Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pregasi un controllo log

pregasi un controllo log

Opzioni

Topic Precedente · Topic Sucessivo

alexs

Inviato: Thursday, June 12, 2014 1:15:21 PM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

Da qualche giorno,ho trovato dei problemi nelle scansioni con l'antivirus Avira,scansione fino al 28%,quando passo da una pagina ad altra per esempio,di un quotidiano nazionale,la ,pagina scompare e rispunta lo schermo iniziale,poi leggendo sempre qualche quotidiano,le insopportabili pagine pubblicitarie ad occupare lo spazio dello schermo,e debbo cliccare"chiudi",per proseguire con la lettura,allego il log nella cortesia che qualcuno può controllarlo:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.11.09, on 12/06/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\CASASALERNO\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5085 bytes

Torna in alto

Sponsor

Inviato: Thursday, June 12, 2014 1:15:21 PM

Torna in alto

alexs

Inviato: Saturday, June 14, 2014 8:01:13 PM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

ho effettuato varie scansioni con Malwarebytes,ccleaner,avira antivirus e rifatto altro Hijack Tjis,pregasi una controllata;

Torna in alto

alexs

Inviato: Saturday, June 14, 2014 8:12:56 PM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.11.05, on 14/06/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Users\CASASALERNO\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4822 bytes

Torna in alto

alexs

Inviato: Saturday, June 14, 2014 8:47:40 PM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

OTL logfile created on: 14/06/2014 20.22.54 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CASASALERNO\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,25 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 70,64% Memory free
6,72 Gb Paging File | 5,64 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,82 Gb Total Space | 415,96 Gb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive D: | 9,93 Gb Total Space | 1,35 Gb Free Space | 13,60% Space Free | Partition Type: NTFS

Computer Name: PC-CASASALERNO | User Name: CASASALERNO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CASASALERNO\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programmi\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\atieclxx.exe (AMD)
PRC - C:\WINDOWS\System32\atiesrxx.exe (AMD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programmi\Common Files\Maxtor\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programmi\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat03490438#\dfa9643b65839083605177b8724c79b6\LOG.Foundation.Implementation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceMan446ca0e5#\f431efd0d169d8cc7cda2b070715ed71\ResourceManagement.Foundation.Implementation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Implementation\fa5aec8e0e6cc1427528784cc1720859\MOM.Implementation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM\da85a98972df6395fca1a7fc73250854\MOM.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0812\60d818e0d4ed8f1d94f5f4e7d91b8fbe\DEM.Graphics.I0812.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0805\1c870907d55a41d0e14a46896d8f5444\DEM.Graphics.I0805.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat60cdf5df#\66b89f9f0cc0e038c0d507542dcf3a3b\CLI.Foundation.XManifest.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone26c9c557#\605d4d6635fc594e8a7f9d1c532bde91\CLI.Component.Systemtray.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.73911eb5#\a9465af279576d9b20c8c9f9e1fea1d7\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ATICCCom\7da7bec261985f8b00acf2d1d04972ba\ATICCCom.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componeb4d0485c#\80f19b1c850172b37fff85d5b58057ae\CLI.Component.Runtime.Extension.EEU.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6692ca50#\e0e0340128ba286c92eefaaec4ebcb61\CLI.Component.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone29e547cc#\7c422044097e59d1d9797a55b1eaa6c1\CLI.Component.Dashboard.ProfileManager2.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6bf88b08#\0ce91b921a82a7a34d07c44823d4b34c\CLI.Component.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine7332395e#\080dd9b53708ab3587840447dd8c06fc\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.382a3def#\4d64dee9c13f3078922103c942c244fe\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0703\bc2533895dbfd6f5423d8ce63a3fe014\DEM.Graphics.I0703.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine0616f305#\0f25c9a09036d7ddb7aeb3527fc10f70\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pdb36d56e#\63396913a378eb71b7349754f0d2cd0b\CLI.Caste.Platform.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pac40511b#\c143ac72794a4e8535034a1e50b3e25f\CLI.Caste.Platform.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pfeefa2b6#\d2fdbafbd16a4ca5bc170909cacb889e\CLI.Caste.Platform.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H18c99613#\7a56c5797fdf2d608f7d4f1d1e7eeb43\CLI.Caste.HydraVision.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H92ba4e46#\f796b6e970f864d060397751b15011f3\CLI.Caste.HydraVision.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Hbb906c0b#\119ce7e0caa6f8b077aacec6dd5869e2\CLI.Caste.HydraVision.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G962aa464#\f860b6caaba9081d25567d780c60fb3a\CLI.Caste.Graphics.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I1010\3a88b9ed73f7415cc54004af89002cf8\DEM.Graphics.I1010.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0906\d3b8d75bb334afa0a2019c4d0139f562\DEM.Graphics.I0906.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F36b07a2b#\b4453d6b5485ed6c584396641ffe5cae\CLI.Caste.Fuel.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Fuel.Foundation\39c48768b4236caf58b999916011f811\Fuel.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Ff3085433#\673429eeeb0db62fd43ec74db988ca23\CLI.Caste.Fuel.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Runtime\f4dedc018c7fb8be74b92fa9e0a9c0bf\CLI.Caste.A4.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Af820fedc#\a4dd22532a6456e5f9a37545fa4f8d94\CLI.Caste.A4.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ef3eaa4d#\b5a5ce273824306483d77f6b43d35a55\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3a6f1658#\c43ce2ec50e5df845a1fff41955aaf34\CLI.Aspect.TransCode.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4bbb0755#\8c240929799999a3a339a2fa41ac6677\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8d333b6b#\ff8267f5556c413baeeb7f0ef6ef6826\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e9fd7406#\cbe8a644e97faea3a3c26bc2fbe02083\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c7aaa0f8#\d01b81dd154197317612f7ea4abc6f64\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.87ad5c75#\6c96a739c8fe472e5c866a6af6cc541a\CLI.Aspect.OverDrive5.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.abe74207#\1916bfc6c7a7e2cfab6520824cac4912\CLI.Aspect.MultiVPU2.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.846fa813#\80233250611c62bacc00aeb6d75cae18\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e8635fc7#\7ed8c07987ac0cd5787f730aaff5a1ab\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0709\7c8ab23afe178b7a954d57f51307fd8c\DEM.Graphics.I0709.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60338cc0#\71078a9d8d84df6fe36bd9d4056d4b41\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ae5e117c#\cc2742849bca2b29375b5431f88b46a7\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b0a7c1fb#\bd9e1777ad06ebf59884e46972fd3377\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.9b707b25#\33988260dfe2b88658b8909eb4399666\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0804\60cead97feee056d6e0a233d89bf00a9\DEM.Graphics.I0804.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0912\59f894040c7818787d36bd03cfc62c54\DEM.Graphics.I0912.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0706\b66e32cba5cbf7c2677b9cfd349c1e64\DEM.Graphics.I0706.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0712\70b451b9b94bdfa942ba0b3fc34b9402\DEM.Graphics.I0712.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.aa59351a#\ff723c2ba5f378976cddf6bd7ec6f75a\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.eda8935e#\c90e9d0cbaa0bc50bc70a10ab859fbcd\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e6d9f3a8#\7a9d894bfa1c3af42164abe021abd850\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8e996306#\744847d360e0c28125127b093f8502b1\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c854b457#\3a05c43b6220261a1b3a9697642274d3\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F24de14fe#\b2c306bc0dd04f663af356c116fab82b\CLI.Caste.Fuel.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4542c692#\38ec4f526e31b86ba76a50a035f213d3\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a0ae52bc#\46ec70012788fce5298e7b4605670cb9\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.37d3d968#\4a975fce33ee9387d10407eff3322cc1\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gee7d2dbc#\10e93d2cc31902e7e5ab4edbf2db732b\CLI.Caste.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.acb9d930#\0271b4cfe484fbe67d20db714f776cdd\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.7ec2db45#\d6ae084dce83e39ad12b8ad3041108de\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gd9d9b43b#\be43c431df7366be5696276e9302b86d\CLI.Caste.Graphics.Dashboard.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3399d0ec#\38b212b7bab8a2cf8fe6ebd75e71f69a\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone59f353b4#\27c77a36a9dad97c0f510a9641ad3cdb\CLI.Component.Runtime.Shared.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ec8786e5#\9a6cc3f8a7f5650506343a005771b0f3\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wfbf9373c#\45563f0f6b32c71099f76c979051d0b5\Microsoft.WindowsAPICodePack.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Shared\f058c358c09c7411d99bd3cc1f5ff2cb\CLI.Caste.A4.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W8090224c#\0c6183c3f2ffe08a8a580a830fb5440e\Microsoft.WindowsAPICodePack.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundatd3771151#\e98d8100b37fc022ff96b9cc43b27429\CLI.Foundation.Client.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef4cf054f#\2d52c4be7b9663a0c623753a7281546f\CLI.Component.Dashboard.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceManf163905a#\487e89e15ee1b1c3b4fd2b976471b44b\ResourceManagement.Foundation.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componec89c3bec#\1f497a86edf82bcd64a4915970aaf467\CLI.Component.Dashboard.Shared.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone168638d1#\06c0515d5a1c50a1d4542495a05c7451\CLI.Component.Client.Shared.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef1fd67b2#\9bd7edee751996d062e384572c4ffae6\CLI.Component.Client.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC.Implementation\378cfafb430ec9bac3d400c3b183e7a2\CCC.Implementation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundatcaafa75b#\92d4da6a460c0a371a94523718e3a23c\LOG.Foundation.Implementation.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Foundation\c00f77d78e87167754b1d49ff1ea76b2\MOM.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60a7b4d1#\83356d824481b43a52b3097c971c0315\CLI.Caste.Graphics.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC\2acdec62a1c0e3da32b4d91b6d6ebebc\CCC.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Localizatio01dbc1c0#\d4ed9fa0262116300dc382572d0791b1\Localization.Foundation.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Server\bf377d73943af55a02b54a7154537204\APM.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat3d5d3945#\3aa63d0db45349c86efff947570f2013\CLI.Foundation.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Foundation\7e61981b3ea5224ac90b6d3163d6c2c5\APM.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundation\ed4cf3c80e597402cd40865ccf3e2dba\CLI.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server\efb01afbfac33d8c028a59c60a04e7cc\AEM.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.5d945b6b#\77750a68f151d09de5c9a70fd75b8d43\AEM.Plugin.Source.Kit.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat619559bd#\647fdd22e78c0c0c65700b2f81271960\CLI.Foundation.CoreAudioAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.674d2b8a#\54a65f167d859566861b8a1e30aef361\AEM.Plugin.WinMessages.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone1b4a8c97#\6851f596bf5f77352cafa66bf794ce00\CLI.Component.Runtime.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0601\1075b957552826cb33fe8f6faa682031\DEM.Graphics.I0601.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Foundation\487fb81cb4402f312d5d45f064aed646\DEM.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics\3afb7d0fd0bd063b32c1c652db5f903d\DEM.Graphics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server.Shared\3d191dd6c1d2cc3dc9062eb812469141\AEM.Server.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.2b6a6775#\e2e279a4c58f79ad0c15f170d8ec496b\AEM.Plugin.Hotkeys.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.0a1309f7#\f855ec411589181c813c4cf44918ccb1\AEM.Plugin.EEU.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.88aba5d2#\b1493abaaafcb6bfc63f25e45b6a9093\AEM.Plugin.REG.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.GD.Shared\594125700eaf0da46b4e7d64f3f45776\AEM.Plugin.GD.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ADL.Foundation\fca756e6d7c66d1958ac075591897df9\ADL.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundation\219fe2a24a8cc48e386197d11923f04f\LOG.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NEWAEM.Foundation\9e6f0cb01d0d0df31a3159a68691d7c7\NEWAEM.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Actions5dc83b46#\e480632268aa058fe2892abdc3c02af7\AEM.Actions.CCAA.Shared.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat5023f8e7#\8b7e5d429ea93e8cf26071984642209c\LOG.Foundation.Private.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\A4.Foundation\e94c232b53f43aeda53dd4de08e5a992\A4.Foundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\System32\atitmpxx.dll ()
MOD - C:\Programmi\WinRAR\RarExt.dll ()

========== Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programmi\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Programmi\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
SRV - (AMD External Events Utility) -- C:\WINDOWS\System32\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programmi\Common Files\Maxtor\Schedule2\schedul2.exe (Acronis)
SRV - (IAANTMON) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (MDM) -- C:\Programmi\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (SWDUMon) -- C:\WINDOWS\System32\drivers\SWDUMon.sys ()
DRV - (amdkmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\WINDOWS\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\WINDOWS\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (nm3) -- C:\WINDOWS\System32\drivers\nm3.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (PAC207) -- C:\WINDOWS\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
IE - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2013/11/14 20.44.35 | 000,000,734 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4179971367-4229672736-2135552535-1000..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6BBFA1E-E77A-4BBD-A1E1-F14FFDA3EA89}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 23.20.33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2014/06/13 21.59.24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/06/13 21.58.50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/06/12 18.10.19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/11 13.11.38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/06/11 13.11.37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/06/11 11.13.30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/06/11 11.13.29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/11 11.13.29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/06/11 11.13.29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/11 11.13.29 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/11 11.13.29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/06/11 11.13.28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/11 11.13.28 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/11 11.13.28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/11 11.13.28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/11 11.13.27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/11 11.13.26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/10 18.23.58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/06/03 17.40.07 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/03 17.39.59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/03 17.39.56 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/03 17.39.56 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/03 17.39.56 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/03 17.39.56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/03 12.56.48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/06/01 12.50.23 | 000,000,000 | ---D | C] -- C:\Users\CASASALERNO\Documents\Network Monitor 3
[2014/05/23 18.12.59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/05/23 18.12.59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/05/19 11.42.31 | 000,000,000 | ---D | C] -- C:\Users\CASASALERNO\AppData\Local\SlimWare Utilities Inc
[2014/05/19 11.42.05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/05/14 09.59.19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/12 19.47.43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2014/05/06 12.54.31 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/06 12.54.31 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/03 11.42.28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014/05/03 11.42.25 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2014/05/03 11.42.25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2014/05/03 11.42.25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2014/05/03 11.42.19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2014/05/02 14.54.28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/05/02 14.54.28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/05/02 14.54.28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/05/02 14.54.28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/05/02 14.54.28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/05/02 14.54.28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/05/02 14.54.27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/05/02 14.54.27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/05/02 14.54.27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/05/02 14.54.27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/05/02 14.54.27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/05/02 14.54.27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/05/02 14.54.27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/05/02 14.54.27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/02 14.54.27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/02 14.54.27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/02 14.54.27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/05/02 14.54.26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2014/05/02 14.54.26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2014/05/02 14.54.26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2014/05/02 14.54.26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/05/02 14.54.25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2014/05/02 14.54.25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/05/02 14.54.25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/05/02 14.54.25 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/05/01 15.29.37 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/26 17.37.29 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/04/26 17.36.34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/04/26 17.31.25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/20 11.24.19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/04/20 11.24.02 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/20 11.23.40 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/20 11.23.40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/20 11.23.40 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/20 11.23.40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/20 11.23.28 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 60 Days ==========

