Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo logs Opzioni
andread81
Inviato: Sunday, July 27, 2014 6:06:09 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Aggiornando un gioco, Security Essential mi ha segnalato un problema di virus che non necessitava di azioni aggiuntive... Non fidandomi ho lanciato subito Malawarebytes che mi ha trovato quanto sotto


Ho spostato tutto in quarantena e fatto una scansione con Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:15, on 27/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O4 - HKLM\..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8529 bytes



Nel dubbio ho lanciato anche una scansione con
Combofix che mi ha scritto nel report:

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrea\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\windows\ST6UNST.000

ADW Cleaner:
# AdwCleaner v3.216 - Rapporto creato 27/07/2014 in 18:10:46
# Aggiornato 17/07/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Andrea - ANDREA-PC
# In esecuzione da : C:\Users\Andrea\Downloads\adwcleaner_3.216.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Program Files (x86)\driver-soft
Cartella Eliminato : C:\Users\Andrea\AppData\Roaming\pdfforge

***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Chiave Eliminati : HKLM\Software\Driver-Soft

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (it)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1130 octets] - [27/07/2014 18:09:54]
AdwCleaner[S0].txt - [1059 octets] - [27/07/2014 18:10:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1119 octets] ##########


JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andrea on 27/07/2014 at 18:14:57,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\minidumps [79 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/07/2014 at 18:20:37,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL

OTL logfile created on: 27/07/2014 18:21:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,97% Memory free
8,00 Gb Paging File | 6,64 Gb Available in Paging File | 82,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 225,12 Gb Free Space | 75,52% Space Free | Partition Type: NTFS
Drive E: | 233,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/27 18:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/06/16 18:42:42 | 003,431,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/05/30 01:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE


========== Modules (No Company Name) ==========

MOD - [2014/06/04 15:17:12 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
MOD - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
MOD - [2010/01/14 22:31:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\KHKEY.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/06/19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/30 01:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/07/09 15:58:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/18 21:42:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/05/30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/02 14:58:04 | 000,153,088 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/05/30 01:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/03/31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/27 19:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/08/27 19:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/01 08:52:58 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp24msdrv.sys -- (rp24msdrv)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/29 11:17:56 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2011/09/16 10:36:34 | 000,148,976 | ---- | M] (CyberLink Corp.) [2014/06/15 22:01:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/09/14 15:48:19 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\Downloads\Real Temp\WinRing0x64.sys -- (WinRing0_1_2_0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 78 78 2A E1 4D CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: it-IT%40dictionaries.addons.mozilla.org:3.3.2
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3m
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.31
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/18 21:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/18 21:41:35 | 000,000,000 | ---D | M]

