Vi andrebbe di aiutarmi con questi log?

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Ciao a tutti :)

Sto ripulendo, come faccio periodicamente, il pc di famiglia, perché ha raggiunto livelli di lentezza, di andare scatti, e di lentezza d'avvio esasperanti. Inoltre chrome, quando lo riduco a icona e lo riporto su, per un po' rimane completamente nero, su qualsiasi sito sia. Inoltre, come alcune altre applicazioni, ogni tanto va a scatti

(il pc è un HP, windows 7 64 bit, 8gb di ram, i7 di seconda generazione quad core)

Ovviamente, dato che il pc praticamente non è protetto se non da microsoft security essential e adblock + WOT, qualche infezione c'era (e forse c'è ancora)

Vi allego i log di combofix, adwcleaner, GMER e Hijackthis

Vi andrebbe di spendere un po' del vostro tempo per aiutarmi a interpretarli?

Il pc va già meglio rispetto a prima; rimane però la scattosità ogni tanto di chrome e qualche altra applicazione (tipo ccleaner), e quando riduco chrome e lo riporto su per un attimo rimane nero. Però c'è da dire che devo ancora fare la pulitura disco e la deframmentazione, quindi magari facendole il pc andrebbe poi molto meglio
ComboFix 14-08-31.01 - 1 04/09/2014 11:41:28.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8175.5856 [GMT 2:00]
Eseguito da: c:\users\1\Documents\Pupulizia\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\search-metadata.json
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-04 al 2014-09-04 )))))))))))))))))))))))))))))))))))
.
.
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Softpedia\AppData\Local\temp
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-04 09:33 . 2014-09-04 09:33 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43026EA3-6588-478E-8385-69342BC5907D}\offreg.dll
2014-09-04 09:14 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43026EA3-6588-478E-8385-69342BC5907D}\mpengine.dll
2014-09-02 18:54 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-31 12:31 . 2014-08-31 12:38 18048 ----a-w- c:\windows\SysWow64\drivers\lirsgt.sys
2014-08-31 09:41 . 2014-08-31 10:00 -------- d-----w- c:\program files (x86)\Atari
2014-08-29 08:50 . 2014-08-19 19:14 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35CE2ED7-9B01-41BE-A25D-DB27F9C630A5}\gapaengine.dll
2014-08-28 13:35 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 13:35 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 13:35 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 17:11 . 2014-08-27 17:11 -------- d-----w- c:\users\1\AppData\Local\SWR-Productions
2014-08-27 16:57 . 2014-08-27 16:59 -------- d-----w- c:\program files (x86)\C&C Rise of the Reds
2014-08-26 13:29 . 2014-08-26 13:29 -------- d-----w- c:\program files (x86)\DVDlabPro2
2014-08-20 07:56 . 2014-08-20 08:04 -------- d-----w- c:\program files (x86)\Tzar-Excalibur e il Re Artù
2014-08-20 07:56 . 2014-08-20 07:57 -------- d--h--w- c:\program files (x86)\FX Uninstall Information
2014-08-18 21:21 . 2014-08-18 21:21 -------- d-----w- C:\NVIDIA
2014-08-15 08:03 . 2014-08-15 08:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-13 15:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 15:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 15:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 15:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 15:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 15:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 15:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 15:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 08:19 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 08:19 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 08:19 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 08:14 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 08:14 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 08:14 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 08:14 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 08:14 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 08:14 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 08:14 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 08:14 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 08:14 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 08:14 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 08:13 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 08:09 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 08:09 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 08:09 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 08:09 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-04 09:37 . 2014-07-01 09:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-30 16:04 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 19:14 . 2011-05-20 10:45 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-13 15:35 . 2011-05-04 10:24 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-12 10:18 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-12-27 20:48 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-12 10:18 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-12-27 20:48 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-09 17:01 . 2012-04-24 09:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 17:01 . 2011-05-19 16:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:01 . 2014-07-09 17:01 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 21:29 . 2014-07-31 11:51 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-07-02 21:29 . 2014-07-31 11:51 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-07-02 21:29 . 2014-07-31 11:51 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-07-02 20:48 . 2014-07-31 11:53 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-07-31 11:53 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-07-31 11:51 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-07-31 11:51 944928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-31 11:51 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-31 11:51 903624 ----a-w- c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-07-31 11:51 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-31 11:51 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-07-31 11:51 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 11:51 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 11:51 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-07-31 11:51 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-07-31 11:51 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-31 11:51 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-07-31 11:51 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-07-31 11:51 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-31 11:51 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 11:51 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-31 11:51 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-07-31 11:51 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-07-31 11:51 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-07-31 11:51 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-07-31 11:51 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-31 11:51 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 11:51 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-07-31 11:51 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-07-31 11:51 13922752 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 11:51 13835208 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-31 11:51 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-31 11:51 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 11:51 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-07-02 18:55 . 2014-07-31 11:53 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-07-31 11:53 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-07-31 11:53 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-07-31 11:53 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-07-31 11:53 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-07-31 11:53 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-07-31 11:53 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2014-07-31 11:53 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 13:32 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 13:32 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 13:32 624128 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2013-12-05 613384]
"DT HPW"="c:\program files (x86)\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\SysWOW64\ezUPBHook32.dll" [2013-12-09 484936]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:01]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164918541-2585563622-3243002879-1001Core.job
- c:\users\1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:30]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164918541-2585563622-3243002879-1001UA.job
- c:\users\1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:30]
.
2014-08-28 c:\windows\Tasks\HPCeeScheduleFor1-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2014-09-02 c:\windows\Tasks\HPCeeScheduleFor1.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-19 21720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-643D-4270-9D49-7389EA579090}"= "c:\windows\SysWOW64\ezUPBHook64.dll" [2013-12-09 773192]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to AMV Convert Tool... - k:\mp3 player utilities 4.00\AMVConverter\grab.html
IE: Add to AMV Converter... - k:\mp3 player utilities 4.15\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - k:\mp3 player utilities 4.15\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C0B4993F-E010-455C-AA22-AD9B7AA0CD9A}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 566d961900000000000068a3c46cd7e5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15913
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.020:23
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - it
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119982&tsp=4956
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Associazioni dei file -------
.
.scr=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Any Video Converter_is1 - k:\any video converter\unins000.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-GPxPatch - c:\program files\Infogrames\uninst-gpxpatch.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1164918541-2585563622-3243002879-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:55,bf,e7,37,8a,04,79,69,40,e4,a7,39,87,30,e3,1c,80,3b,70,9e,2f,8b,11,
2e,8f,25,81,e2,aa,e0,27,ea,f0,7e,00,65,48,0b,2b,48,9d,e2,12,90,f5,45,80,32,\
"??"=hex:c6,77,a8,f7,52,9a,28,fb,fb,c2,81,b9,a6,54,57,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Ora fine scansione: 2014-09-04 11:59:37
ComboFix-quarantined-files.txt 2014-09-04 09:59
ComboFix2.txt 2013-07-28 09:14
.
Pre-Run: 306.433.568.768 byte disponibili
Post-Run: 308.175.163.392 byte disponibili
.
- - End Of File - - 74511731B38729113C3F8423210ED665
# AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 12:17:41
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : 1 - 1-HP
# In esecuzione da : C:\Users\1\Documents\Pupulizia\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\Users\1\AppData\Local\apn
Cartella Eliminato : C:\Users\1\AppData\Roaming\pdfforge
File Eliminato : C:\Windows\System32\roboot64.exe
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\invalidprefs.js
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\BrowserDefender.xml
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\user.js

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKCU\Software\Conduit
Chiave Eliminati : HKCU\Software\PIP
Chiave Eliminati : HKCU\Software\YahooPartnerToolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminati : HKLM\SOFTWARE\Conduit
Chiave Eliminati : HKLM\SOFTWARE\PIP
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v29.0.1 (it)

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\prefs.js ]

Riga eliminata : user_pref("extensions.delta.admin", false);
Riga eliminata : user_pref("extensions.delta.aflt", "babsst");
Riga eliminata : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Riga eliminata : user_pref("extensions.delta.autoRvrt", "false");
Riga eliminata : user_pref("extensions.delta.dfltLng", "it");
Riga eliminata : user_pref("extensions.delta.excTlbr", false);
Riga eliminata : user_pref("extensions.delta.ffxUnstlRst", true);
Riga eliminata : user_pref("extensions.delta.id", "566d961900000000000068a3c46cd7e5");
Riga eliminata : user_pref("extensions.delta.instlDay", "15913");
Riga eliminata : user_pref("extensions.delta.instlRef", "sst");
Riga eliminata : user_pref("extensions.delta.newTab", false);
Riga eliminata : user_pref("extensions.delta.prdct", "delta");
Riga eliminata : user_pref("extensions.delta.prtnrId", "delta");
Riga eliminata : user_pref("extensions.delta.rvrt", "false");
Riga eliminata : user_pref("extensions.delta.smplGrp", "none");
Riga eliminata : user_pref("extensions.delta.tlbrId", "base");
Riga eliminata : user_pref("extensions.delta.tlbrSrchUrl", "");
Riga eliminata : user_pref("extensions.delta.vrsn", "1.8.22.0");
Riga eliminata : user_pref("extensions.delta.vrsnTs", "1.8.22.020:23:58");
Riga eliminata : user_pref("extensions.delta.vrsni", "1.8.22.0");
Riga eliminata : user_pref("extensions.delta_i.babExt", "");
Riga eliminata : user_pref("extensions.delta_i.babTrack", "affID=119982&tsp=4956");
Riga eliminata : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7419 octets] - [04/09/2014 12:14:39]
AdwCleaner[S0].txt - [6975 octets] - [04/09/2014 12:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7035 octets] ##########
# AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 12:14:39
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : 1 - 1-HP
# In esecuzione da : C:\Users\1\Documents\Pupulizia\AdwCleaner.exe
# Opzione : Scansiona

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\ProgramData\Ask
Cartella Trovato : C:\Users\1\AppData\Local\apn
Cartella Trovato : C:\Users\1\AppData\Roaming\pdfforge
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\invalidprefs.js
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\Askcom.xml
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\BrowserDefender.xml
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\user.js
File Trovato : C:\Windows\System32\roboot64.exe

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Trovati : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Trovati : HKCU\Software\Conduit
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKCU\Software\PIP
Chiave Trovati : HKCU\Software\YahooPartnerToolbar
Chiave Trovati : [x64] HKCU\Software\Conduit
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : [x64] HKCU\Software\PIP
Chiave Trovati : [x64] HKCU\Software\YahooPartnerToolbar
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovati : HKLM\SOFTWARE\Conduit
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\PIP
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Valore Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v29.0.1 (it)

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\prefs.js ]

Trovata riga : user_pref("extensions.delta.admin", false);
Trovata riga : user_pref("extensions.delta.aflt", "babsst");
Trovata riga : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Trovata riga : user_pref("extensions.delta.autoRvrt", "false");
Trovata riga : user_pref("extensions.delta.dfltLng", "it");
Trovata riga : user_pref("extensions.delta.excTlbr", false);
Trovata riga : user_pref("extensions.delta.ffxUnstlRst", true);
Trovata riga : user_pref("extensions.delta.id", "566d961900000000000068a3c46cd7e5");
Trovata riga : user_pref("extensions.delta.instlDay", "15913");
Trovata riga : user_pref("extensions.delta.instlRef", "sst");
Trovata riga : user_pref("extensions.delta.newTab", false);
Trovata riga : user_pref("extensions.delta.prdct", "delta");
Trovata riga : user_pref("extensions.delta.prtnrId", "delta");
Trovata riga : user_pref("extensions.delta.rvrt", "false");
Trovata riga : user_pref("extensions.delta.smplGrp", "none");
Trovata riga : user_pref("extensions.delta.tlbrId", "base");
Trovata riga : user_pref("extensions.delta.tlbrSrchUrl", "");
Trovata riga : user_pref("extensions.delta.vrsn", "1.8.22.0");
Trovata riga : user_pref("extensions.delta.vrsnTs", "1.8.22.020:23:58");
Trovata riga : user_pref("extensions.delta.vrsni", "1.8.22.0");
Trovata riga : user_pref("extensions.delta_i.babExt", "");
Trovata riga : user_pref("extensions.delta_i.babTrack", "affID=119982&tsp=4956");
Trovata riga : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7239 octets] - [04/09/2014 12:14:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7299 octets] ##########
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-05 17:42:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.HP35 931,51GB
Running: 7lekjesl.exe; Driver: C:\Users\1\AppData\Local\Temp\fxldqpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071ea1a22 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071ea1ad0 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071ea1b08 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071ea1bba 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071ea1bda 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3500] entry point in ".rdata" section 00000000706b71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6092:5468] 000007fefbbd2bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6092:4956] 000007fef7a85124

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{810B8B67-6FA1-430A-A3B0-302032924CDD}\Connection@Name isatap.{E6D279DB-2E2A-42B6-A350-4001F333A2B3}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{784D8E09-590F-484E-9D79-97C406EF6285}?\Device\{810B8B67-6FA1-430A-A3B0-302032924CDD}?\Device\{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}?\Device\{620F94B9-4CB2-4B45-A0A6-DD205A41751E}?\Device\{AD3E3291-C506-463F-BD67-220172C4BA2C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{784D8E09-590F-484E-9D79-97C406EF6285}"?"{810B8B67-6FA1-430A-A3B0-302032924CDD}"?"{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}"?"{620F94B9-4CB2-4B45-A0A6-DD205A41751E}"?"{AD3E3291-C506-463F-BD67-220172C4BA2C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{784D8E09-590F-484E-9D79-97C406EF6285}?\Device\TCPIP6TUNNEL_{810B8B67-6FA1-430A-A3B0-302032924CDD}?\Device\TCPIP6TUNNEL_{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}?\Device\TCPIP6TUNNEL_{620F94B9-4CB2-4B45-A0A6-DD205A41751E}?\Device\TCPIP6TUNNEL_{AD3E3291-C506-463F-BD67-220172C4BA2C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@782eef923ece 0x4A 0x57 0x0E 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@942053e2f930 0x11 0x24 0xA9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@3017c87aaf2a 0x46 0x76 0x4F 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@bc4760083e66 0x41 0xF5 0xC5 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@a0759127d9c4 0x36 0x1B 0x44 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@8ce081e6c0ed 0xD7 0x67 0x58 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@045a95f6f1ec 0x08 0x6D 0x05 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@b85e7b0b2422 0x64 0x0E 0xBB 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@ccc3eaa4ad35 0x7E 0x24 0xC0 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{810B8B67-6FA1-430A-A3B0-302032924CDD}@InterfaceName isatap.{E6D279DB-2E2A-42B6-A350-4001F333A2B3}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{810B8B67-6FA1-430A-A3B0-302032924CDD}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@782eef923ece 0x4A 0x57 0x0E 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@942053e2f930 0x11 0x24 0xA9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@3017c87aaf2a 0x46 0x76 0x4F 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@bc4760083e66 0x41 0xF5 0xC5 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@a0759127d9c4 0x36 0x1B 0x44 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@8ce081e6c0ed 0xD7 0x67 0x58 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@045a95f6f1ec 0x08 0x6D 0x05 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@b85e7b0b2422 0x64 0x0E 0xBB 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@ccc3eaa4ad35 0x7E 0x24 0xC0 0x30 ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:53:49, on 05/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
CHROME: 37.0.2062.103
FIREFOX: 29.0.1 (it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\vVX6000.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\Documents\Pupulizia\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-2510 Series"
O8 - Extra context menu item: Add to AMV Convert Tool... - K:\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - K:\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - K:\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B4993F-E010-455C-AA22-AD9B7AA0CD9A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14302 bytes
altre scansioni che ho fatto sono state Avira per i rootkit, Avira scan completo, Hitman pro, CCleaner, e Malwarebytes antimalware scansione veloce

Grazie mille per ogni eventuale aiuto, e buona serata a tutti ;)
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da System » ven set 05, 2014 5:56 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 9599
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

Ho letto velocemente i log (e non molto a fondo), hai linux installato in quel pc?
Nulla di ciò che conta è facile da ottenere

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

No purtroppo non ho linux in quel pc
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 9599
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

L'unica voce brutta è in gmer
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code

Ma è ancora veramente affidabile gmer?????

Fai girare tdskiller e awsmbr di avast e vediamo cosa esce fuori.
Nulla di ciò che conta è facile da ottenere

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Ah, dici che GMER non è più affidabile? Non lo sapevo, è molto che non mi aggiorno

Allora ok Crazy, grazie, appena posso accedere al pc di famiglia faccio girare tdsskiller e awsmbr di avast e faccio sapere i risultati

Ah, le devo attivare le due opzioni di tdsskiller che c'è scritto di attivare nell'articolo di TLI?
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 9599
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

Pct ha scritto:Ah, dici che GMER non è più affidabile?
Non lo so, alcune volte che mi è capitato di usarlo ultimamente mi ha lasciato dei dubbi.
Volevo capire se era capitato ad altri.
Pct ha scritto:Ah, le devo attivare le due opzioni di tdsskiller che c'è scritto di attivare nell'articolo di TLI?
Attivali.
Nulla di ciò che conta è facile da ottenere

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Negli ultimi 2 anni, a parte questa volta, mi è capitato di usare GMER, su questo pc, 2-3 volte: non sono mai riuscito a portare a termine la scansione perché si piantava sempre. Questa è la prima volta di qui a 2 anni che riesco a portare a termine uno scan con GMER xD


Ho fatto lo scan con TDSSKiller: non ha rilevato nulla per fortuna :)
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da System » sab set 06, 2014 6:03 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio