awesomehp - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » awesomehp

2 pages: [1] 2

awesomehp

Opzioni

Topic Precedente · Topic Sucessivo

antomasi

Inviato: Sunday, February 02, 2014 9:40:39 PM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

Qualcuno mi aiuta a eliminare sto maledetto!!!!!
Sono andato nelle impostazioni di chrome per togliere la pagina iniziale, ho pulito anche l'omnibox ma niente, ho lanciato malwarebits, spy&destroy, ccleaner.........niente continua a comparire.
Cosa posso fare??

Torna in alto

Sponsor

Inviato: Sunday, February 02, 2014 9:40:39 PM

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 9:13:09 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante che siano chiusi: IE,Firefox, Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.

scarica OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)

posta i due log

Torna in alto

antomasi

Inviato: Monday, February 03, 2014 9:53:55 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

Grazie per l'aiuto, ti posto i due file

OTL logfile created on: 03/02/2014 9.32.20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antonio\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.13% Memory free
5.93 Gb Paging File | 3.99 Gb Available in Paging File | 67.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.17 Gb Total Space | 188.72 Gb Free Space | 41.64% Space Free | Partition Type: NTFS

Computer Name: PC-ANTONIO | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Antonio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programmi\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Antonio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programmi\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programmi\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programmi\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programmi\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Programmi\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programmi\sony\VAIO Update\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programmi\sony\VAIO Update\VUAgent.exe (Sony Corporation)
PRC - C:\Programmi\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Programmi\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - c:\Programmi\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe (NDS Technologies)
PRC - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe ()
PRC - C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe ()
PRC - C:\Programmi\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programmi\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programmi\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programmi\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programmi\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programmi\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programmi\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programmi\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programmi\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programmi\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programmi\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programmi\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programmi\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Programmi\Steam\bin\chromehtml.dll ()
MOD - C:\Programmi\Steam\bin\libcef.dll ()
MOD - C:\Programmi\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\de22a8c631b17130b8d3a4a7a5caca1d\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\308d217fee071595e8a472772ac38399\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3a99037dbc9931b28768f03047b10576\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\5ade98f5b12ff68843529f680d5e2c76\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\4dffbc5148ef504fdc475312fdbac22a\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\775e358d0887310af3234cafabc96ff8\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\1a44de496b51893e66bd09a2db1926c0\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\1ab5020404017550fb043eb4faba20e1\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\03dc05780399d00eb54e71c459987b31\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0416714d488d111e19ffa0f34c15931f\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\387e10a19f185b1b9d62c9907da762e6\Kies.ni.exe ()
MOD - C:\Users\Antonio\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programmi\Steam\libavresample-1.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\c27c613c1788b0a99a9c4ce7219e0d26\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fdac36291d3f8f33edc87547e828cd8c\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7cf8eba937a73d2e26d7cfadb0126737\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\54f40df445fe0b9350bcc74137c8d478\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\0ce61c044a11873b0c1474cf3931f4cd\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\18883b07af3d6ac90c3c3bf9fc3b2979\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9796bf3f45b98b97742127129a884c81\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d90238e4ff0c2ae525d3360fb4c1c676\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\07cd905998ee41afac0ccc61288b3845\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\09ce352b9335ce4401548ce45e7fc5c5\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\0043a7e4d9b5a580d5ef20d0ee015930\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fb857bc91f4a970d157bf2c0f45ea0f7\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\ecef0d002f6e863a162ccfbd4c545fae\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e324dff2b2c74722f126953c0923c53d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\113d64b48a676dafec5ff47f415a61ab\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3f4940afa8b8de8c008cff3fee26afe7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d4ecef1f65341845a951bd510fd63595\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fa867940d96361cece5bcbe80b460258\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\60a47e43e63ff99badd71123b03848f6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0df592a8e77a0395c5411e6ae355507\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\cc434a6d9f615b8e5519d6a79fd56849\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Programmi\Steam\libavutil-52.dll ()
MOD - C:\Users\Antonio\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Programmi\Steam\bin\avcodec-53.dll ()
MOD - C:\Programmi\Steam\bin\avformat-53.dll ()
MOD - C:\Programmi\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\z.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\ndsLogStore.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\libxml2-2.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\libgstreamer-0.10.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\gsttspplugin.dll ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe ()
MOD - C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\DrmSingleton.dll ()
MOD - C:\Programmi\Microsoft Office\Office15\MSIMG32.dll ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programmi\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programmi\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()

========== Services (SafeList) ==========

SRV - (vga32) -- File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (IAANTMON) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Programmi\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LiveUpdateSvc) -- C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (VUAgent) -- C:\Programmi\sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Programmi\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (nvservice) -- C:\Windows\System32\nvservice.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programmi\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (CDMA Device Service) -- C:\Programmi\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Programmi\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (nvUpdatusService) -- C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmIAlzMgr) -- C:\Programmi\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programmi\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programmi\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programmi\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programmi\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programmi\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programmi\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Programmi\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NSUService) -- C:\Programmi\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programmi\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programmi\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (uCamMonitor) -- C:\Programmi\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (esgiguard) -- File not found
DRV - (clwvd) -- system32\DRIVERS\clwvd.sys File not found
DRV - (catchme) -- File not found
DRV - (a31226ic) -- File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
DRV - (hitmanpro36) -- C:\Windows\System32\drivers\hitmanpro36.sys ()
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ASEDRV3) -- C:\Windows\System32\drivers\ASEDRV3.sys (Athena Smartcard Solutions)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (JMCR_CFS) -- C:\Windows\System32\drivers\jmcr_cfs.sys (JMicron Technology Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{65CB1B27-F27D-40E9-BFFE-C3A200FC1972}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://search.chatzum.com/?q={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\SearchScopes\{2B9BC89D-9F75-49FB-BBC9-A1D49565527C}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\SearchScopes\{65CB1B27-F27D-40E9-BFFE-C3A200FC1972}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=&rlz=1I7SNYS_it
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "awesomehp"
FF - prefs.js..browser.startup.homepage: "https://www.google.it/"
FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0
FF - prefs.js..extensions.enabledAddons: 34f57b0c-8cdb-4914-818c-928df47c6c4f%403a243122-a6fc-40c9-a1e6-ba11e930da09.com:0.93.72
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Antonio\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Antonio\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll (Sky Italia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/27 16.31.34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/27 16.31.34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 13.25.33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/15 13.25.33 | 000,000,000 | ---D | M]

[2011/09/03 14.56.27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions
[2011/09/03 14.56.27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2014/02/03 09.23.49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/02/02 18.15.53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012/09/15 20.46.14 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2013/11/06 15.35.19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2014/02/02 18.15.51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2014/02/02 21.39.21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions
[2014/02/02 18.10.34 | 000,000,000 | ---D | M] ("HDvid Codec V6.0") -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com
[2014/02/02 21.39.23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\staged
[2014/02/02 18.18.21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData
[2014/02/02 18.18.21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins
[2014/02/02 18.18.21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode
[2014/02/02 21.39.22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\staged\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData
[2014/02/02 21.39.23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\staged\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins
[2014/02/02 21.39.22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Firefox\Profiles\8nmspgfq.default\extensions\staged\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode
[2013/12/06 21.59.04 | 000,007,355 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\0\extensions\firefox@browsesmart.net.xpi
[2012/10/22 16.19.08 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2013/12/06 21.59.04 | 000,007,355 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\8nmspgfq.default\extensions\firefox@browsesmart.net.xpi
[2013/05/20 16.26.25 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\8nmspgfq.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2013/12/06 21.59.04 | 000,007,355 | ---- | M] () (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\firefox@browsesmart.net.xpi
[2013/11/06 15.35.12 | 000,000,911 | ---- | M] () -- C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\8nmspgfq.default\searchplugins\yahoo_ff.xml
[2013/11/20 11.47.39 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/11/20 11.47.39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 11.47.38 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/11/20 11.47.38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 11.47.45 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03.30.36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2014/02/02 18.13.00 | 000,000,562 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\awesomehp.xml

========== Chrome ==========

CHR - default_search_provider: google (Enabled)
CHR - default_search_provider: search_url = http://www.google.it/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.it/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Sky Go Player (Enabled) = C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Documenti Google = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Skype Click to Call = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/02 15.38.37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programmi\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programmi\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bit4id store register] C:\Windows\System32\bit4cnsp.dll (bit4id srl (http://www.bit4id.com))
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programmi\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programmi\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\Gestore installazioni SolidWorks\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [PCShowServer] C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Antonio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk = C:\Programmi\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: I&nvia a OneNote - C:\Programmi\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programmi\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programmi\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2209015C-F5B2-4062-9C24-2AC33D8882BD}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A339F1A6-2550-476C-B385-724480B5FE84}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAA72E83-765D-4C92-8048-E3124F81D98F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programmi\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22.42.20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2014/02/03 09.20.38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
[2014/02/02 19.01.07 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2014/02/02 18.13.05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2014/01/26 20.08.36 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/01/26 20.08.25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/01/26 20.08.25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/26 20.08.24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/01/26 20.08.24 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/01/23 15.14.38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
[2014/01/21 21.48.32 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\MPC-HC
[2014/01/21 16.46.33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2014/01/21 16.46.32 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2014/01/15 10.03.06 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/15 10.03.05 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/15 10.03.04 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 10.03.04 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/11 13.58.10 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2014/01/11 13.58.10 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2014/01/11 13.57.15 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2014/01/10 13.34.36 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SelfMV
[2014/01/10 13.22.05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2014/01/10 12.35.49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2014/01/10 12.35.18 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2014/01/04 15.15.57 | 000,000,000 | ---D | C] -- C:\Users\Antonio\aTubeCatcher
[2013/12/27 16.30.27 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\ElevatedDiagnostics
[2013/12/18 15.26.40 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\WinZip
[2013/12/18 15.25.33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/12/18 15.09.31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/12/18 06.53.43 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Modelli di Office personalizzati
[2013/12/14 21.18.20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/14 20.58.12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/14 19.25.22 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
[2013/12/14 14.54.19 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\FILEminimizerPictures
[2013/12/14 14.54.15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2013/12/14 14.54.14 | 000,000,000 | ---D | C] -- C:\Program Files\FILEminimizer Pictures
[2013/12/14 12.33.56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 18.34.25 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/11 18.34.24 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/11 18.34.24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/11 18.34.23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/11 18.34.23 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/11 18.34.23 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/11 18.34.23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/11 18.34.23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/11 18.34.23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/11 18.34.22 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/11 18.34.22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/11 18.34.22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/11 18.34.20 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 18.34.17 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/11 18.29.26 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 16.50.43 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Prodiance
[2013/12/11 16.25.33 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Application Data
[2013/12/11 16.16.23 | 000,000,000 | -H-D | C] -- C:\Windows\ActWin8Serv2012
[2013/12/11 16.14.44 | 000,000,000 | RHSD | C] -- C:\Office Activation Technologies
[2013/12/11 16.09.53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/12/11 16.07.28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/12/11 16.06.19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/12/11 16.02.48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/12/11 16.00.58 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/12/11 15.13.21 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 15.13.16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 15.13.14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 15.13.04 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 15.13.04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/10 17.02.50 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\CyberLink
[2013/12/10 17.01.41 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\CyberLink
[2013/12/08 19.03.22 | 000,000,000 | R--D | C] -- C:\Users\Antonio\Dropbox
[2013/12/08 18.59.50 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/12/08 18.57.08 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Dropbox
[2013/12/06 18.32.28 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\CrashDumps
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2014/02/03 09.32.39 | 000,019,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09.32.39 | 000,019,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09.30.00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/03 09.27.42 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/03 09.25.59 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/03 09.25.40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/03 09.25.33 | 2390,011,904 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/03 09.21.00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4189783946-3169874088-3640021387-1000UA.job
[2014/02/03 09.21.00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4189783946-3169874088-3640021387-1000Core.job
[2014/02/03 09.20.01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Desktop\OTL.exe
[2014/02/03 09.18.00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/02 20.23.38 | 001,166,132 | ---- | M] () -- C:\Users\Antonio\Desktop\adwcleaner.exe
[2014/02/02 19.01.07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2014/02/02 09.13.16 | 000,742,690 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/02/02 09.13.16 | 000,655,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/02 09.13.16 | 000,148,210 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/02/02 09.13.16 | 000,122,888 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/23 15.14.38 | 000,001,005 | ---- | M] () -- C:\Users\Antonio\Desktop\qBittorrent.lnk
[2014/01/16 18.54.16 | 000,001,053 | ---- | M] () -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/15 20.51.32 | 000,510,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/10 13.21.36 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2014/01/10 13.21.36 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/21 20.24.23 | 000,077,453 | ---- | M] () -- C:\Users\Antonio\Desktop\airone.pdf
[2013/12/18 21.10.01 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/12/18 21.04.13 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/12/18 21.04.09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/12/18 21.03.46 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/12/14 20.31.30 | 000,001,876 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/12/14 14.54.17 | 000,001,092 | ---- | M] () -- C:\Users\Antonio\Desktop\FILEminimizer Pictures.lnk
[2013/12/12 13.52.56 | 000,001,148 | ---- | M] () -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk
[2013/12/11 17.19.42 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 17.19.42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/10 17.24.58 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/03 09.20.28 | 001,166,132 | ---- | C] () -- C:\Users\Antonio\Desktop\adwcleaner.exe
[2014/01/10 13.21.36 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2014/01/10 13.21.36 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/21 20.24.23 | 000,077,453 | ---- | C] () -- C:\Users\Antonio\Desktop\airone.pdf
[2013/12/14 14.54.17 | 000,001,092 | ---- | C] () -- C:\Users\Antonio\Desktop\FILEminimizer Pictures.lnk
[2013/12/11 16.33.40 | 000,001,148 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk
[2013/12/11 16.16.40 | 000,000,940 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LoaderByPaky89.lnk
[2013/12/08 19.00.16 | 000,001,053 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/12 17.33.43 | 000,000,017 | ---- | C] () -- C:\Users\Antonio\AppData\Local\resmon.resmoncfg
[2013/10/30 12.07.00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/09/24 15.47.04 | 000,000,097 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\WB.CFG
[2013/09/24 15.47.04 | 000,000,005 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\WBPU-TTL.DAT
[2013/09/13 11.46.53 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/09/13 11.46.52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/09/13 11.46.50 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/09/13 11.46.49 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/05/08 16.27.00 | 003,180,264 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/05/08 16.27.00 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/04/13 16.57.37 | 000,017,408 | ---- | C] () -- C:\Windows\System32\Delphimm.dll
[2013/04/08 13.27.47 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/12/06 07.06.40 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/12/05 19.59.16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/05 19.59.16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/05 19.59.16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/05 19.59.16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/05 19.59.16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/15 18.33.21 | 000,022,328 | ---- | C] () -- C:\Users\Antonio\AppData\Roaming\PnkBstrK.sys
[2010/02/04 19.16.05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2013/07/11 09.21.38 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB15643$\982255511\L
[2013/07/14 15.14.18 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB15643$\982255511\U
[2013/07/14 14.20.46 | 000,000,804 | ---- | M] () -- C:\Windows\$NtUninstallKB15643$\982255511\L\00000004.@
[2009/07/14 05.42.31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02.55.59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13.19.02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02.16.17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/11 14.51.51 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Auslogics
[2013/11/10 23.08.05 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Autodesk
[2013/07/14 17.24.40 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\AVG2013
[2014/01/01 18.58.47 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\DAEMON Tools Lite
[2010/11/09 21.45.53 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\DassaultSystemes
[2014/02/03 09.27.15 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Dropbox
[2010/11/19 15.41.19 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\DWGeditor
[2011/04/03 11.04.13 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\EPSON
[2013/12/14 15.58.19 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\FILEminimizerPictures
[2010/03/18 22.40.19 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Foxit Software
[2010/01/30 16.51.12 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\GARMIN
[2013/05/17 12.49.52 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\HoolappForAndroid
[2010/11/20 16.40.00 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\IM
[2013/11/06 15.43.35 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\IObit
[2010/11/13 12.33.08 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Luxology
[2012/06/10 13.10.10 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\MechCAD
[2012/11/24 15.10.12 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\MediaPlayerPackages
[2014/01/21 21.48.32 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\MPC-HC
[2013/12/11 16.50.51 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Prodiance
[2013/10/23 12.31.05 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\qBittorrent
[2010/11/16 21.30.44 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\RegGenie
[2011/09/15 17.58.27 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Samsung
[2013/11/12 16.32.15 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\TeamViewer
[2011/09/03 14.56.26 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\TomTom
[2012/12/11 20.32.01 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\TuneUp Software
[2011/10/22 15.24.44 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Uniblue
[2010/01/15 01.13.03 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Unigraphics Solutions
[2013/12/14 21.15.14 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\uTorrent
[2013/01/10 18.42.39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 18.42.39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

OTL Extras logfile created on: 03/02/2014 9.32.20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antonio\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.13% Memory free
5.93 Gb Paging File | 3.99 Gb Available in Paging File | 67.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.17 Gb Total Space | 188.72 Gb Free Space | 41.64% Space Free | Partition Type: NTFS

Computer Name: PC-ANTONIO | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Supporto presentazione VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Impostazioni di Programma di monitoraggio contenuto VAIO
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28F68316-B8F1-4E05-BADF-42DBECB40F0E}" = Iminent
"{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
"{32df31d2-9751-425f-ab51-eec25cf7296a}" = Sky Go Player
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40C8A86F-2C04-41AB-BBB9-BFFA038583D6}" = Athena ASEDrive 4.0.0.5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Supporto applicazioni Apple
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A079056-B42D-49C2-903C-8DC125E2BC32}" = Windows Live Movie Maker
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F5867F0-2D23-4338-A206-01A76C823924}" = Gestione alimentazione VAIO
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6317BB68-0331-355B-864F-A92A26952B22}" = Microsoft .NET Framework 4.5.1 (ITA)
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6E2A97A8-BE16-4289-A084-E04CEA716F31}" = VAIO Edit Components
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Software Intel(R) PROSet/Wireless WiFi
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = Impostazioni funzioni originali VAIO
"{81FAD5EA-19B2-4A06-89EC-D65CD23AAD55}" = AVG 2013
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADC6E57-8B8F-4E92-9E43-606E4D4FBFE9}" = AVG 2013
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{104FA3E1-5B17-45BC-B9F1-6AFAD925707D}" =
"{90150000-0015-0410-0000-0000000FF1CE}" = Microsoft Access MUI (Italian) 2013
"{90150000-0016-0410-0000-0000000FF1CE}" = Microsoft Excel MUI (Italian) 2013
"{90150000-0018-0410-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Italian) 2013
"{90150000-0019-0410-0000-0000000FF1CE}" = Microsoft Publisher MUI (Italian) 2013
"{90150000-001A-0410-0000-0000000FF1CE}" = Microsoft Outlook MUI (Italian) 2013
"{90150000-001B-0410-0000-0000000FF1CE}" = Microsoft Word MUI (Italian) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2013
"{90150000-0044-0410-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Italian) 2013
"{90150000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2013
"{90150000-0090-0410-0000-0000000FF1CE}" = Microsoft DCF MUI (Italian) 2013
"{90150000-00A1-0410-0000-0000000FF1CE}" = Microsoft OneNote MUI (Italian) 2013
"{90150000-00BA-0410-0000-0000000FF1CE}" = Microsoft Groove MUI (Italian) 2013
"{90150000-00E1-0410-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Italian) 2013
"{90150000-00E2-0410-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Italian) 2013
"{90150000-012B-0410-0000-0000000FF1CE}" = Microsoft Lync MUI (Italian) 2013
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5.1 (Italiano)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B802669-7722-4F83-8054-930832188033}" = Raccolta foto di Windows Live
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FE75E68-96A2-48F3-90AB-34E6B8C9989D}" = Microsoft Mouse and Keyboard Center
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A56C6348-59D0-433B-A48A-75914858664E}" = Snagit 11
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Italiano
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.GuardService" = NVIDIA Guard Service 1.3
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{BCCB055C-7F64-4B13-90F5-078DE693EE00}" = OGA Notifier 1.7.0105.35.0
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC185D10-5C0E-40C3-91F2-63314BB365AF}" = Solid Edge ST2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}" = WinZip 18.0
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.30 Update
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"22C6897693A7A4BDA23704AE21630E7D3169C6DB" = Pacchetto driver Windows - Marvell (yukonw7) Net (01/08/2013 12.10.14.3)
"ADD23BB4846CE97156B46B74EA84848F347B09FE" = Pacchetto driver Windows - Intel (NETwNs32) net (02/20/2012 15.1.0.18)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"aTube Catcher" = aTube Catcher
"AVG" = AVG 2013
"Bit4Id - CSP e PKCS#11 per la CRS Lombardia" = Bit4Id - PdL Cittadino per la CRS di Regione Lombardia - 1.2.13
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2014-01-17
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"dt icon module" =
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Guida utente" = EPSON Stylus SX200_SX400_TX200_TX400 Manuale
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"HDvid Codec V6.0" = HDvid Codec V6.0
"HitmanPro37" = HitmanPro 3.7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"MarketingTools" = VAIO Marketing Tools
"Marvell Miniport Driver" = Marvell Miniport Driver
"MFU Module" =
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 24.0 (x86 it)" = Mozilla Firefox 24.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"qbittorrent" = qBittorrent 3.1.5
"Revo Uninstaller" = Revo Uninstaller 1.95
"ST5UNST #1" = Zadi
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 9" = TeamViewer 9
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Media Player Packages" = Media Player Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/02/2014 2.45.40 | Computer Name = PC-Antonio | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 03/02/2014 2.45.42 | Computer Name = PC-Antonio | Source = VzCdbSvc | ID = 7
Description = Impossibile caricare il modulo di plug-in. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Codice
errore = 0x80042019)

Error - 03/02/2014 2.47.45 | Computer Name = PC-Antonio | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: daemonu.exe, versione:
2.0.2.414, timestamp: 0x4c6fd2bd Nome del modulo che ha generato l'errore: daemonu.exe,
versione: 2.0.2.414, timestamp: 0x4c6fd2bd Codice eccezione: 0xc000000d Offset errore
0x00047f51 ID processo che ha generato l'errore: 0x1a8c Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cf20abd6737ed8 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Percorso
del modulo che ha generato l'errore: C:\Program Files\NVIDIA Corporation\NVIDIA
Updatus\daemonu.exe ID segnalazione: 15b4b3a7-8c9f-11e3-b1d7-002433742c0f

Error - 03/02/2014 3.17.59 | Computer Name = PC-Antonio | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Impossibile
trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 03/02/2014 3.17.59 | Computer Name = PC-Antonio | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Impossibile
trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 03/02/2014 4.26.54 | Computer Name = PC-Antonio | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2014 4.26.57 | Computer Name = PC-Antonio | Source = VzCdbSvc | ID = 7
Description = Impossibile caricare il modulo di plug-in. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Codice
errore = 0x80042019)

Error - 03/02/2014 4.26.58 | Computer Name = PC-Antonio | Source = VzCdbSvc | ID = 7
Description = Impossibile caricare il modulo di plug-in. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Codice
errore = 0x80042019)

Error - 03/02/2014 4.27.27 | Computer Name = PC-Antonio | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 03/02/2014 4.29.02 | Computer Name = PC-Antonio | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: daemonu.exe, versione:
2.0.2.414, timestamp: 0x4c6fd2bd Nome del modulo che ha generato l'errore: daemonu.exe,
versione: 2.0.2.414, timestamp: 0x4c6fd2bd Codice eccezione: 0xc000000d Offset errore
0x00047f51 ID processo che ha generato l'errore: 0x1c48 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cf20b9fa94b820 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Percorso
del modulo che ha generato l'errore: C:\Program Files\NVIDIA Corporation\NVIDIA
Updatus\daemonu.exe ID segnalazione: 3bbb85a6-8cad-11e3-b27a-001dbaf033d2

[ Spybot - Search and Destroy Events ]
Error - 01/11/2013 5.58.27 | Computer Name = PC-Antonio | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 02/02/2014 16.29.11 | Computer Name = PC-Antonio | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 03/02/2014 4.25.56 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7000
Description = Il servizio Intel(R) Matrix Storage Event Monitor non è stato avviato
per il seguente errore: %%3

Error - 03/02/2014 4.25.56 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7003
Description = Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende
dal servizio BFE, che potrebbe non essere installato.

Error - 03/02/2014 4.25.56 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 03/02/2014 4.25.59 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7003
Description = Il servizio Agente criteri IPsec dipende dal servizio BFE, che potrebbe
non essere installato.

Error - 03/02/2014 4.26.00 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7003
Description = Il servizio Spybot-S&D 2 Security Center Service dipende dal servizio
wscsvc, che potrebbe non essere installato.

Error - 03/02/2014 4.26.41 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio VAIO Power Management.

Error - 03/02/2014 4.26.41 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7000
Description = Il servizio VAIO Power Management non è stato avviato per il seguente
errore: %%1053

Error - 03/02/2014 4.27.25 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 03/02/2014 4.27.25 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7001
Description = Il servizio Provider Gruppo Home dipende dal servizio Pubblicazione
risorse per individuazione che non è stato avviato per il seguente errore: %%-2147024891

Error - 03/02/2014 4.29.03 | Computer Name = PC-Antonio | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio NVIDIA Update Service Daemon. Questo
evento si è già verificato 1 volta(e).

< End of report >

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 10:01:47 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

antomasi devi eseguire prima adwcleaner e dopo otl. leggi il mio post

Torna in alto

antomasi

Inviato: Monday, February 03, 2014 10:21:45 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

ma ho fatto proprio cosi, prima ho lanciato adwcleaner e poi otl.
ti posto anche quello di adwcleaner

# AdwCleaner v3.018 - Report created 03/02/2014 at 09:23:47
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Antonio - PC-ANTONIO
# Running from : C:\Users\Antonio\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v24.0 (it)

[ File : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\8nmspgfq.default\prefs.js ]

[ File : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [2937 octets] - [14/12/2013 20:58:31]
AdwCleaner[R2].txt - [1192 octets] - [14/12/2013 21:06:51]
AdwCleaner[R3].txt - [14682 octets] - [03/01/2014 15:34:20]
AdwCleaner[R4].txt - [3653 octets] - [02/02/2014 20:23:59]
AdwCleaner[R5].txt - [1493 octets] - [03/02/2014 09:21:54]
AdwCleaner[S1].txt - [2713 octets] - [14/12/2013 21:01:06]
AdwCleaner[S2].txt - [14958 octets] - [03/01/2014 15:36:02]
AdwCleaner[S3].txt - [3698 octets] - [02/02/2014 20:27:47]
AdwCleaner[S4].txt - [1414 octets] - [03/02/2014 09:23:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1474 octets] ##########

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 10:27:25 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

non vedendo quello di adwcleaner pensavo che non avevi fatto la scansione

il pc lo vedi rallentato? hai un'infezione da rootkit, dammi il tempo di prepararti le eliminazioni da fare

Torna in alto

antomasi

Inviato: Monday, February 03, 2014 10:34:24 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

ciao shapiro
non ti avevo inviato il file perché non me lo avevi indicato e pensavo non servisse, comunque si il computer è rallentato anche se di poco.
rimango in attesa e ti ringrazio

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 11:04:43 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

apri otl e copia questo codice nello spazio bianco

Code:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.awesomehp.com/web/?type=ds&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
FF - prefs.js..browser.search.defaultenginename: "awesomehp"
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\Gestore installazioni SolidWorks\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
[2013/07/11 09.21.38 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB15643$\982255511\L
[2013/07/14 15.14.18 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB15643$\982255511\U
[2013/07/14 14.20.46 | 000,000,804 | ---- | M] () -- C:\Windows\$NtUninstallKB15643$\982255511\L\00000004.@
[2009/07/14 05.42.31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

:Files
ipconfig /flushdns /c

:commands
[purity]
[purity]
[emptytemp]
[RESETHOSTS]
[Reboot]

premi RUN FIX e allega il log che otterrai a fine scansione

controlla questa cartella

C:\Windows\System32\.crusader

fai anche questa scansione

Scarica RougeKiller sul desktop.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita le pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, troverai il log sul desktop.
Postalo qui.

Torna in alto

antomasi

Inviato: Monday, February 03, 2014 11:36:59 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

ti allego log otl
ho verificato sotto C:\Windows\System32\ esiste un file .crusander di 2 Kb (che non si apre)
infine ti allego il log di roguekiller

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4189783946-3169874088-3640021387-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Prefs.js: "awesomehp" removed from browser.search.defaultenginename
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SolidWorks_CheckForUpdates deleted successfully.
C:\Programmi\Common Files\Gestore installazioni SolidWorks\Scheduler\sldIMScheduler.exe moved successfully.
C:\Windows\$NtUninstallKB15643$\982255511\L folder moved successfully.
C:\Windows\$NtUninstallKB15643$\982255511\U folder moved successfully.
File C:\Windows\$NtUninstallKB15643$\982255511\L\00000004.@ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Antonio\Desktop\cmd.bat deleted successfully.
C:\Users\Antonio\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antonio
->Temp folder emptied: 2367278 bytes
->Temporary Internet Files folder emptied: 54918946 bytes
->Java cache emptied: 21341038 bytes
->FireFox cache emptied: 17052856 bytes
->Google Chrome cache emptied: 393685270 bytes
->Flash cache emptied: 523 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: wangzhisong

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5242095 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80202522 bytes
RecycleBin emptied: 6682399824 bytes

Total Files Cleaned = 6.921.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02032014_111253

Files\Folders moved on Reboot...
C:\Users\Antonio\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Antonio [Admin rights]
Mode : Scan -- Date : 02/03/2014 11:30:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe [7] -> Chiuso [TermProc]
[SUSP PATH] NDSPCShowServer.exe -- C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe [7] -> Chiuso [TermThr]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [7]) -> Trovato
[RUN][SUSP PATH] HKUS\S-1-5-21-4189783946-3169874088-3640021387-1000\[...]\Run : PCShowServer ("C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [7]) -> Trovato
[DNS][PUM] HKLM\[...]\CCSet\[...]\{2209015C-F5B2-4062-9C24-2AC33D8882BD} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[DNS][PUM] HKLM\[...]\CS001\[...]\{2209015C-F5B2-4062-9C24-2AC33D8882BD} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[DNS][PUM] HKLM\[...]\CS002\[...]\{2209015C-F5B2-4062-9C24-2AC33D8882BD} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Le attività pianificate : 4 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Trovato
[V2][SUSP PATH] Hoolapp For Android : C:\Users\Antonio\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> Trovato
[V2][SUSP PATH] Hoolapp Init : C:\Users\Antonio\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> Trovato
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Trovato

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)
[Inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)
[Inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)
[Inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)
[Inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)
[Inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)
[Inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)
[Inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)
[Inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)
[Inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)
[Inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)
[Inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)
[Inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)
[Inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)
[Inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)
[Inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)
[Inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x70C9C911)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125D5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)
[Inline] EAT @explorer.exe (@Aspbehavior@TRulerBehavior@) : vclie150.bpl -> HOOKED (Unknown @ 0x70A59DD1)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLFieldSetElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861024)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLLegendElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861044)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLTableSection) : vclie150.bpl -> HOOKED (Unknown @ 0x05860D43)
[Inline] EAT @explorer.exe (@Mshtml@IID_IHTMLControlElement) : vclie150.bpl -> HOOKED (Unknown @ 0x0585FD25)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA TOSHIBA MK5055GS SCSI Disk Device +++++
--- User ---
[MBR] 4d199cdd800d46bbead1f5697a1b47c9
[BSP] 93f865c41b0df455656f366b82f4643f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12896 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26413056 | Size: 464042 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02032014_113021.txt >>

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 12:05:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

se non conosci parenti o amici nelle Filippine

Start\ pannello di controllo\ connessioni di rete
clicca con il tasto destro del mouse sulla tua connessione.
seleziona proprietà.
doppio click su "Protocollo Internet(TCP/IP)
metti la spunta a "ottieni indirizzo server DNS automaticamente".
Clicca OK.
Riavvia il pc.

Scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

dimmi se riscontri qualche miglioramento

Torna in alto

antomasi

Inviato: Monday, February 03, 2014 7:17:26 PM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

quando apro il browser continua a uscirmi awesomehp........................non è cambiato niente
ti posto il log di malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2014.02.02.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Antonio :: PC-ANTONIO [amministratore]

03/02/2014 13.40.11
mbam-log-2014-02-03 (13-40-11).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 461350
Tempo impiegato: 4 ore, 18 minuti, 58 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 30
C:\Program Files\Microsoft Office\AcT\ActOfficeByPaky89.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (Malware.Gen.SKR) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 (PUP.Optional.Somoto) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\UniLoaderByPaky89.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Loader7\Install7.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Loader7\Uninstall7.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Loader8\Install8.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Loader8\Uninstall8.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderVista\InstallVista.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderVista\UninstallVista.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderXP\InstallXP.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderXP\UninstallXP.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderXP\AMD64\antiwpa.dll (PUP.Wpakill) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderXP\IA64\antiwpa.dll (PUP.Wpakill) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\LoaderXP\X86\antiwpa.dll (PUP.Wpakill) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Office2010\OfficeAcT.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Office2010\OfficeUni.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Office2013\OfficeAcT.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\ActWin8Serv2012\Office2013\OfficeUni.exe (Spyware.Banker) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files\BrowseSmart\BrowseSmartBHO.dll.vir (PUP.Optional.BrowseSmart.A) -> Spostato in quarantena ed eliminato con successo.
C:\AdwCleaner\Quarantine\C\Program Files\BrowseSmart\updateBrowseSmart.exe.vir (PUP.Optional.BrowseSmart.A) -> Spostato in quarantena ed eliminato con successo.

(fine)

Torna in alto

shapiro

Inviato: Monday, February 03, 2014 8:11:47 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

da start/tutti i programmi vai sui collegamenti dei tuoi browser, tasto destro del mouse e scegli proprieta', fai copia incolla di quello che vedi scritto in destinazione, uno ad uno

Torna in alto

antomasi

Inviato: Tuesday, February 04, 2014 10:39:53 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.awesomehp.com/?type=sc&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T
C:\Users\Antonio\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Program Files\Internet Explorer\iexplore.exe"

il famoso awesomehp sembra essere solo su mozzilla, eppure quando apro google e explorer mi trovo la stessa pagina.

Torna in alto

shapiro

Inviato: Tuesday, February 04, 2014 10:45:27 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Commenta:

l famoso awesomehp sembra essere solo su mozzilla, eppure quando apro google e explorer mi trovo la stessa pagina.

certo, adesso lo togliamo...vai nuovamente col tasto destro del mouse sul collegamento di mozilla e scegli proprieta', in destinazione devi cancellare TUTTA la parte in rosso, deve rimanere solo quella in grassetto

"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.awesomehp.com/?type=sc&ts=1391361178&from=ild&uid=TOSHIBAXMK5055GSX_59HST0H1TXX59HST0H1T

Torna in alto

antomasi

Inviato: Tuesday, February 04, 2014 10:56:25 AM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

fatto!!!!
tutto ok, sono andato a correggere anche le icone sulla barra di windows in basso allo schermo, perché anche il quei collegamenti ho trovato quel maledetto link.
è stata dura ma alla fine ottimo lavoro
grazie ancora
ciao, alla prossima (spero di no) ahahahaha

Torna in alto

shapiro

Inviato: Tuesday, February 04, 2014 10:57:20 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

aspetta non abbiamo finito

Riesegui RougeKiller e quando termina la scansione metti la spunta solo a queste voci, toglila dalle altre

[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Trovato
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Trovato

clicca DELETE e posta il log

Torna in alto

antomasi

Inviato: Tuesday, February 04, 2014 6:39:18 PM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

ti posto il log

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Antonio [Admin rights]
Mode : Remove -- Date : 02/04/2014 18:38:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [7]) -> NON SELEZIONATO
[RUN][SUSP PATH] HKUS\S-1-5-21-4189783946-3169874088-3640021387-1000\[...]\Run : PCShowServer ("C:\Users\Antonio\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [7]) -> NON SELEZIONATO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NON SELEZIONATO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NON SELEZIONATO

¤¤¤ Le attività pianificate : 4 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Cancellato
[V2][SUSP PATH] Hoolapp For Android : C:\Users\Antonio\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> NON SELEZIONATO
[V2][SUSP PATH] Hoolapp Init : C:\Users\Antonio\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> NON SELEZIONATO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> Cancellato

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)
[Inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)
[Inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)
[Inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)
[Inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)
[Inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)
[Inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)
[Inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)
[Inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)
[Inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)
[Inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)
[Inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)
[Inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)
[Inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)
[Inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)
[Inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)
[Inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)
[Inline] EAT @explorer.exe (@Aspbehavior@TRulerBehavior@) : vclie150.bpl -> HOOKED (Unknown @ 0x70A59DD1)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLFieldSetElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861024)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLLegendElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861044)
[Inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLTableSection) : vclie150.bpl -> HOOKED (Unknown @ 0x05860D43)
[Inline] EAT @explorer.exe (@Mshtml@IID_IHTMLControlElement) : vclie150.bpl -> HOOKED (Unknown @ 0x0585FD25)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA TOSHIBA MK5055GS SCSI Disk Device +++++
--- User ---
[MBR] 4d199cdd800d46bbead1f5697a1b47c9
[BSP] 93f865c41b0df455656f366b82f4643f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12896 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26413056 | Size: 464042 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02042014_183804.txt >>
RKreport[0]_S_02032014_113021.txt;RKreport[0]_S_02042014_183306.txt

Torna in alto

shapiro

Inviato: Wednesday, February 05, 2014 9:27:20 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

fai come ti ho consigliato, quei dns non mi piacciono

Code:

Start\ pannello di controllo\ connessioni di rete
clicca con il tasto destro del mouse sulla tua connessione.
seleziona proprietà.
doppio click su "Protocollo Internet(TCP/IP)
metti la spunta a "ottieni indirizzo server DNS automaticamente".
Clicca OK.
Riavvia il pc.

disattiva il ripristino, riavvia, riattivalo e crea un nuovo punto

apri orl e clicca su cleanup

scarica e installa ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

fammi sapere se e' tutto a posto

Torna in alto

antomasi

Inviato: Wednesday, February 05, 2014 2:24:17 PM

Rank: AiutAmico

Iscritto dal : 3/22/2001
Posts: 48

non ho fatto come mi hai detto perché x spuntare "ottieni indirizzo server DNS automaticamente" devo spuntare anche "ottieni automaticamente un indirizzo ip" che invece adesso ho definito io perché devo gestire le porte di emule avendo un secondo computer in casa. quindi ho dato due indirizzi ip fissi ai due computer.
I server dns li ho modificati inserendoci i valori di google 8.8.8.8 e 8.8.4.4 (cosi ho letto da qualche parte) che sono liberi da protezioni dei vari server.

Vorrei che tu mi aiutassi a capire quali sono i rischi che corro se lascio le cose cosi.
Inoltre non l'ho mai fatto e quindi non so come disattivare il ripristino e poi riattivarlo creando un nuovo punto, quando riavvio

Torna in alto

Utenti presenti in questo topic

Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » awesomehp

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded