01/17 03:28:12 | 000,001,030 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2013/01/17 03:28:12 | 000,001,395 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2013/01/17 03:28:12 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\massimo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\FantastiGames\npExentCtl.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3279544263-110991942-1808720350-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\FantastiGames\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69514A6A-52A5-4FEA-8557-412E72187658}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69514A6A-52A5-4FEA-8557-412E72187658}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB347066-7803-4193-8712-234841F87BCB}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2013/02/23 14:40:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013/02/19 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\OpenOffice.org [2013/02/19 14:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013/02/19 14:45:14 | 000,000,000 | ---D | C] -- C:\Users\massimo\Desktop\OpenOffice.org 3.4.1 (it) Installation Files [2013/02/14 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\AVG [2013/02/14 21:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013/02/14 21:24:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/02/13 20:53:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 20:53:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 20:53:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 20:53:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 20:53:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 20:53:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 20:53:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 20:53:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 20:53:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 20:53:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 20:53:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 20:53:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 20:53:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 20:53:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 20:53:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 20:45:32 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 20:45:30 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 20:45:29 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 20:44:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 20:44:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 20:44:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 20:44:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 20:44:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 20:44:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 20:44:38 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/13 12:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/02/08 13:47:28 | 000,000,000 | ---D | C] -- C:\Users\massimo\Documents\Massimo [2013/02/07 14:46:38 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/02/07 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\Spyware Terminator [2013/02/07 14:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013/02/07 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013/02/07 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013/02/03 17:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games [2013/02/02 20:11:52 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/02/01 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\Mozilla [2013/02/01 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Local\Mozilla [2013/02/01 18:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/02/01 18:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/01/27 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013/01/27 19:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/01/27 19:15:43 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013/01/27 19:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/01/27 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/01/27 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/01/27 19:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/01/27 19:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/01/27 19:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013/01/27 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Local\Apple Computer [2013/01/27 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\Apple Computer [2013/01/27 18:56:48 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2013/01/27 18:56:47 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2013/01/27 18:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013/01/27 18:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013/01/27 18:53:49 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Local\Apple [2013/01/27 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/01/27 18:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013/01/27 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013/01/27 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013/01/27 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013/01/27 18:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013/01/23 14:45:49 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/01/20 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign [2013/01/19 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\AVG2013 [2013/01/19 21:42:48 | 000,000,000 | -H-D | C] -- C:\$AVG [2013/01/19 21:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/01/19 21:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/01/19 16:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/01/17 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Local\Systweak [2013/01/10 14:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3Planesoft [2013/01/09 12:44:29 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/09 12:44:29 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/09 12:44:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 12:44:05 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/09 12:43:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/09 12:43:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/09 12:43:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/09 12:43:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/09 12:43:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/09 12:43:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/09 12:43:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/09 12:43:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/09 12:43:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/09 12:43:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/09 12:43:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/09 12:43:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/09 12:43:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/09 12:43:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/09 12:43:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/09 12:43:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/09 12:43:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/09 12:43:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/09 12:43:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/09 12:43:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/09 12:43:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/09 12:43:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/09 12:43:51 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/09 12:43:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/09 12:43:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/09 12:43:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/09 12:43:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/09 12:43:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/09 12:43:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/09 12:43:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/09 12:43:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/09 12:43:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/09 12:43:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/09 12:43:05 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/09 12:43:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/09 12:43:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/09 12:43:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/09 12:43:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/09 12:43:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/09 12:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/09 12:43:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/09 12:43:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/09 12:43:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 12:43:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 12:43:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 12:43:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/09 12:43:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 12:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 12:43:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 12:43:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 12:43:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 12:43:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 12:43:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/09 12:43:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/09 12:42:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/01/03 19:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/03 15:02:26 | 000,000,000 | ---D | C] -- C:\Users\massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/01/03 15:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller [2012/12/26 19:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up [2012/12/26 19:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE ========== Files - Modified Within 60 Days ========== [2013/02/24 14:38:21 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/24 14:37:55 | 000,001,105 | ---- | M] () -- C:\Users\massimo\Desktop\OTL - collegamento.lnk [2013/02/24 14:05:12 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/24 12:45:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 12:45:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 12:38:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/24 12:36:35 | 000,374,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/24 12:36:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/24 12:36:06 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2013/02/23 14:40:20 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013/02/23 13:12:47 | 000,587,671 | ---- | M] () -- C:\Users\massimo\Desktop\adwcleaner0.exe [2013/02/23 12:12:12 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/02/19 14:29:56 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/02/18 11:59:59 | 000,698,570 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/02/18 11:59:59 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/18 11:59:59 | 000,127,764 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/02/18 11:59:59 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/18 11:59:58 | 001,541,382 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 19:18:06 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/15 19:18:06 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/13 12:07:14 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/02/11 18:45:36 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/02/07 14:55:28 | 000,001,068 | ---- | M] () -- C:\Users\massimo\Desktop\Revo Uninstaller.lnk [2013/02/07 14:46:38 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/02/07 14:46:37 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013/02/03 17:43:14 | 000,002,726 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk [2013/02/01 18:40:25 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/27 19:15:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/27 19:10:05 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/01/23 22:59:09 | 000,000,036 | ---- | M] () -- C:\Windows\avgui.INI [2013/01/23 14:45:49 | 000,002,985 | ---- | M] () -- C:\Users\massimo\Desktop\HiJackThis.lnk [2013/01/23 14:45:49 | 000,002,985 | ---- | M] () -- C:\Users\massimo\Documents\HiJackThis - Copia.lnk [2013/01/20 22:34:47 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job [2013/01/19 20:51:21 | 000,000,932 | ---- | M] () -- C:\Users\massimo\Foto e video smartfone - collegamento.lnk [2013/01/16 15:56:42 | 000,000,367 | ---- | M] () -- C:\Users\massimo\Desktop\Computer - collegamento.lnk [2013/01/15 15:06:20 | 000,002,267 | ---- | M] () -- C:\Users\massimo\Desktop\Google Chrome.lnk [2013/01/10 20:50:45 | 000,001,107 | ---- | M] () -- C:\Users\massimo\Desktop\Documenti - collegamento.lnk [2013/01/09 02:19:09 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/01/09 02:11:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/01/09 02:10:26 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/01/09 02:07:51 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/01/09 02:07:50 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/01/09 02:07:47 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/01/09 02:06:39 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/01/09 02:04:58 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/01/09 02:00:48 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/01/08 23:03:12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/01/08 23:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/01/08 22:59:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/01/08 22:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/01/08 22:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/01/08 22:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/01/05 06:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/01/05 06:00:15 | 003,967,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/01/05 06:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/01/04 06:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/04 05:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/04 03:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/04 03:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/04 03:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/04 03:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/03 07:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/01/02 14:53:15 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/01/02 14:46:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite [2012/12/27 20:41:04 | 000,003,584 | ---- | M] () -- C:\Users\massimo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2013/02/24 14:37:55 | 000,001,105 | ---- | C] () -- C:\Users\massimo\Desktop\OTL - collegamento.lnk [2013/02/23 14:40:20 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013/02/23 13:12:47 | 000,587,671 | ---- | C] () -- C:\Users\massimo\Desktop\adwcleaner0.exe [2013/02/11 18:45:36 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/02/07 14:46:37 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013/02/03 17:43:14 | 000,002,726 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - packardbell.lnk [2013/02/01 18:40:24 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/01 18:40:24 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/27 19:15:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/27 19:10:05 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/01/27 18:53:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013/01/26 17:42:47 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/01/25 16:23:44 | 000,002,985 | ---- | C] () -- C:\Users\massimo\Documents\HiJackThis - Copia.lnk [2013/01/23 22:59:08 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI [2013/01/23 14:45:49 | 000,002,985 | ---- | C] () -- C:\Users\massimo\Desktop\HiJackThis.lnk [2013/01/20 17:57:32 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job [2013/01/19 21:43:59 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/01/19 20:51:21 | 000,000,932 | ---- | C] () -- C:\Users\massimo\Foto e video smartfone - collegamento.lnk [2013/01/16 15:56:42 | 000,000,367 | ---- | C] () -- C:\Users\massimo\Desktop\Computer - collegamento.lnk [2013/01/10 20:50:45 | 000,001,107 | ---- | C] () -- C:\Users\massimo\Desktop\Documenti - collegamento.lnk [2013/01/03 19:40:13 | 000,002,267 | ---- | C] () -- C:\Users\massimo\Desktop\Google Chrome.lnk [2013/01/03 15:02:26 | 000,001,068 | ---- | C] () -- C:\Users\massimo\Desktop\Revo Uninstaller.lnk [2013/01/02 14:47:01 | 000,000,906 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/01/02 14:46:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite [2012/12/27 20:41:03 | 000,003,584 | ---- | C] () -- C:\Users\massimo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/26 19:05:40 | 000,002,863 | ---- | C] () -- C:\Users\massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk [2012/12/21 14:37:56 | 000,000,240 | ---- | C] () -- C:\Windows\wininit.ini [2012/12/03 16:12:29 | 000,715,038 | ---- | C] () -- C:\Users\massimo\AppData\Local\unins000.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/01 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/02/01 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/02/14 21:27:18 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\AVG [2013/01/19 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\AVG2013 [2012/12/21 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Exent Technologies [2013/02/19 15:49:47 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\OpenOffice.org [2012/11/21 15:58:48 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Packard Bell [2013/01/05 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\SNS [2013/02/07 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Spyware Terminator [2013/02/08 22:24:17 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Systweak [2012/12/17 12:31:29 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\TestApp [2012/12/04 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Tific [2013/01/19 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\TuneUp Software [2013/02/03 17:43:43 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\WildTangent [2012/12/25 13:41:51 | 000,000,000 | ---D | M] -- C:\Users\massimo\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report >
Torna in alto
 
r16
Inviato: Sunday, February 24, 2013 4:17:02 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@uistitipigmeo:
I log che hai postato non li legge nessuno. (praticamente illeggibili)
Ho dato indicazioni su come postare i log.
Troppo difficile?
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 4:37:35 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Riprovo.


OTL.Txt
Extras.Txt
Torna in alto
 
cbbusto
Inviato: Sunday, February 24, 2013 5:38:05 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Vediamo se OTL trova qualcosa in più, per questo segui r16.
Mi devi scusare ma mi era sfuggito un servizio importante da disattivare potrebbe anche essere l'incriminato:
Pos Service (PowerOffer Service)
Fai le stesse operazioni di prima, cerca la voce nei Servizi, doppio clic e metti Disattivato.
Infatti la voce si trova ancora in avvio automatico:
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
Dopo aver disattivato il servizio controlla in Avvio se trovi la voce, se c'è la disattivi.
Ciao

P.S. Esegui prima lo script che ti ha meso r16 l'operazione sopra non dovrebbe essere più necessaria perchè la voce in avvio e il servizio verranno eliminati: Speak to the hand
Torna in alto
 
r16
Inviato: Sunday, February 24, 2013 6:11:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vai in "Programmi e funzionalità" e disistalla SpywareTerminator .
Se vuoi puoi disistallarlo anche con Revo Unistaller.
Fai una pulizia con CCleaner. (registro compreso.)

Poi:
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
SRV - (SoftwareUpd) -- C:\Users\massimo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (PowerOffer Service) -- C:\Users\massimo\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\massimo\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\massimo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)

:Files
C:\Users\massimo\AppData\Local\SoftwareUpdater
C:\Users\massimo\AppData\Local\PosService
C:\Users\massimo\AppData\Local\ServUpdater
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.

Esegui una nuova scansione con OTL, seguendo gli stessi parametri che ho indicato all'inizio.
Posta il log. (con Wikisend)

@cbbusto
Come vedi, il findeer HJT non si sogna nemmeno di rilevarlo.
Inoltre i servizi da te menzionati (giustamente) non vanno disabilitati, ma vanno eliminati.
Non c'è motivo tenerli installati nel pc. (pur disabilitati)
Torna in alto
 
uistitipigmeo
Inviato: Sunday, February 24, 2013 9:30:13 PM

Rank: AiutAmico

Iscritto dal : 12/24/2012
Posts: 249
Ecco la scansione con OTL:


All processes killed
========== OTL ==========
Service SoftwareUpd stopped successfully!
Service SoftwareUpd deleted successfully!
C:\Users\massimo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
Service PowerOffer Service stopped successfully!
Service PowerOffer Service deleted successfully!
C:\Users\massimo\AppData\Local\PosService\Pos.exe moved successfully.
Service ServUpdater stopped successfully!
Service ServUpdater deleted successfully!
C:\Users\massimo\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
File C:\Users\massimo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully.
C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe moved successfully.
========== FILES ==========
C:\Users\massimo\AppData\Local\SoftwareUpdater\settings folder moved successfully.
C:\Users\massimo\AppData\Local\SoftwareUpdater folder moved successfully.
C:\Users\massimo\AppData\Local\PosService\settings folder moved successfully.
C:\Users\massimo\AppData\Local\PosService folder moved successfully.
C:\Users\massimo\AppData\Local\ServUpdater\settings folder moved successfully.
C:\Users\massimo\AppData\Local\ServUpdater folder moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\massimo\Downloads\cmd.bat deleted successfully.
C:\Users\massimo\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: massimo
->Temp folder emptied: 18889880 bytes
->Temporary Internet Files folder emptied: 8393635 bytes
->FireFox cache emptied: 6351473 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13734 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50321 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: massimo

User: Public

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: massimo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02242013_210912

Files\Folders moved on Reboot...
C:\Users\massimo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\massimo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZDE3FIUY\software[1].htm moved successfully.
C:\Users\massimo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GYVRGW3J\metro[1].htm moved successfully.
C:\Users\massimo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\massimo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\massimo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllare log di HiJack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.