[2014/04/01 22:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2014/07/25 11:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions
[2014/04/22 23:34:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/16 20:42:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/04/05 15:02:10 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2014/04/05 15:02:10 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2014/06/17 23:03:28 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
[2014/04/27 18:03:36 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\translator@zoli.bod.xpi
[2014/04/27 15:11:52 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2014/07/26 07:21:31 | 000,538,644 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/07/02 21:31:16 | 000,155,965 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014/07/25 11:41:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/30 23:28:58 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/06/18 21:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/06/18 21:42:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A701AD69-608A-46AF-A726-53D6CAAC8E74}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/13 14:30:30 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell - "" = AutoRun
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell\AutoRun\command - "" = F:\iLinker.exe
O33 - MountPoints2\{e31a6c1d-b9c8-11e3-9177-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e31a6c1d-b9c8-11e3-9177-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2013/11/21 14:54:04 | 012,708,245 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (搀渀挀氀攀愀渀㘀㐀⸀攀砀攀)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/27 18:14:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/27 18:09:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/27 16:25:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/07/27 14:56:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/27 14:55:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/27 14:54:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/27 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Conquest - Divided Nation
[2014/07/26 10:32:27 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Bluetooth
[2014/07/26 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Toshiba
[2014/07/16 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\Andrea\CyberLink
[2014/07/11 19:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/07/11 18:42:06 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/11 18:42:06 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/11 18:42:00 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/11 18:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/11 18:41:34 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/11 18:41:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/11 18:38:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/11 18:37:43 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/11 18:37:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/11 18:37:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/11 18:37:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/11 18:37:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/11 18:37:42 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/11 18:37:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/11 18:37:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/11 18:37:40 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/11 18:37:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/11 18:37:39 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/11 18:37:39 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/11 18:37:39 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/11 18:37:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/11 18:37:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/11 18:37:38 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/11 18:37:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/11 18:37:37 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/11 18:37:36 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/11 18:37:36 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/11 18:37:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/11 18:37:35 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/11 18:37:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/11 18:37:34 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/11 18:37:34 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/11 18:37:33 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/11 18:37:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/11 18:37:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/11 18:37:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/11 18:37:32 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/11 18:37:32 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/11 18:37:32 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/11 18:37:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/11 18:37:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/11 18:37:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/11 18:35:10 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/11 17:55:50 | 000,000,000 | ---D | C] -- C:\Drivers
[2014/07/11 17:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverReviver.exe
[2014/07/11 17:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2014/07/11 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2014/07/11 17:43:14 | 000,000,000 | ---D | C] -- C:\SWSETUP
[2014/07/11 17:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/07/11 17:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Device Doctor
[2014/07/10 08:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/07/10 08:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/07/10 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\HpUpdate
[2014/07/10 08:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/07/10 08:27:04 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\HP
[2014/07/10 08:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/07/09 22:01:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea\My Documents
[2014/07/09 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SCi
[2014/07/09 21:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conflict
[2014/07/08 13:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2014/07/08 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2014/07/06 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\PhotoScape
[2014/07/06 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\My SureThing Projects
[2014/07/06 15:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing
[2014/07/06 15:16:28 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2014/07/06 15:16:28 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2014/07/06 15:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SureThing CD Labeler 5
[2014/07/04 17:48:11 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\MicroVision Applications
[2014/07/04 17:44:56 | 000,289,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2014/07/04 17:44:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2014/07/04 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SureThing Shared
[2014/07/04 17:40:53 | 000,289,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2014/07/04 17:40:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2014/07/04 17:40:53 | 000,000,000 | ---D | C] -- C:\Windows\MVUNINST
[2014/07/03 17:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2014/07/03 17:37:43 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Download
[2014/07/03 16:41:49 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\CD-LabelPrint
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/27 18:19:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/27 18:19:19 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/27 18:18:06 | 001,661,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/27 18:18:06 | 000,741,386 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/07/27 18:18:06 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/27 18:18:06 | 000,147,440 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/07/27 18:18:06 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/27 18:11:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/27 18:11:39 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/27 18:01:45 | 000,048,291 | ---- | M] () -- C:\Users\Andrea\Desktop\Minacce MAB.jpg
[2014/07/27 17:59:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/27 17:56:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/27 17:47:03 | 000,450,581 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2014/07/26 15:56:39 | 001,593,289 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 25 luglio.pdf
[2014/07/26 10:33:13 | 000,351,930 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0058.jpg
[2014/07/26 10:33:09 | 000,583,159 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0059.jpg
[2014/07/26 10:33:03 | 000,448,996 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0060.jpg
[2014/07/20 17:54:49 | 000,019,999 | ---- | M] () -- C:\Users\Andrea\Documents\Operazione Leone Marino 22-24 luglio 2014.odt
[2014/07/20 16:29:50 | 000,531,068 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 7 maggio.pdf
[2014/07/20 16:26:37 | 000,204,301 | ---- | M] () -- C:\Users\Andrea\Desktop\Levante 9 maggio.pdf
[2014/07/20 16:25:51 | 000,503,706 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 10 maggio.pdf
[2014/07/20 16:24:41 | 000,631,058 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 10 maggio.pdf
[2014/07/20 16:22:23 | 000,133,061 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 3 luglio.pdf
[2014/07/20 16:21:26 | 000,177,323 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 12 maggio.pdf
[2014/07/20 16:19:43 | 000,198,313 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 13 maggio.pdf
[2014/07/20 16:17:32 | 000,373,056 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 14 maggio.pdf
[2014/07/20 16:15:12 | 000,410,644 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 15 maggio.pdf
[2014/07/20 16:11:11 | 000,124,395 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 15 maggio.pdf
[2014/07/20 16:10:18 | 000,183,652 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 16 maggio 2014.pdf
[2014/07/20 16:08:42 | 001,679,151 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 16 maggio 2014.pdf
[2014/07/20 16:04:15 | 000,345,821 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 17 maggio.pdf
[2014/07/20 16:02:19 | 000,423,493 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 18 maggio.pdf
[2014/07/20 16:01:14 | 000,148,869 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 18 maggio.pdf
[2014/07/20 16:00:00 | 000,205,065 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 20 maggio.pdf
[2014/07/20 15:58:59 | 000,174,266 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 22 maggio.pdf
[2014/07/20 15:57:29 | 000,781,598 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 22 maggio.pdf
[2014/07/20 15:54:09 | 000,154,955 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 23 maggio.pdf
[2014/07/20 15:52:16 | 000,549,182 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 25 maggio.pdf
[2014/07/20 15:44:28 | 000,179,487 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 28 maggio.pdf
[2014/07/20 15:42:48 | 000,822,122 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 30 maggio 2014.pdf
[2014/07/20 15:40:40 | 000,171,414 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 30 maggio.pdf
[2014/07/20 15:38:02 | 000,130,717 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 31 maggio.pdf
[2014/07/20 15:31:53 | 000,146,515 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 1 giugno.pdf
[2014/07/20 15:29:46 | 000,145,871 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 3 giugno.pdf
[2014/07/20 15:27:18 | 000,586,125 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 3 giugno.pdf
[2014/07/20 11:57:53 | 000,288,461 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 4 giugno.pdf
[2014/07/20 11:55:52 | 000,195,864 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 4 giugno.pdf
[2014/07/20 11:53:50 | 000,393,280 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 5 giugno.pdf
[2014/07/20 11:48:54 | 000,152,307 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 5 giugno.pdf
[2014/07/20 10:56:37 | 001,097,162 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 6 giugno 2014.pdf
[2014/07/20 10:52:33 | 000,426,618 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 7 giugno.pdf
[2014/07/20 10:22:52 | 000,181,901 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 10 giugno.pdf
[2014/07/20 10:21:39 | 000,365,673 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 10 giugno.pdf
[2014/07/20 10:17:33 | 000,364,658 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 11 giugno.pdf
[2014/07/20 10:15:45 | 000,381,383 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 11 giugno.pdf
[2014/07/20 10:13:41 | 000,453,405 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 12 giugno.pdf
[2014/07/20 10:11:27 | 000,142,413 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 12 giugno.pdf
[2014/07/20 10:08:07 | 000,369,542 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 13 giugno.pdf
[2014/07/20 10:04:47 | 000,208,474 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 18 giugno.pdf
[2014/07/18 10:11:31 | 002,465,143 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 18 luglio.pdf
[2014/07/18 10:05:51 | 001,230,191 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 18 luglio.pdf
[2014/07/18 10:05:08 | 001,266,705 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 18 luglio.pdf
[2014/07/17 10:50:48 | 001,382,088 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 17 luglio.pdf
[2014/07/17 10:50:25 | 002,181,301 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 17 luglio.pdf
[2014/07/16 10:24:30 | 001,858,543 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 16 luglio.pdf
[2014/07/16 10:19:49 | 001,231,945 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 16 luglio.pdf
[2014/07/15 13:36:49 | 000,012,572 | ---- | M] () -- C:\Users\Andrea\Documents\Allegato fax INPS 2.odt
[2014/07/14 10:41:59 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Desert Storm.lnk
[2014/07/13 07:56:49 | 001,264,205 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 13 luglio.pdf
[2014/07/13 07:55:23 | 001,266,014 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 13 luglio.pdf
[2014/07/12 07:13:35 | 001,561,845 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 12 luglio.pdf
[2014/07/11 19:55:29 | 001,873,707 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 11 luglio.pdf
[2014/07/11 19:52:36 | 001,525,556 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 11 luglio.pdf
[2014/07/11 19:42:11 | 001,703,123 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 11 luglio.pdf
[2014/07/11 19:05:34 | 000,416,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/10 11:42:58 | 001,594,167 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 10 luglio.pdf
[2014/07/09 15:58:03 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 15:58:03 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/09 11:56:11 | 001,419,856 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 9 luglio.pdf
[2014/07/09 11:54:40 | 001,166,350 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 9 luglio.pdf
[2014/07/08 17:46:47 | 000,007,190 | ---- | M] () -- C:\Users\Andrea\Documents\cc_20140708_174641.reg
[2014/07/08 09:11:25 | 004,833,555 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 8 luglio.pdf
[2014/07/07 16:37:38 | 000,493,394 | ---- | M] () -- C:\Users\Andrea\Desktop\Live 88-12.std
[2014/07/07 10:05:13 | 003,713,446 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 7 luglio.pdf
[2014/07/07 09:53:25 | 001,084,300 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 7 luglio.pdf
[2014/07/06 17:30:54 | 000,000,747 | ---- | M] () -- C:\Windows\ST6UNST.003
[2014/07/06 17:30:52 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.LST
[2014/07/06 17:30:10 | 000,000,747 | ---- | M] () -- C:\Windows\ST6UNST.002
[2014/07/06 17:29:55 | 000,000,747 | ---- | M] () -- C:\Windows\ST6UNST.001
[2014/07/06 17:29:20 | 000,000,747 | ---- | M] () -- C:\Windows\ST6UNST.000
[2014/07/06 10:18:55 | 001,237,232 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 6 luglio.pdf
[2014/07/05 12:37:52 | 001,562,656 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 5 luglio.pdf
[2014/07/04 16:58:57 | 001,831,653 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 4 luglio.pdf
[2014/07/04 16:43:55 | 000,844,048 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 4 luglio.pdf
[2014/07/04 16:43:20 | 000,817,633 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 4 luglio.pdf
[2014/07/03 22:29:40 | 001,343,331 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 3 luglio.pdf
[2014/07/03 09:23:29 | 000,128,471 | ---- | M] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso.pdf
[2014/07/02 16:10:29 | 000,012,808 | ---- | M] () -- C:\Users\Andrea\Documents\Allegato fax INPS.odt
[2014/07/02 09:53:35 | 000,054,485 | ---- | M] () -- C:\Users\Andrea\Desktop\Bre7FbNIAAAmpIK.jpg
[2014/07/01 20:17:28 | 001,490,517 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 1 luglio.pdf
[2014/07/01 20:15:36 | 001,686,960 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 1 luglio.pdf
[2014/06/30 21:57:00 | 000,971,822 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 30 giugno.pdf
[2014/06/30 04:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/30 04:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/28 21:57:03 | 000,193,154 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 27 giugno.pdf
[2014/06/28 21:34:53 | 001,354,857 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 28 giugno.pdf
[2014/06/27 22:01:39 | 001,662,494 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercantile 27 giugno.pdf
[2014/06/27 22:00:09 | 000,998,417 | ---- | M] () -- C:\Users\Andrea\Desktop\Secolo 27 giugno.pdf
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/27 16:17:52 | 000,048,291 | ---- | C] () -- C:\Users\Andrea\Desktop\Minacce MAB.jpg
[2014/07/27 14:56:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/27 14:56:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/26 15:56:38 | 001,593,289 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 25 luglio.pdf
[2014/07/26 10:33:10 | 000,351,930 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0058.jpg
[2014/07/26 10:33:05 | 000,583,159 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0059.jpg
[2014/07/26 10:32:59 | 000,448,996 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0060.jpg
[2014/07/18 10:11:31 | 002,465,143 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 18 luglio.pdf
[2014/07/18 10:05:51 | 001,230,191 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 18 luglio.pdf
[2014/07/18 10:05:08 | 001,266,705 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 18 luglio.pdf
[2014/07/17 10:50:47 | 001,382,088 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 17 luglio.pdf
[2014/07/17 10:50:24 | 002,181,301 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 17 luglio.pdf
[2014/07/16 10:24:29 | 001,858,543 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 16 luglio.pdf
[2014/07/16 10:19:48 | 001,231,945 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 16 luglio.pdf
[2014/07/15 13:36:47 | 000,012,572 | ---- | C] () -- C:\Users\Andrea\Documents\Allegato fax INPS 2.odt
[2014/07/14 10:41:59 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Desert Storm.lnk
[2014/07/13 07:56:48 | 001,264,205 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 13 luglio.pdf
[2014/07/13 07:17:52 | 001,266,014 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 13 luglio.pdf
[2014/07/12 07:13:35 | 001,561,845 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 12 luglio.pdf
[2014/07/11 19:55:28 | 001,873,707 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 11 luglio.pdf
[2014/07/11 19:52:35 | 001,525,556 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 11 luglio.pdf
[2014/07/11 19:42:10 | 001,703,123 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 11 luglio.pdf
[2014/07/10 22:17:14 | 000,019,999 | ---- | C] () -- C:\Users\Andrea\Documents\Operazione Leone Marino 22-24 luglio 2014.odt
[2014/07/10 11:42:57 | 001,594,167 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 10 luglio.pdf
[2014/07/09 11:56:10 | 001,419,856 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 9 luglio.pdf
[2014/07/09 11:54:38 | 001,166,350 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 9 luglio.pdf
[2014/07/08 17:46:44 | 000,007,190 | ---- | C] () -- C:\Users\Andrea\Documents\cc_20140708_174641.reg
[2014/07/08 13:35:53 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2014/07/08 13:35:53 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2014/07/08 13:35:53 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2014/07/08 13:35:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/07/08 13:35:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/07/08 13:35:52 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2014/07/08 09:11:24 | 004,833,555 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 8 luglio.pdf
[2014/07/07 16:37:35 | 000,493,394 | ---- | C] () -- C:\Users\Andrea\Desktop\Live 88-12.std
[2014/07/07 10:05:12 | 003,713,446 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 7 luglio.pdf
[2014/07/07 09:53:25 | 001,084,300 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 7 luglio.pdf
[2014/07/06 17:30:52 | 000,000,747 | ---- | C] () -- C:\Windows\ST6UNST.003
[2014/07/06 17:30:07 | 000,000,747 | ---- | C] () -- C:\Windows\ST6UNST.002
[2014/07/06 17:29:50 | 000,000,747 | ---- | C] () -- C:\Windows\ST6UNST.001
[2014/07/06 17:29:12 | 000,000,747 | ---- | C] () -- C:\Windows\ST6UNST.000
[2014/07/06 17:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.LST
[2014/07/06 10:18:54 | 001,237,232 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 6 luglio.pdf
[2014/07/05 12:37:51 | 001,562,656 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 5 luglio.pdf
[2014/07/04 16:43:55 | 001,831,653 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 4 luglio.pdf
[2014/07/04 16:43:55 | 000,844,048 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 4 luglio.pdf
[2014/07/04 16:40:14 | 000,817,633 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 4 luglio.pdf
[2014/07/03 22:29:39 | 001,343,331 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 3 luglio.pdf
[2014/07/03 22:29:01 | 000,133,061 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 3 luglio.pdf
[2014/07/02 16:10:27 | 000,012,808 | ---- | C] () -- C:\Users\Andrea\Documents\Allegato fax INPS.odt
[2014/07/02 09:53:34 | 000,054,485 | ---- | C] () -- C:\Users\Andrea\Desktop\Bre7FbNIAAAmpIK.jpg
[2014/07/01 20:17:27 | 001,490,517 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 1 luglio.pdf
[2014/07/01 20:15:34 | 001,686,960 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 1 luglio.pdf
[2014/06/30 21:56:59 | 000,971,822 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 30 giugno.pdf
[2014/06/28 21:57:02 | 000,193,154 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 27 giugno.pdf
[2014/06/28 21:34:51 | 001,354,857 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 28 giugno.pdf
[2014/06/27 22:01:38 | 001,662,494 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercantile 27 giugno.pdf
[2014/06/27 22:00:08 | 000,998,417 | ---- | C] () -- C:\Users\Andrea\Desktop\Secolo 27 giugno.pdf
[2014/05/04 12:54:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/05/02 15:17:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2014/04/06 21:40:01 | 000,000,019 | ---- | C] () -- C:\Windows\CLOSEAPP.INI
[2014/04/06 19:29:55 | 000,000,273 | ---- | C] () -- C:\Windows\lgfwup.ini
[2014/04/06 19:13:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2014/04/06 19:13:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2014/04/06 19:12:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2014/04/06 19:12:24 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/04/06 19:08:16 | 000,022,420 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2014/04/06 19:07:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/06 19:07:57 | 000,017,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/04/02 19:02:43 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/04/01 23:11:31 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2014/04/01 23:11:31 | 000,016,212 | ---- | C] () -- C:\Windows\unins000.dat
[2014/04/01 22:16:55 | 001,635,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/01 21:58:52 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




Che ne pensate? Ora il controllo con Malawarebytes è pulito...
I file in quarantena sia di Malawerebytes sia di Security Essential possono essere eliminati?
Sponsor
Inviato: Sunday, July 27, 2014 6:06:09 PM

 
andread81
Inviato: Friday, August 01, 2014 12:06:54 AM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Le scansioni continuano ad essere negative ma un parere extra... mi piacerebbePray Pray Pray
andread81
Inviato: Thursday, August 14, 2014 3:49:40 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Ehm... qualche anima buona in giro che mi guardi i log???Pray Pray Pray Pray
giza
Inviato: Thursday, August 14, 2014 4:12:28 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,612
abbi fede, siamo a ferragosto. cmq con le pulizie fatte dovrebbe essere a posto (se non ti da problemi)
fai una scansione anche con questo

http://software.aiutamici.com/software?ID=11177
andread81
Inviato: Thursday, August 14, 2014 6:17:23 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Grazie della segnalazione, non lo conoscevo... Problemi per ora niente di che, ho rifatto un paio di scansioni con Altimal e tutto ok... certo un occhio ai log da chi li sa leggere farebbe comodo, ora testo McAfeeWhistle
andread81
Inviato: Monday, September 08, 2014 5:20:36 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Visto che mi comparivano dei banner pubblicitari, ho fatto un pò di controlli e Malawarebytes mi ha trovato un pò di robaccia:

Scan Date: 08/09/2014
Scan Time: 16:06:26
Logfile: MAL.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.08.04
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrea

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321295
Time Elapsed: 12 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.exe, 5748, Delete-on-Reboot, [89abb6354a31f3437fc2921ce21f2ad6]
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe, 3524, Delete-on-Reboot, [9e9607e49cdf83b3b988bef0b24fed13]

Modules: 0
(No malicious items detected)

Registry Keys: 26
PUP.Optional.ClearThink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ClearThink, Quarantined, [89abb6354a31f3437fc2921ce21f2ad6],
PUP.Optional.ClearThink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ClearThink, Quarantined, [9e9607e49cdf83b3b988bef0b24fed13],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [3ef6519a5d1ee2543d38b502729060a0],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [3ef6519a5d1ee2543d38b502729060a0],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{06E035F9-C6B3-4AE7-A839-BA68791F5499}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8972B0D-B0FB-4158-A567-365283693AD6}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8972B0D-B0FB-4158-A567-365283693AD6}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{06E035F9-C6B3-4AE7-A839-BA68791F5499}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7E6D4E3E-FC66-4036-9799-CE5C625C4C56}, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64, Quarantined, [0a2a995299e28aac903941bd907213ed],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ClearThink, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\ClearThink, Quarantined, [aa8afcefb2c993a37e087de555afa45c],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ClearThink, Quarantined, [64d0d01b205b112592f55c06bf45d32d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [9c989556f388ea4c642dad7baa59a759],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [54e049a284f789adfef446f8f11319e7],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1937300064-3510929270-2938044212-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, Quarantined, [54e049a284f789adfef446f8f11319e7]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink, Delete-on-Reboot, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin, Delete-on-Reboot, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [052f05e6a8d3c96d001510abe61c1fe1],

Files: 31
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.exe, Delete-on-Reboot, [89abb6354a31f3437fc2921ce21f2ad6],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe, Delete-on-Reboot, [9e9607e49cdf83b3b988bef0b24fed13],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThinkbho.dll, Quarantined, [c66e638887f461d5a558d9a354aefa06],
PUP.Optional.ClearThink.A, C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi, Quarantined, [191b87643a4149ed2f0a6198818128d8],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys, Quarantined, [0a2a995299e28aac903941bd907213ed],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThink.ico, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\0, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\7za.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\ClearThinkUninstall.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\updateClearThink.InstallState, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\7za.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\BrowserAdapterS.7z, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b7364.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowseG.zip, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\sqlite3.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\utilClearThink.InstallState, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}64.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.Bromon.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BroStats.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserAdapterS.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.CompatibilityChecker.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FeSvc.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FFUpdate.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.IEUpdate.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
PUP.Optional.ClearThink.A, C:\Program Files (x86)\ClearThink\bin\plugins\ClearThink.PurBrowseG.dll, Quarantined, [7eb6519af18a1323b4d13f23679d1de3],
Rogue.Multiple, C:\ProgramData\374311380\BIT41A0.tmp, Quarantined, [052f05e6a8d3c96d001510abe61c1fe1],

Physical Sectors: 0
(No malicious items detected)



allora ho seguito la procedura del forum e ho fatto girare AWD
# AdwCleaner v3.309 - Rapporto creato 08/09/2014 in 16:43:05
# Aggiornato 02/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Andrea - ANDREA-PC
# In esecuzione da : C:\Users\Andrea\Downloads\adwcleaner_3.309.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Inbox
Cartella Eliminato : C:\Program Files (x86)\SiteLookup
File Eliminato : C:\Users\Andrea\AppData\Local\Temp\Uninstall.exe
File Eliminato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\user.js

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 it)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1130 octets] - [27/07/2014 18:09:54]
AdwCleaner[R1].txt - [1580 octets] - [08/09/2014 16:40:02]
AdwCleaner[S0].txt - [1199 octets] - [27/07/2014 18:10:46]
AdwCleaner[S1].txt - [1516 octets] - [08/09/2014 16:43:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1576 octets] ##########

Poi OTL
OTL logfile created on: 08/09/2014 16:46:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,52% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 162,53 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive D: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 232,88 Gb Total Space | 57,31 Gb Free Space | 24,61% Space Free | Partition Type: NTFS

Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/08 16:42:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL(1).exe
PRC - [2014/07/29 22:35:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/25 15:51:18 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/07/25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/06/16 18:42:42 | 003,431,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
PRC - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe


========== Modules (No Company Name) ==========

MOD - [2014/07/29 22:34:45 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/06/04 15:17:12 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
MOD - [2014/05/14 23:21:50 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/04/03 22:19:40 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/03 21:55:19 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/04/02 23:13:30 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/02 23:13:25 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/02 23:13:17 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/02 23:13:12 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/02 23:13:10 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/02 23:13:04 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/02 23:13:04 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/02 23:13:00 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/02 23:12:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/02 23:12:55 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/02 23:12:54 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/02 23:12:48 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2010/04/30 17:33:22 | 000,846,336 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
MOD - [2010/01/14 22:31:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Wireless Keyboard Driver\KHKEY.dll
MOD - [2008/12/11 13:45:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
MOD - [2005/10/24 16:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/25 15:51:10 | 018,956,064 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/09/02 08:08:33 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/29 22:35:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/25 15:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/12 04:01:17 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/10/12 04:01:08 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/09/14 15:48:18 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2007/02/02 14:58:04 | 000,153,088 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/08 16:22:21 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/25 15:51:10 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/03/31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/27 19:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/08/27 19:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/01 08:52:58 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp24msdrv.sys -- (rp24msdrv)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/29 11:17:56 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2007/06/11 14:25:10 | 000,051,328 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2007/05/24 14:27:16 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2007/04/24 13:20:34 | 000,143,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2007/03/01 16:53:38 | 000,087,808 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2007/01/22 10:43:26 | 000,055,296 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2006/11/20 17:56:04 | 000,044,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2006/10/11 16:31:00 | 000,050,688 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2005/07/12 14:43:00 | 000,028,160 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2011/09/16 10:36:34 | 000,148,976 | ---- | M] (CyberLink Corp.) [2014/06/15 22:01:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/09/14 15:48:19 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\Downloads\Real Temp\WinRing0x64.sys -- (WinRing0_1_2_0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 78 78 2A E1 4D CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3m
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.40
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7Bcc6cc772-f121-49e0-b1f0-c26583cb0c5e%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 22:34:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/29 22:34:33 | 000,000,000 | ---D | M]

[2014/04/01 22:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2014/09/08 16:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions
[2014/09/07 09:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/08/20 17:55:29 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/09/07 21:27:05 | 000,000,000 | ---D | M] ("Website Counselor") -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
[2014/04/05 15:02:10 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2014/08/04 09:41:56 | 000,000,000 | ---D | M] (Italian dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2014/06/17 23:03:28 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\47l2pwhg.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
[2014/09/07 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles47l2pwhg.default\extensions
[2014/09/07 21:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles47l2pwhg.default\extensions\staged
[2014/04/27 18:03:36 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\translator@zoli.bod.xpi
[2014/04/27 15:11:52 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2014/09/03 08:10:57 | 000,541,661 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/08/20 17:55:28 | 000,156,032 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2014/07/25 11:41:46 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/22 16:51:14 | 000,023,774 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{d358dc61-498f-3de1-4d99-deacebaa276f}.xpi
[2014/04/30 23:28:58 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/07/29 22:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/07/29 22:35:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/07/28 15:32:30 | 000,450,720 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A701AD69-608A-46AF-A726-53D6CAAC8E74}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell - "" = AutoRun
O33 - MountPoints2\{7446cacc-c864-11e3-8ab6-e0cb4eb7a747}\Shell\AutoRun\command - "" = G:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (搀渀挀氀攀愀渀㘀㐀⸀攀砀攀)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/08 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/09/07 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\ElevatedDiagnostics
[2014/09/07 21:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2014/09/07 21:25:49 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\WebExtend
[2014/09/04 10:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/04 10:01:57 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems
[2014/09/04 10:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2014/09/04 10:01:25 | 000,528,384 | ---- | C] (Ulead Systems, Inc.) -- C:\Users\Andrea\Documents\Ipe.exe
[2014/09/04 09:59:11 | 000,040,960 | ---- | C] (Ulead Systems, Inc.) -- C:\Windows\SysWow64\Ulead Photo Express ScreenSaver.scr
[2014/09/04 09:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead Photo Express 6
[2014/09/04 09:40:52 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2014/09/04 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2014/09/04 09:40:51 | 000,027,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ctl3dv2.dll
[2014/09/04 09:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[2014/08/29 14:31:08 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/26 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\Nuova cartella
[2014/08/18 22:18:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/08/14 18:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2014/08/13 23:52:14 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/13 23:52:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/13 23:52:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/13 23:52:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/13 23:52:12 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/13 23:52:12 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/13 23:51:55 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/13 23:51:55 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/13 09:56:18 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/13 09:56:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/13 09:56:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/13 09:56:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/13 09:56:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/13 09:56:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/13 09:56:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/13 09:56:16 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/13 09:56:16 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/13 09:56:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/13 09:56:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/13 09:56:15 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/13 09:56:15 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/13 09:56:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/13 09:56:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/13 09:56:14 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/13 09:56:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/13 09:56:13 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/13 09:56:13 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/13 09:56:12 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/13 09:56:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/13 09:56:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/13 09:56:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/13 09:56:11 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/13 09:56:11 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/13 09:56:10 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/13 09:56:10 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/13 09:56:09 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/13 09:56:09 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/13 09:56:09 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/13 09:56:09 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/13 09:56:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/13 09:56:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/13 09:56:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/13 09:56:07 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/13 09:55:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/13 09:55:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/13 09:55:01 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/13 09:55:00 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/13 09:55:00 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/13 09:55:00 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/13 09:55:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/13 09:55:00 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/13 09:49:49 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/13 09:49:48 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/13 09:49:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/08 16:50:37 | 001,661,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/08 16:50:37 | 000,741,386 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2014/09/08 16:50:37 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/08 16:50:37 | 000,147,440 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2014/09/08 16:50:37 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/08 16:44:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/08 16:44:09 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/08 16:33:17 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/08 16:33:17 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/08 16:22:21 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/08 15:56:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/08 11:41:20 | 000,825,815 | ---- | M] () -- C:\Users\Andrea\Desktop\Report Joy Carasco.pdf
[2014/09/08 11:30:56 | 000,650,511 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0062_1.jpg
[2014/09/08 11:30:50 | 000,701,681 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0063.jpg
[2014/09/08 11:30:44 | 000,712,328 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0064.jpg
[2014/09/08 11:30:38 | 000,640,740 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0065.jpg
[2014/09/08 11:30:32 | 000,681,035 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0066.jpg
[2014/09/08 11:30:26 | 000,722,678 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0067.jpg
[2014/09/08 11:30:20 | 000,596,629 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0068.jpg
[2014/09/08 11:30:15 | 000,599,129 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0069.jpg
[2014/09/08 11:30:10 | 000,613,180 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0071.jpg
[2014/09/08 11:30:04 | 000,622,470 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0072.jpg
[2014/09/07 15:56:15 | 000,008,840 | ---- | M] () -- C:\Users\Andrea\Desktop\banner_andybell.gif
[2014/09/07 10:25:14 | 000,033,516 | ---- | M] () -- C:\Users\Andrea\Desktop\Badge Due Torri.JPG
[2014/09/07 10:13:56 | 000,193,941 | ---- | M] () -- C:\Users\Andrea\Desktop\Badge_Dasso_Andrea.jpg
[2014/09/06 16:10:37 | 000,558,418 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0062.jpg
[2014/09/05 19:20:02 | 000,888,106 | ---- | M] () -- C:\Users\Andrea\Desktop\Western.std
[2014/09/05 13:07:03 | 000,020,074 | ---- | M] () -- C:\Users\Andrea\Desktop\Poldo.JPG
[2014/09/05 09:08:10 | 001,865,318 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 5 settembre.pdf
[2014/09/05 08:08:05 | 000,431,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/04 22:31:54 | 000,080,543 | ---- | M] () -- C:\Users\Andrea\Desktop\Fronte Volantino.JPG
[2014/09/04 10:04:47 | 001,910,597 | ---- | M] () -- C:\Users\Andrea\Desktop\Volantino modificato giallo.JPG
[2014/09/04 09:59:23 | 000,000,196 | ---- | M] () -- C:\Windows\ulead32.ini
[2014/09/04 09:59:11 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Ulead Photo Express 6.0.lnk
[2014/09/02 08:08:32 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/02 08:08:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/31 17:58:37 | 000,420,390 | ---- | M] () -- C:\Users\Andrea\Desktop\Foto-0061.jpg
[2014/08/31 11:43:27 | 000,271,663 | ---- | M] () -- C:\Users\Andrea\Desktop\Carta Identità Andrea Dasso.pdf
[2014/08/29 20:20:55 | 001,604,471 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 29 agosto.pdf
[2014/08/28 18:44:23 | 000,025,525 | ---- | M] () -- C:\Users\Andrea\Desktop\BwI8VN-CcAA0pRL.jpg
[2014/08/27 22:14:22 | 000,128,583 | ---- | M] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso.pdf
[2014/08/27 22:14:03 | 000,337,628 | ---- | M] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso Con Foto.pdf
[2014/08/27 11:48:24 | 000,989,443 | ---- | M] () -- C:\Users\Andrea\Desktop\Cedola Finson.pdf
[2014/08/26 15:00:04 | 000,386,342 | ---- | M] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_1_And_2-[cdcovers_cc]-front.jpg
[2014/08/26 14:57:55 | 000,387,177 | ---- | M] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_3_And_4-[cdcovers_cc]-front.jpg
[2014/08/23 04:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 20:47:51 | 001,220,732 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 22 agosto.pdf
[2014/08/21 23:44:50 | 000,047,976 | ---- | M] () -- C:\Users\Andrea\Desktop\Moe2.jpg
[2014/08/15 08:10:24 | 002,705,117 | ---- | M] () -- C:\Users\Andrea\Desktop\Nuovo Levante 15 agosto.pdf
[2014/08/12 16:40:34 | 000,052,565 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercatini 3.pdf
[2014/08/12 16:40:30 | 000,019,977 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini 3.odt
[2014/08/12 00:23:32 | 000,109,415 | ---- | M] () -- C:\Users\Andrea\Desktop\Irina Facebook.png
[2014/08/11 17:05:00 | 000,054,967 | ---- | M] () -- C:\Users\Andrea\Desktop\Mercatini 2.pdf
[2014/08/11 17:04:53 | 000,020,139 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini 2.odt
[2014/08/11 08:52:57 | 000,045,000 | ---- | M] () -- C:\Users\Andrea\Desktop\But2W-kIYAE1bBH.jpg
[2014/08/10 20:29:53 | 000,818,925 | ---- | M] () -- C:\Users\Andrea\Desktop\Moe.png
[2014/08/10 20:17:09 | 000,016,216 | ---- | M] () -- C:\Users\Andrea\Documents\Mercatini.odt
[2014/08/10 20:16:56 | 000,047,110 | ---- | M] () -- C:\Users\Andrea\Desktop\Viaggio Mercatini.pdf
[2 C:\Users\Andrea\*.tmp files -> C:\Users\Andrea\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/09/08 11:41:19 | 000,825,815 | ---- | C] () -- C:\Users\Andrea\Desktop\Report Joy Carasco.pdf
[2014/09/08 11:30:51 | 000,650,511 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0062_1.jpg
[2014/09/08 11:30:45 | 000,701,681 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0063.jpg
[2014/09/08 11:30:38 | 000,712,328 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0064.jpg
[2014/09/08 11:30:33 | 000,640,740 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0065.jpg
[2014/09/08 11:30:27 | 000,681,035 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0066.jpg
[2014/09/08 11:30:21 | 000,722,678 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0067.jpg
[2014/09/08 11:30:16 | 000,596,629 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0068.jpg
[2014/09/08 11:30:11 | 000,599,129 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0069.jpg
[2014/09/08 11:30:05 | 000,613,180 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0071.jpg
[2014/09/08 11:29:59 | 000,622,470 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0072.jpg
[2014/09/07 15:56:14 | 000,008,840 | ---- | C] () -- C:\Users\Andrea\Desktop\banner_andybell.gif
[2014/09/07 10:25:14 | 000,033,516 | ---- | C] () -- C:\Users\Andrea\Desktop\Badge Due Torri.JPG
[2014/09/07 10:13:55 | 000,193,941 | ---- | C] () -- C:\Users\Andrea\Desktop\Badge_Dasso_Andrea.jpg
[2014/09/06 16:10:33 | 000,558,418 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0062.jpg
[2014/09/05 13:07:02 | 000,020,074 | ---- | C] () -- C:\Users\Andrea\Desktop\Poldo.JPG
[2014/09/05 09:08:10 | 001,865,318 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 5 settembre.pdf
[2014/09/04 16:18:29 | 000,080,543 | ---- | C] () -- C:\Users\Andrea\Desktop\Fronte Volantino.JPG
[2014/09/04 10:04:40 | 001,910,597 | ---- | C] () -- C:\Users\Andrea\Desktop\Volantino modificato giallo.JPG
[2014/09/04 09:59:11 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Ulead Photo Express 6.0.lnk
[2014/09/04 09:41:11 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2014/08/31 17:58:34 | 000,420,390 | ---- | C] () -- C:\Users\Andrea\Desktop\Foto-0061.jpg
[2014/08/31 11:43:27 | 000,271,663 | ---- | C] () -- C:\Users\Andrea\Desktop\Carta Identità Andrea Dasso.pdf
[2014/08/29 20:20:54 | 001,604,471 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 29 agosto.pdf
[2014/08/28 18:44:23 | 000,025,525 | ---- | C] () -- C:\Users\Andrea\Desktop\BwI8VN-CcAA0pRL.jpg
[2014/08/27 22:14:00 | 000,337,628 | ---- | C] () -- C:\Users\Andrea\Desktop\Curriculum Andrea Dasso Con Foto.pdf
[2014/08/27 11:48:24 | 000,989,443 | ---- | C] () -- C:\Users\Andrea\Desktop\Cedola Finson.pdf
[2014/08/27 11:13:18 | 000,888,106 | ---- | C] () -- C:\Users\Andrea\Desktop\Western.std
[2014/08/26 14:57:55 | 000,387,177 | ---- | C] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_3_And_4-[cdcovers_cc]-front.jpg
[2014/08/26 14:53:19 | 000,386,342 | ---- | C] () -- C:\Users\Andrea\Desktop\Renegade_Season_1_Disc_1_And_2-[cdcovers_cc]-front.jpg
[2014/08/25 09:34:34 | 001,035,321 | ---- | C] () -- C:\Users\Andrea\Desktop\foto012.jpg
[2014/08/22 20:47:51 | 001,220,732 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 22 agosto.pdf
[2014/08/21 23:44:49 | 000,047,976 | ---- | C] () -- C:\Users\Andrea\Desktop\Moe2.jpg
[2014/08/15 08:10:23 | 002,705,117 | ---- | C] () -- C:\Users\Andrea\Desktop\Nuovo Levante 15 agosto.pdf
[2014/08/12 16:40:33 | 000,052,565 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercatini 3.pdf
[2014/08/12 16:40:28 | 000,019,977 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini 3.odt
[2014/08/12 00:23:32 | 000,109,415 | ---- | C] () -- C:\Users\Andrea\Desktop\Irina Facebook.png
[2014/08/11 17:04:56 | 000,054,967 | ---- | C] () -- C:\Users\Andrea\Desktop\Mercatini 2.pdf
[2014/08/11 17:04:50 | 000,020,139 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini 2.odt
[2014/08/11 08:52:55 | 000,045,000 | ---- | C] () -- C:\Users\Andrea\Desktop\But2W-kIYAE1bBH.jpg
[2014/08/10 20:29:53 | 000,818,925 | ---- | C] () -- C:\Users\Andrea\Desktop\Moe.png
[2014/08/10 20:17:07 | 000,016,216 | ---- | C] () -- C:\Users\Andrea\Documents\Mercatini.odt
[2014/08/10 20:16:54 | 000,047,110 | ---- | C] () -- C:\Users\Andrea\Desktop\Viaggio Mercatini.pdf
[2014/07/27 18:33:55 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2014/07/27 14:56:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/27 14:56:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/08 13:35:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/07/08 13:35:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/05/04 12:54:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/05/02 15:17:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2014/04/06 21:40:01 | 000,000,019 | ---- | C] () -- C:\Windows\CLOSEAPP.INI
[2014/04/06 19:29:55 | 000,000,273 | ---- | C] () -- C:\Windows\lgfwup.ini
[2014/04/06 19:13:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2014/04/06 19:13:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2014/04/06 19:12:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2014/04/06 19:12:24 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/04/06 19:08:16 | 000,022,420 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2014/04/06 19:07:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/06 19:07:57 | 000,017,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/04/02 19:02:43 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/04/01 23:11:31 | 001,478,609 | ---- | C] () -- C:\Windows\unins000.exe
[2014/04/01 23:11:31 | 000,016,212 | ---- | C] () -- C:\Windows\unins000.dat
[2014/04/01 22:16:55 | 001,635,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/01 21:58:52 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andrea on 08/09/2014 at 16:54:08,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/09/2014 at 17:00:40,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Poi ho passato Stinger e tutto era negativo
Fatto tutto questo (e messi in quarantena tutti i rifiuti) ho rifatto girare di nuovo Antimal e AWD che mi ha segnalato solo il prefs.js di Firefox... vi chiedo di darmi un occhio al log di Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:22, on 08/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Users\Andrea\Downloads\adwcleaner_3.309.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8523 bytes
r16
Inviato: Monday, September 08, 2014 7:12:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log di OTL non presenta infezioni attive.
Riscontri problemi?
andread81
Inviato: Monday, September 08, 2014 7:17:18 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
r16 ha scritto:
Il log di OTL non presenta infezioni attive.
Riscontri problemi?


Al momento no, su quello di Hijack c'è qualcosa da killare?d'oh!

Gli unici problemi che avevo era la comparsa di banner, hot deals, che mi ha fatto fare tutta la procedura, ora anche Antimal è pulito, perciò... credo sia ok.
r16
Inviato: Monday, September 08, 2014 7:20:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
su quello di Hijack c'è qualcosa da killare?

No.

Apri OTL e clicca su CleanUP.
Si disinstallerà OTL.
Ti chiederà il riavvio del pc: acconsenti.
Al riavvio fai una pulizia con CCleaner. (registro compreso)

Sempre con CCleaner:
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".

N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.
andread81
Inviato: Monday, September 08, 2014 8:40:59 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Ok grazie, fatto anche il check con Ccleaner Applause
andread81
Inviato: Wednesday, November 12, 2014 7:59:44 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Rieccomi... aggiornando Commandos II ho scaricato un bel pò di robbaccia temo...

Dunque:
Anitmalwarebytes mi segnalava una sessantina di elementi ma come Non-Malware (infatti lo sfondo del programma era giallo non rosso) e ho messo tutto in quarantena (tutti Pup Optional, tranne un Trojan non meglio specificato)

Stinger, MSE non segnalano nulla.

Allora ho fatto girare AWD:

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\Aimersoft Video Converter Ultimate
Cartella Eliminato : C:\Program Files (x86)\PC Drivers HeadQuarters
Cartella Eliminato : C:\Users\Andrea\AppData\Roaming\Aimersoft Video Converter Ultimate
Cartella Eliminato : C:\Users\Andrea\AppData\Roaming\WebExtend
Cartella Eliminato : C:\Users\Andrea\Documents\Aimersoft Video Converter Ultimate
File Eliminato : C:\Windows\System32\roboot64.exe
File Eliminato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\user.js

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.1 (x86 it)


-\\ Chromium v

[C:\Users\Andrea\AppData\Local\Chromium\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://it.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1130 octets] - [27/07/2014 17:09:54]
AdwCleaner[R1].txt - [1580 octets] - [08/09/2014 15:40:02]
AdwCleaner[R2].txt - [1072 octets] - [08/09/2014 16:15:32]
AdwCleaner[R3].txt - [1133 octets] - [08/09/2014 16:17:17]
AdwCleaner[R4].txt - [2117 octets] - [12/11/2014 18:55:52]
AdwCleaner[R5].txt - [2177 octets] - [12/11/2014 19:12:53]
AdwCleaner[S0].txt - [1199 octets] - [27/07/2014 17:10:46]
AdwCleaner[S1].txt - [1656 octets] - [08/09/2014 15:43:05]
AdwCleaner[S2].txt - [1192 octets] - [08/09/2014 16:19:15]
AdwCleaner[S3].txt - [2117 octets] - [12/11/2014 19:24:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2177 octets] ##########


Poi un bel passaggio con Junk Removal:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andrea on 12/11/2014 at 19:24:21,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util clearthink



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\extensions\staged
Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\47l2pwhg.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared


Quindi ho lanciato Combofix che ha generato questo log:
ComboFix 14-11-12.01 - Andrea 12/11/2014 19:40:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2587 [GMT 1:00]
Eseguito da: c:\users\Andrea\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ST6UNST.000
c:\windows\UA000011.DLL
.
.
((((((((((((((((((((((((( Files Creati Da 2014-10-12 al 2014-11-12 )))))))))))))))))))))))))))))))))))
.
.
2014-11-12 18:45 . 2014-11-12 18:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-12 18:45 . 2014-11-12 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-12 18:34 . 2014-11-12 18:34 -------- d-----w- c:\users\Andrea\AppData\Roaming\GetRightToGo
2014-11-12 18:09 . 2014-11-12 18:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-12 17:28 . 2014-11-12 17:28 -------- d-----w- C:\NVIDIA
2014-11-12 17:07 . 2014-11-12 17:52 -------- d-----w- c:\programdata\e5c4ef79-068a-447e-b589-daa814c96056
2014-11-12 15:21 . 2014-11-12 15:37 -------- d-----w- c:\program files (x86)\Commandos II
2014-11-12 08:41 . 2014-09-17 06:16 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74B8F13E-14A6-4B31-8DBB-AA8BF89B15CE}\gapaengine.dll
2014-11-12 08:41 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E6A9CA9-658B-4DBD-B4EE-12B478C328A9}\mpengine.dll
2014-11-11 12:53 . 2014-11-03 20:25 615568 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-11-10 08:53 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-09 21:32 . 2014-11-09 21:32 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-11-09 21:31 . 2014-11-09 21:31 -------- d-----w- c:\programdata\Logs
2014-11-09 21:07 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-11-05 14:36 . 2014-11-05 14:36 -------- d-----w- c:\users\Andrea\AppData\Local\MindGems
2014-11-05 14:36 . 2014-11-05 14:36 -------- d-----w- c:\program files (x86)\Visual Similarity Duplicate Image Finder
2014-10-24 12:35 . 2014-11-09 14:45 -------- d-----w- c:\users\Andrea\AppData\Local\Foxit Reader
2014-10-24 09:31 . 2014-10-16 16:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
2014-10-24 09:31 . 2014-10-16 16:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-10-16 23:32 . 2014-10-16 23:32 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-10-16 08:58 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 08:58 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 08:58 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-16 08:58 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-16 08:58 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 18:09 . 2014-05-12 21:22 131800 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 18:08 . 2014-04-01 20:23 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-04 00:04 . 2014-04-01 20:19 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2014-04-01 20:19 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2014-04-01 20:08 987520 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-04-01 20:08 20985544 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2014-04-01 20:08 18514080 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-11-04 00:04 . 2014-04-01 20:08 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-04 00:04 . 2014-04-01 20:08 3238040 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-03 22:02 . 2014-04-01 20:20 6882448 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-04-01 20:20 3531464 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-04-01 20:20 61640 ----a-w- c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-04-01 20:20 935232 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-04-01 20:20 385352 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2014-04-01 20:20 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-03 11:58 . 2014-04-01 20:20 4099264 ----a-w- c:\windows\system32\nvcoproc.bin
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-16 23:28 . 2014-04-04 05:28 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 10:11 . 2014-04-01 20:23 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 10:11 . 2014-04-01 20:23 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 06:13 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 06:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 11:56 . 2014-04-01 19:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 11:56 . 2014-04-01 19:47 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-17 06:16 . 2014-04-05 08:57 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-17 04:51 . 2014-09-19 13:06 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-09-19 13:06 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-04-01 20:08 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-09-17 02:13 . 2014-06-02 19:39 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-09-17 02:13 . 2014-04-01 20:22 2193560 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-09-17 02:12 . 2014-04-01 20:22 2799784 ----a-w- c:\windows\system32\nvspcap64.dll
2014-09-17 02:12 . 2014-06-02 19:39 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-09-13 23:48 . 2014-09-19 13:06 1539272 ----a-w- c:\windows\system32\nvdispgenco6434411.dll
2014-09-13 23:48 . 2014-09-19 13:06 1876296 ----a-w- c:\windows\system32\nvdispco6434411.dll
2014-09-09 22:11 . 2014-09-24 06:36 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 06:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 19:14 . 2014-09-20 13:26 38048 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-09-04 19:14 . 2014-09-20 13:26 32416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-09-04 19:14 . 2014-04-01 20:08 34976 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-08-23 02:07 . 2014-08-29 12:31 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 12:31 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WIRELESS-KB-LED-STATUS"="c:\program files (x86)\Wireless Keyboard Driver\LedStatusApp.exe" [2010-04-30 846336]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0?????????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MegaCom;MegaCom Driver;c:\windows\system32\DRIVERS\megabatteryX64.sys;c:\windows\SYSNATIVE\DRIVERS\megabatteryX64.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz137;cpuz137;c:\users\Andrea\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Andrea\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rp24msdrv;2.4g Device;c:\windows\system32\drivers\rp24msdrv.sys;c:\windows\SYSNATIVE\drivers\rp24msdrv.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Andrea\Downloads\Real Temp\WinRing0x64.sys;c:\users\Andrea\Downloads\Real Temp\WinRing0x64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/06/15 22:01];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 08:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-01 11:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-10 7546072]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\47l2pwhg.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-TaskTray - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&12345678&01&00\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&12345678&01&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&12345678&01&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&UID1048848\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&UID1048848\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\PHL086D\5&26c654e&0&UID1048848\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Ora fine scansione: 2014-11-12 19:48:14
ComboFix-quarantined-files.txt 2014-11-12 18:48
.
Pre-Run: 176.369.770.496 byte disponibili
Post-Run: 175.855.869.952 byte disponibili
.
- - End Of File - - 63F6C6502D550EEDE367C5DBE54757F0
A36C5E4F47E84449FF07ED3517B43A31


Alla fine passaggio obbligato con HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:37, on 12/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files (x86)\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [WIRELESS-KB-LED-STATUS] C:\Program Files (x86)\Wireless Keyboard Driver\LedStatusApp.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8458 bytes


C'è qualche voce da killare da HJT? Dite che ora sono puliot? Ho rifatto passare AWD e Antimalware e non è risultato nulla...
cbbusto
Inviato: Thursday, November 13, 2014 3:24:51 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In HJT tutto ok, hai solo delle toolbar inutili, sono le 2 voci 03,
Toolbar: PDFXChange - Toolbar: Canon Easy-WebPrint EX
Attento ad usare con facilità Combofix, ti potrebbe creare problemi.
Ciao
andread81
Inviato: Thursday, November 13, 2014 4:35:11 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
cbbusto ha scritto:
In HJT tutto ok, hai solo delle toolbar inutili, sono le 2 voci 03,
Toolbar: PDFXChange - Toolbar: Canon Easy-WebPrint EX
Attento ad usare con facilità Combofix, ti potrebbe creare problemi.
Ciao

Ok toolbar killate. Grazie dell'avvertimento su Combofix: al corso che ho frequentato avevano detto di usarlo senza problemi perché aiuta parecchio ma non mi avevano avvertito. Al momento però non rilevo mal funzionamenti strani.Applause
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.