[2014/06/14 20.21.38 | 000,000,529 | ---- | M] () -- C:\Users\CASASALERNO\Desktop\OTL - collegamento.lnk
[2014/06/14 20.14.49 | 000,714,776 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/06/14 20.14.49 | 000,634,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/14 20.14.49 | 000,143,156 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/06/14 20.14.49 | 000,119,824 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/14 20.09.40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/14 20.09.40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/14 20.09.37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/14 20.09.32 | 3486,797,824 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/13 22.05.29 | 001,354,036 | ---- | M] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0004.jpg
[2014/06/13 22.04.48 | 001,436,529 | ---- | M] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0003.jpg
[2014/06/13 22.03.52 | 001,266,835 | ---- | M] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0002.jpg
[2014/06/13 21.59.11 | 003,261,714 | ---- | M] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0001.jpg
[2014/06/12 17.01.13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/03 15.31.33 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014/06/03 15.31.32 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014/05/28 18.39.36 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/28 18.32.25 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/28 18.31.33 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/05/28 18.31.17 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/28 18.30.53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/28 18.30.25 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/28 18.30.08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/05/28 18.30.00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/05/28 18.29.58 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/05/28 18.29.49 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/05/28 18.29.31 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/28 18.28.35 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/19 11.42.32 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2014/05/12 07.26.04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/12 07.25.58 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/12 07.25.54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/06 12.54.31 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/06 12.54.31 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/03 11.48.19 | 000,397,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/02 14.54.35 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2014/05/02 14.54.35 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2014/05/02 14.54.28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/05/02 14.54.28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014/05/02 14.54.28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/05/02 14.54.28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014/05/02 14.54.28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/05/02 14.54.28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014/05/02 14.54.27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014/05/02 14.54.27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/05/02 14.54.27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/05/02 14.54.27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/05/02 14.54.27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014/05/02 14.54.27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014/05/02 14.54.27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014/05/02 14.54.27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/02 14.54.27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/02 14.54.27 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/05/02 14.54.27 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/02 14.54.27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/05/02 14.54.26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2014/05/02 14.54.26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2014/05/02 14.54.26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2014/05/02 14.54.26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014/05/02 14.54.25 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2014/05/02 14.54.25 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/05/02 14.54.25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014/05/02 14.54.25 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014/04/20 11.23.33 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/20 11.23.32 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/20 11.23.32 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/20 11.23.32 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2014/06/14 20.21.38 | 000,000,529 | ---- | C] () -- C:\Users\CASASALERNO\Desktop\OTL - collegamento.lnk
[2014/06/13 22.05.29 | 001,354,036 | ---- | C] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0004.jpg
[2014/06/13 22.04.48 | 001,436,529 | ---- | C] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0003.jpg
[2014/06/13 22.03.52 | 001,266,835 | ---- | C] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0002.jpg
[2014/06/13 21.59.11 | 003,261,714 | ---- | C] () -- C:\Users\CASASALERNO\Documents\IMG_20140613_0001.jpg
[2014/06/12 18.41.57 | 3486,797,824 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/23 18.13.06 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/05/19 11.42.32 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2014/05/02 14.54.27 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/12/25 11.18.08 | 000,000,680 | ---- | C] () -- C:\Users\CASASALERNO\AppData\Local\d3d9caps.dat
[2013/12/06 23.38.46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2013/11/08 10.38.57 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/11/07 20.36.36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/07 19.50.46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/11/07 19.50.46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/11/07 19.14.43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/11/07 10.23.55 | 000,967,208 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2013/11/01 10.08.32 | 000,721,296 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013/09/26 23.14.10 | 000,083,552 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2013/09/12 18.31.04 | 000,233,776 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2013/09/12 18.30.56 | 000,234,036 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013/03/29 04.13.14 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe
[2013/03/29 04.13.12 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe
[2012/07/28 03.13.04 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== ZeroAccess Check ==========

[2006/11/02 14.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 15.26.04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/08 21.07.51 | 000,000,000 | ---D | M] -- C:\Users\CASASALERNO\AppData\Roaming\Auslogics
[2014/06/13 21.59.14 | 000,000,000 | ---D | M] -- C:\Users\CASASALERNO\AppData\Roaming\Canon
[2014/03/16 13.02.48 | 000,000,000 | ---D | M] -- C:\Users\CASASALERNO\AppData\Roaming\Eusing

========== Purity Check ==========

< End of report >

Torna in alto

alexs

Inviato: Sunday, June 15, 2014 11:19:50 AM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

da diversi giorni ,effettuo la scansione con l'antivirus Avira free,si ferma al 27% e si blocca,cosa potete dirmi?

Torna in alto

alexs

Inviato: Sunday, June 15, 2014 2:33:42 PM

Rank: AiutAmico

Iscritto dal : 12/12/2008
Posts: 1,277

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by CASASALERNO (administrator) on PC-CASASALERNO on 15-06-2014 14:31:04
Running from C:\Users\CASASALERNO\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Italian Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acronis) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4179971367-4229672736-2135552535-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [410904 2007-08-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-15] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75264 2013-07-05] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-13] (Avira Operations GmbH & Co. KG)
R1 nm3; C:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-13] (Avira GmbH)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-19] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-15 14:30 - 2014-06-15 14:30 - 00000536 _____ () C:\Users\CASASALERNO\Desktop\FRST - collegamento (2).lnk
2014-06-15 14:23 - 2014-06-15 14:23 - 00026409 _____ () C:\Users\CASASALERNO\Downloads\Addition.txt
2014-06-15 14:22 - 2014-06-15 14:31 - 00009960 _____ () C:\Users\CASASALERNO\Downloads\FRST.txt
2014-06-15 14:22 - 2014-06-15 14:31 - 00000000 ____D () C:\FRST
2014-06-15 14:22 - 2014-06-15 14:22 - 00000536 _____ () C:\Users\CASASALERNO\Desktop\FRST - collegamento.lnk
2014-06-15 14:21 - 2014-06-15 14:21 - 01073152 _____ (Farbar) C:\Users\CASASALERNO\Downloads\FRST.exe
2014-06-15 12:51 - 2014-06-15 14:06 - 00104572 _____ () C:\Windows\PFRO.log
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Roaming\Avira
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\ProgramData\APN
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-06-15 12:30 - 2014-06-15 12:47 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-15 12:30 - 2014-06-15 12:47 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-15 12:30 - 2014-06-15 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-15 12:30 - 2014-06-15 12:30 - 00000000 ____D () C:\Program Files\Avira
2014-06-15 12:30 - 2013-12-13 15:04 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-15 12:30 - 2013-12-13 15:04 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-06-13 21:59 - 2014-06-13 22:02 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-06-13 21:58 - 2014-06-13 22:05 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-06-12 18:10 - 2014-06-12 18:12 - 00000000 ____D () C:\AdwCleaner
2014-06-11 13:11 - 2014-06-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-11 13:11 - 2014-06-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-11 11:18 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 11:18 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 11:13 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 11:13 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 11:13 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 11:13 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 11:13 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 11:13 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 11:13 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 11:13 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 11:13 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 11:13 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 11:13 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 11:13 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 11:13 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 11:13 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 11:13 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 11:13 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 11:13 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 11:13 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 18:23 - 2014-06-10 19:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 17:40 - 2014-06-12 17:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 17:39 - 2014-06-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:39 - 2014-06-03 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-03 17:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 17:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 17:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 12:56 - 2014-06-03 12:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-01 12:50 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\CASASALERNO\Documents\Network Monitor 3
2014-05-23 18:13 - 2014-05-24 08:47 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 18:12 - 2014-05-23 18:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 18:12 - 2014-05-23 18:12 - 00000000 ____D () C:\Program Files\Adobe
2014-05-19 11:42 - 2014-05-19 11:42 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-19 11:42 - 2014-05-19 11:42 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-19 11:42 - 2014-05-19 11:42 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Local\SlimWare Utilities Inc

==================== One Month Modified Files and Folders =======

2014-06-15 14:31 - 2014-06-15 14:22 - 00009960 _____ () C:\Users\CASASALERNO\Downloads\FRST.txt
2014-06-15 14:31 - 2014-06-15 14:22 - 00000000 ____D () C:\FRST
2014-06-15 14:31 - 2013-11-06 22:12 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Local\Temp
2014-06-15 14:30 - 2014-06-15 14:30 - 00000536 _____ () C:\Users\CASASALERNO\Desktop\FRST - collegamento (2).lnk
2014-06-15 14:29 - 2013-11-06 22:12 - 00000000 ____D () C:\Users\CASASALERNO
2014-06-15 14:23 - 2014-06-15 14:23 - 00026409 _____ () C:\Users\CASASALERNO\Downloads\Addition.txt
2014-06-15 14:22 - 2014-06-15 14:22 - 00000536 _____ () C:\Users\CASASALERNO\Desktop\FRST - collegamento.lnk
2014-06-15 14:21 - 2014-06-15 14:21 - 01073152 _____ (Farbar) C:\Users\CASASALERNO\Downloads\FRST.exe
2014-06-15 14:21 - 2013-11-10 13:52 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Roaming\Skype
2014-06-15 14:12 - 2007-01-02 07:10 - 00714776 _____ () C:\Windows\system32\perfh010.dat
2014-06-15 14:12 - 2007-01-02 07:10 - 00143156 _____ () C:\Windows\system32\perfc010.dat
2014-06-15 14:12 - 2006-11-02 12:33 - 01606064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 14:10 - 2014-05-07 13:51 - 01201881 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 14:06 - 2014-06-15 12:51 - 00104572 _____ () C:\Windows\PFRO.log
2014-06-15 14:06 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 14:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 14:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 14:02 - 2006-11-02 15:01 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-15 12:47 - 2014-06-15 12:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-15 12:47 - 2014-06-15 12:30 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Roaming\Avira
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\ProgramData\APN
2014-06-15 12:31 - 2014-06-15 12:31 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-06-15 12:30 - 2014-06-15 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-15 12:30 - 2014-06-15 12:30 - 00000000 ____D () C:\Program Files\Avira
2014-06-15 12:30 - 2013-11-07 19:56 - 00000000 ____D () C:\ProgramData\Avira
2014-06-13 22:05 - 2014-06-13 21:58 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-06-13 22:02 - 2014-06-13 21:59 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2014-06-13 21:59 - 2013-11-10 13:49 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Roaming\Canon
2014-06-12 18:12 - 2014-06-12 18:10 - 00000000 ____D () C:\AdwCleaner
2014-06-12 17:01 - 2014-06-03 17:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 13:11 - 2014-06-11 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-11 13:11 - 2014-06-11 13:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-11 11:24 - 2013-11-07 20:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 11:22 - 2013-11-07 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 11:21 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 19:09 - 2014-06-10 18:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 17:39 - 2014-06-03 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 17:39 - 2014-06-03 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-03 12:56 - 2014-06-03 12:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-03 12:56 - 2014-03-07 10:30 - 00000000 ___RD () C:\Program Files\Skype
2014-06-03 12:56 - 2013-11-10 13:52 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 12:50 - 2014-06-01 12:50 - 00000000 ____D () C:\Users\CASASALERNO\Documents\Network Monitor 3
2014-05-28 18:48 - 2014-06-11 11:13 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 11:13 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 11:13 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 11:13 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 11:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 11:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 11:13 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 11:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 11:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 11:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 11:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 11:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 11:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 11:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 11:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-24 08:47 - 2014-05-23 18:13 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-23 18:13 - 2014-05-23 18:12 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 18:13 - 2013-11-07 19:38 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Local\Adobe
2014-05-23 18:13 - 2007-01-01 23:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-23 18:12 - 2014-05-23 18:12 - 00000000 ____D () C:\Program Files\Adobe
2014-05-22 09:40 - 2014-04-02 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2014-05-22 09:40 - 2014-04-02 16:54 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-05-19 11:42 - 2014-05-19 11:42 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-19 11:42 - 2014-05-19 11:42 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-19 11:42 - 2014-05-19 11:42 - 00000000 ____D () C:\Users\CASASALERNO\AppData\Local\SlimWare Utilities Inc

Some content of TEMP:
====================
C:\Users\CASASALERNO\AppData\Local\Temp\avgnt.exe
C:\Users\CASASALERNO\AppData\Local\Temp\Offercast_AVIRAV7_.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-15 14:12

==================== End Of Log ============================

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pregasi un controllo log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded