Vi andrebbe di aiutarmi con questi log?

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Ciao a tutti :)

Sto ripulendo, come faccio periodicamente, il pc di famiglia, perché ha raggiunto livelli di lentezza, di andare scatti, e di lentezza d'avvio esasperanti. Inoltre chrome, quando lo riduco a icona e lo riporto su, per un po' rimane completamente nero, su qualsiasi sito sia. Inoltre, come alcune altre applicazioni, ogni tanto va a scatti

(il pc è un HP, windows 7 64 bit, 8gb di ram, i7 di seconda generazione quad core)

Ovviamente, dato che il pc praticamente non è protetto se non da microsoft security essential e adblock + WOT, qualche infezione c'era (e forse c'è ancora)

Vi allego i log di combofix, adwcleaner, GMER e Hijackthis

Vi andrebbe di spendere un po' del vostro tempo per aiutarmi a interpretarli?

Il pc va già meglio rispetto a prima; rimane però la scattosità ogni tanto di chrome e qualche altra applicazione (tipo ccleaner), e quando riduco chrome e lo riporto su per un attimo rimane nero. Però c'è da dire che devo ancora fare la pulitura disco e la deframmentazione, quindi magari facendole il pc andrebbe poi molto meglio
ComboFix 14-08-31.01 - 1 04/09/2014 11:41:28.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8175.5856 [GMT 2:00]
Eseguito da: c:\users\1\Documents\Pupulizia\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\search-metadata.json
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-04 al 2014-09-04 )))))))))))))))))))))))))))))))))))
.
.
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Softpedia\AppData\Local\temp
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-04 09:55 . 2014-09-04 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-04 09:33 . 2014-09-04 09:33 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43026EA3-6588-478E-8385-69342BC5907D}\offreg.dll
2014-09-04 09:14 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43026EA3-6588-478E-8385-69342BC5907D}\mpengine.dll
2014-09-02 18:54 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-31 12:31 . 2014-08-31 12:38 18048 ----a-w- c:\windows\SysWow64\drivers\lirsgt.sys
2014-08-31 09:41 . 2014-08-31 10:00 -------- d-----w- c:\program files (x86)\Atari
2014-08-29 08:50 . 2014-08-19 19:14 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35CE2ED7-9B01-41BE-A25D-DB27F9C630A5}\gapaengine.dll
2014-08-28 13:35 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 13:35 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 13:35 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 17:11 . 2014-08-27 17:11 -------- d-----w- c:\users\1\AppData\Local\SWR-Productions
2014-08-27 16:57 . 2014-08-27 16:59 -------- d-----w- c:\program files (x86)\C&C Rise of the Reds
2014-08-26 13:29 . 2014-08-26 13:29 -------- d-----w- c:\program files (x86)\DVDlabPro2
2014-08-20 07:56 . 2014-08-20 08:04 -------- d-----w- c:\program files (x86)\Tzar-Excalibur e il Re Artù
2014-08-20 07:56 . 2014-08-20 07:57 -------- d--h--w- c:\program files (x86)\FX Uninstall Information
2014-08-18 21:21 . 2014-08-18 21:21 -------- d-----w- C:\NVIDIA
2014-08-15 08:03 . 2014-08-15 08:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-13 15:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 15:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 15:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 15:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 15:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 15:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 15:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 15:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 08:19 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 08:19 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 08:19 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 08:19 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 08:14 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 08:14 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 08:14 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 08:14 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 08:14 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 08:14 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 08:14 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 08:14 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 08:14 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 08:14 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 08:13 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 08:09 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 08:09 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 08:09 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 08:09 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-04 09:37 . 2014-07-01 09:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-30 16:04 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 19:14 . 2011-05-20 10:45 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-13 15:35 . 2011-05-04 10:24 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-12 10:18 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-12-27 20:48 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-12 10:18 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-12-27 20:48 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-09 17:01 . 2012-04-24 09:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 17:01 . 2011-05-19 16:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 17:01 . 2014-07-09 17:01 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 21:29 . 2014-07-31 11:51 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-07-02 21:29 . 2014-07-31 11:51 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-07-02 21:29 . 2014-07-31 11:51 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-07-02 20:48 . 2014-07-31 11:53 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-07-31 11:53 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-07-31 11:51 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-07-31 11:51 944928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-31 11:51 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-31 11:51 903624 ----a-w- c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-07-31 11:51 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-31 11:51 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-07-31 11:51 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 11:51 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 11:51 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-07-31 11:51 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-07-31 11:51 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-31 11:51 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-07-31 11:51 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-07-31 11:51 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-31 11:51 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 11:51 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-31 11:51 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-07-31 11:51 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-07-31 11:51 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-07-31 11:51 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-07-31 11:51 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-31 11:51 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 11:51 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-07-31 11:51 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-07-31 11:51 13922752 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 11:51 13835208 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-31 11:51 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-31 11:51 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 11:51 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-07-02 18:55 . 2014-07-31 11:53 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-07-31 11:53 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-07-31 11:53 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-07-31 11:53 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-07-31 11:53 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-07-31 11:53 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-07-31 11:53 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2014-07-31 11:53 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 13:32 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 13:32 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 13:32 624128 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2013-12-05 613384]
"DT HPW"="c:\program files (x86)\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\SysWOW64\ezUPBHook32.dll" [2013-12-09 484936]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:01]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164918541-2585563622-3243002879-1001Core.job
- c:\users\1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:30]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164918541-2585563622-3243002879-1001UA.job
- c:\users\1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:30]
.
2014-08-28 c:\windows\Tasks\HPCeeScheduleFor1-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2014-09-02 c:\windows\Tasks\HPCeeScheduleFor1.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-19 21720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-643D-4270-9D49-7389EA579090}"= "c:\windows\SysWOW64\ezUPBHook64.dll" [2013-12-09 773192]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to AMV Convert Tool... - k:\mp3 player utilities 4.00\AMVConverter\grab.html
IE: Add to AMV Converter... - k:\mp3 player utilities 4.15\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - k:\mp3 player utilities 4.15\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C0B4993F-E010-455C-AA22-AD9B7AA0CD9A}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 566d961900000000000068a3c46cd7e5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15913
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.020:23
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - it
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119982&tsp=4956
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- Associazioni dei file -------
.
.scr=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Any Video Converter_is1 - k:\any video converter\unins000.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-GPxPatch - c:\program files\Infogrames\uninst-gpxpatch.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1164918541-2585563622-3243002879-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:55,bf,e7,37,8a,04,79,69,40,e4,a7,39,87,30,e3,1c,80,3b,70,9e,2f,8b,11,
2e,8f,25,81,e2,aa,e0,27,ea,f0,7e,00,65,48,0b,2b,48,9d,e2,12,90,f5,45,80,32,\
"??"=hex:c6,77,a8,f7,52,9a,28,fb,fb,c2,81,b9,a6,54,57,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&18fe0d5c&0&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&0&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A6\5&18fe0d5c&1&UID1048833\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Ora fine scansione: 2014-09-04 11:59:37
ComboFix-quarantined-files.txt 2014-09-04 09:59
ComboFix2.txt 2013-07-28 09:14
.
Pre-Run: 306.433.568.768 byte disponibili
Post-Run: 308.175.163.392 byte disponibili
.
- - End Of File - - 74511731B38729113C3F8423210ED665
# AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 12:17:41
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : 1 - 1-HP
# In esecuzione da : C:\Users\1\Documents\Pupulizia\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\Users\1\AppData\Local\apn
Cartella Eliminato : C:\Users\1\AppData\Roaming\pdfforge
File Eliminato : C:\Windows\System32\roboot64.exe
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\invalidprefs.js
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\BrowserDefender.xml
File Eliminato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\user.js

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKCU\Software\Conduit
Chiave Eliminati : HKCU\Software\PIP
Chiave Eliminati : HKCU\Software\YahooPartnerToolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminati : HKLM\SOFTWARE\Conduit
Chiave Eliminati : HKLM\SOFTWARE\PIP
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v29.0.1 (it)

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\prefs.js ]

Riga eliminata : user_pref("extensions.delta.admin", false);
Riga eliminata : user_pref("extensions.delta.aflt", "babsst");
Riga eliminata : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Riga eliminata : user_pref("extensions.delta.autoRvrt", "false");
Riga eliminata : user_pref("extensions.delta.dfltLng", "it");
Riga eliminata : user_pref("extensions.delta.excTlbr", false);
Riga eliminata : user_pref("extensions.delta.ffxUnstlRst", true);
Riga eliminata : user_pref("extensions.delta.id", "566d961900000000000068a3c46cd7e5");
Riga eliminata : user_pref("extensions.delta.instlDay", "15913");
Riga eliminata : user_pref("extensions.delta.instlRef", "sst");
Riga eliminata : user_pref("extensions.delta.newTab", false);
Riga eliminata : user_pref("extensions.delta.prdct", "delta");
Riga eliminata : user_pref("extensions.delta.prtnrId", "delta");
Riga eliminata : user_pref("extensions.delta.rvrt", "false");
Riga eliminata : user_pref("extensions.delta.smplGrp", "none");
Riga eliminata : user_pref("extensions.delta.tlbrId", "base");
Riga eliminata : user_pref("extensions.delta.tlbrSrchUrl", "");
Riga eliminata : user_pref("extensions.delta.vrsn", "1.8.22.0");
Riga eliminata : user_pref("extensions.delta.vrsnTs", "1.8.22.020:23:58");
Riga eliminata : user_pref("extensions.delta.vrsni", "1.8.22.0");
Riga eliminata : user_pref("extensions.delta_i.babExt", "");
Riga eliminata : user_pref("extensions.delta_i.babTrack", "affID=119982&tsp=4956");
Riga eliminata : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7419 octets] - [04/09/2014 12:14:39]
AdwCleaner[S0].txt - [6975 octets] - [04/09/2014 12:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7035 octets] ##########
# AdwCleaner v3.309 - Rapporto creato 04/09/2014 in 12:14:39
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : 1 - 1-HP
# In esecuzione da : C:\Users\1\Documents\Pupulizia\AdwCleaner.exe
# Opzione : Scansiona

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\ProgramData\Ask
Cartella Trovato : C:\Users\1\AppData\Local\apn
Cartella Trovato : C:\Users\1\AppData\Roaming\pdfforge
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\invalidprefs.js
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\Askcom.xml
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\searchplugins\BrowserDefender.xml
File Trovato : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\user.js
File Trovato : C:\Windows\System32\roboot64.exe

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Trovati : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Trovati : HKCU\Software\Conduit
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKCU\Software\PIP
Chiave Trovati : HKCU\Software\YahooPartnerToolbar
Chiave Trovati : [x64] HKCU\Software\Conduit
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : [x64] HKCU\Software\PIP
Chiave Trovati : [x64] HKCU\Software\YahooPartnerToolbar
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovati : HKLM\SOFTWARE\Conduit
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\PIP
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Valore Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v29.0.1 (it)

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\n5baibh6.default\prefs.js ]

Trovata riga : user_pref("extensions.delta.admin", false);
Trovata riga : user_pref("extensions.delta.aflt", "babsst");
Trovata riga : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Trovata riga : user_pref("extensions.delta.autoRvrt", "false");
Trovata riga : user_pref("extensions.delta.dfltLng", "it");
Trovata riga : user_pref("extensions.delta.excTlbr", false);
Trovata riga : user_pref("extensions.delta.ffxUnstlRst", true);
Trovata riga : user_pref("extensions.delta.id", "566d961900000000000068a3c46cd7e5");
Trovata riga : user_pref("extensions.delta.instlDay", "15913");
Trovata riga : user_pref("extensions.delta.instlRef", "sst");
Trovata riga : user_pref("extensions.delta.newTab", false);
Trovata riga : user_pref("extensions.delta.prdct", "delta");
Trovata riga : user_pref("extensions.delta.prtnrId", "delta");
Trovata riga : user_pref("extensions.delta.rvrt", "false");
Trovata riga : user_pref("extensions.delta.smplGrp", "none");
Trovata riga : user_pref("extensions.delta.tlbrId", "base");
Trovata riga : user_pref("extensions.delta.tlbrSrchUrl", "");
Trovata riga : user_pref("extensions.delta.vrsn", "1.8.22.0");
Trovata riga : user_pref("extensions.delta.vrsnTs", "1.8.22.020:23:58");
Trovata riga : user_pref("extensions.delta.vrsni", "1.8.22.0");
Trovata riga : user_pref("extensions.delta_i.babExt", "");
Trovata riga : user_pref("extensions.delta_i.babTrack", "affID=119982&tsp=4956");
Trovata riga : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7239 octets] - [04/09/2014 12:14:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7299 octets] ##########
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-05 17:42:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.HP35 931,51GB
Running: 7lekjesl.exe; Driver: C:\Users\1\AppData\Local\Temp\fxldqpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071ea1a22 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071ea1ad0 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071ea1b08 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071ea1bba 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071ea1bda 2 bytes [EA, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3500] entry point in ".rdata" section 00000000706b71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6092:5468] 000007fefbbd2bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6092:4956] 000007fef7a85124

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{810B8B67-6FA1-430A-A3B0-302032924CDD}\Connection@Name isatap.{E6D279DB-2E2A-42B6-A350-4001F333A2B3}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{784D8E09-590F-484E-9D79-97C406EF6285}?\Device\{810B8B67-6FA1-430A-A3B0-302032924CDD}?\Device\{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}?\Device\{620F94B9-4CB2-4B45-A0A6-DD205A41751E}?\Device\{AD3E3291-C506-463F-BD67-220172C4BA2C}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{784D8E09-590F-484E-9D79-97C406EF6285}"?"{810B8B67-6FA1-430A-A3B0-302032924CDD}"?"{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}"?"{620F94B9-4CB2-4B45-A0A6-DD205A41751E}"?"{AD3E3291-C506-463F-BD67-220172C4BA2C}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{784D8E09-590F-484E-9D79-97C406EF6285}?\Device\TCPIP6TUNNEL_{810B8B67-6FA1-430A-A3B0-302032924CDD}?\Device\TCPIP6TUNNEL_{6D3A0B06-622A-4986-92E4-2CCDCE15CEE3}?\Device\TCPIP6TUNNEL_{620F94B9-4CB2-4B45-A0A6-DD205A41751E}?\Device\TCPIP6TUNNEL_{AD3E3291-C506-463F-BD67-220172C4BA2C}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@782eef923ece 0x4A 0x57 0x0E 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@942053e2f930 0x11 0x24 0xA9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@3017c87aaf2a 0x46 0x76 0x4F 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@bc4760083e66 0x41 0xF5 0xC5 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@a0759127d9c4 0x36 0x1B 0x44 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@8ce081e6c0ed 0xD7 0x67 0x58 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@045a95f6f1ec 0x08 0x6D 0x05 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@b85e7b0b2422 0x64 0x0E 0xBB 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9412d421@ccc3eaa4ad35 0x7E 0x24 0xC0 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{810B8B67-6FA1-430A-A3B0-302032924CDD}@InterfaceName isatap.{E6D279DB-2E2A-42B6-A350-4001F333A2B3}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{810B8B67-6FA1-430A-A3B0-302032924CDD}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@782eef923ece 0x4A 0x57 0x0E 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@942053e2f930 0x11 0x24 0xA9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@3017c87aaf2a 0x46 0x76 0x4F 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@bc4760083e66 0x41 0xF5 0xC5 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@a0759127d9c4 0x36 0x1B 0x44 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@8ce081e6c0ed 0xD7 0x67 0x58 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@045a95f6f1ec 0x08 0x6D 0x05 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@b85e7b0b2422 0x64 0x0E 0xBB 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9412d421@ccc3eaa4ad35 0x7E 0x24 0xC0 0x30 ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:53:49, on 05/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
CHROME: 37.0.2062.103
FIREFOX: 29.0.1 (it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\vVX6000.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\1\Documents\Pupulizia\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-2510 Series"
O8 - Extra context menu item: Add to AMV Convert Tool... - K:\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - K:\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - K:\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B4993F-E010-455C-AA22-AD9B7AA0CD9A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14302 bytes
altre scansioni che ho fatto sono state Avira per i rootkit, Avira scan completo, Hitman pro, CCleaner, e Malwarebytes antimalware scansione veloce

Grazie mille per ogni eventuale aiuto, e buona serata a tutti ;)
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da System » ven set 05, 2014 5:56 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8687
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

Ho letto velocemente i log (e non molto a fondo), hai linux installato in quel pc?
Tutti quelli che scappano sono Viet Cong, tutti quelli che restano fermi sono Viet Cong molto ben educati!

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

No purtroppo non ho linux in quel pc
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8687
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

L'unica voce brutta è in gmer
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code

Ma è ancora veramente affidabile gmer?????

Fai girare tdskiller e awsmbr di avast e vediamo cosa esce fuori.
Tutti quelli che scappano sono Viet Cong, tutti quelli che restano fermi sono Viet Cong molto ben educati!

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Ah, dici che GMER non è più affidabile? Non lo sapevo, è molto che non mi aggiorno

Allora ok Crazy, grazie, appena posso accedere al pc di famiglia faccio girare tdsskiller e awsmbr di avast e faccio sapere i risultati

Ah, le devo attivare le due opzioni di tdsskiller che c'è scritto di attivare nell'articolo di TLI?
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8687
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da crazy.cat »

Pct ha scritto:Ah, dici che GMER non è più affidabile?
Non lo so, alcune volte che mi è capitato di usarlo ultimamente mi ha lasciato dei dubbi.
Volevo capire se era capitato ad altri.
Pct ha scritto:Ah, le devo attivare le due opzioni di tdsskiller che c'è scritto di attivare nell'articolo di TLI?
Attivali.
Tutti quelli che scappano sono Viet Cong, tutti quelli che restano fermi sono Viet Cong molto ben educati!

Avatar utente
Pct
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 138
Iscritto il: sab mag 04, 2013 3:39 pm

Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da Pct »

Negli ultimi 2 anni, a parte questa volta, mi è capitato di usare GMER, su questo pc, 2-3 volte: non sono mai riuscito a portare a termine la scansione perché si piantava sempre. Questa è la prima volta di qui a 2 anni che riesco a portare a termine uno scan con GMER xD


Ho fatto lo scan con TDSSKiller: non ha rilevato nulla per fortuna :)
"prendi consiglio sia dall’ignorante che dal sapiente, perché non si raggiungono i limiti dell’arte e non esiste artigiano che abbia acquisito la perfezione"
(Ptahhotep)

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Vi andrebbe di aiutarmi con questi log?

Messaggio da System » sab set 06, 2014 6:03 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio