Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » zen avg

2 pages: [1] 2
zen avg Opzioni
Topic Precedente · Topic Sucessivo
iladel
Inviato: Thursday, December 03, 2015 11:30:35 AM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Buongiorno a tutti...sono una nuova iscritta e avrei bisogno di aiuto.
Vi ringrazio preventivamente

Il mio problema è : ho scaricato l'aggiornamento di avg zen , nel giro di poco incominciavano ad uscire varie finestre di errore e non mi permetteva più di accedere a funzione istalla / disistalla . Tra le finestre di errore c'e CCC.Implemententation di Ati graphic corrotto e un errore C:windows\system32\osbaseln.dll

Grazie
Torna in alto
 
Sponsor
Inviato: Thursday, December 03, 2015 11:30:35 AM

 
Torna in alto
 
iladel
Inviato: Thursday, December 03, 2015 1:44:16 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Qualcuno perfavore potrebbe controllare i log ...grazie

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11.07.50, on 03/12/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16717)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ilaria\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
O3 - Toolbar: Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - S-1-5-18 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soda PDF 5 Helper Service - LULU Software Limited - C:\Program Files (x86)\Soda PDF 5\HelperService.exe
O23 - Service: Soda PDF 5 Service - LULU Software Limited - C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater40.2.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 15384 bytes
Torna in alto
 
shapiro
Inviato: Thursday, December 03, 2015 3:28:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


prova a rimuovere Spybot e' un software obsoleto
Torna in alto
 
iladel
Inviato: Thursday, December 03, 2015 4:07:54 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Fatto ma nulla, continua darmi questi errori

CCC.Implementation Version=2.3314.38850 Cultur=neutral Pubblic Key token= 90ba9c70f846762

C:windows\system32\osbaseln.dll
Torna in alto
 
shapiro
Inviato: Thursday, December 03, 2015 4:26:28 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ma con tanti antivirus proprio avg ? prova avira o avast ne guadagni ;)

vediamo se hai qualche infezione che non ti permette l'aggiornamento

scarica farbar-recovery e mettilo sul desktop


Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

Avvialo il tool e clicca su yes

ora clicca su SCAN

Una volta terminata la scansione il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.

Allegalo qui nel forum
Torna in alto
 
iladel
Inviato: Thursday, December 03, 2015 4:57:19 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by ilaria (administrator) on PC-ILARIA (03-12-2015 16:41:18)
Running from C:\Users\ilaria\Downloads
Loaded Profiles: ilaria (Available Profiles: ilaria)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: Italiano (Italia)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(LULU Software Limited) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2819984 2015-12-02] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-04-04] (Hewlett-Packard)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3209216 2012-02-02] (Ares Development Group)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-26] ()
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-07-31] (EasyBits Software Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2011-12-24]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk [2013-12-01]
ShortcutTarget: Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FA398DEF-1EE9-4888-877B-34EC11D91545}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-300956757-2756368608-3835130273-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.it/
SearchScopes: HKLM -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKLM-x32 -> DefaultScope {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKLM-x32 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {13A4C6C8-BBD6-4ABB-8715-3455F0CD2020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcndtie7-it-it
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {D56A7ACD-2149-4428-9CB4-E4ABF82E0F38} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {E45EECB3-902D-4DB8-A238-0F2C121AB48E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {F96689A9-C4B0-487C-B534-330E05143A34} URL = hxxp://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll [2015-12-02] (AVG)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll [2013-05-13] (LULU Software Limited)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll [2013-05-13] (LULU Software Limited)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll [2014-01-29] (Alawar)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.1\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-300956757-2756368608-3835130273-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\ilaria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-25] [not signed]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=it-it
CHR StartupUrls: Default -> "hxxp://www.google.it/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows LiveÂâ„¢ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (trivia games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
CHR Extension: (new game) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
CHR Extension: (Gmail) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (dr games) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]
CHR HKU\S-1-5-21-300956757-2756368608-3835130273-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mibfbmhijjgpkmobcfdlelpccpeafoom] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2015-12-03]

Opera:
=======
OPR Extension: (trivia games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\obbfamljbihbcghcciagdafdpbgcmkne [2015-04-02]
OPR Extension: (new game) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02]
OPR Extension: (dr games) - C:\Users\ilaria\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjpbfdjmmlnelgbkffopkgpggeeaildc [2015-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1096544 2013-05-13] (LULU Software Limited)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-05-13] (LULU Software Limited)
R2 vToolbarUpdater40.2.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe [1926544 2015-12-02] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-02] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2013-04-23] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2011-12-08] (Danish Wireless Design A/S)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
U2 ezSharedSvc; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 16:41 - 2015-12-03 16:42 - 00029705 _____ C:\Users\ilaria\Downloads\FRST.txt
2015-12-03 16:39 - 2015-12-03 16:41 - 00000000 ____D C:\FRST
2015-12-03 16:38 - 2015-12-03 16:38 - 02350080 _____ (Farbar) C:\Users\ilaria\Downloads\FRST64.exe
2015-12-03 15:32 - 2015-12-03 15:33 - 00000000 ____D C:\Users\ilaria\AppData\Local\Facebook
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\ProgramData\Tarma Installer
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-03 15:32 - 2015-04-11 12:58 - 00010355 _____ C:\Quarantine.lst
2015-12-03 15:32 - 2015-04-11 12:58 - 00009018 _____ C:\Quarantine.reg
2015-12-03 11:06 - 2015-12-03 11:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\ilaria\Downloads\HijackThis.exe
2015-12-03 10:51 - 2015-12-03 10:51 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB216F12-A197-44D8-A8B6-A88DBDA969F3}
2015-12-02 18:08 - 2015-12-02 18:09 - 00000000 ____D C:\Users\ilaria\AppData\Local\AVG Web TuneUp
2015-12-02 18:08 - 2015-12-02 18:08 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:09 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-02 17:59 - 2015-12-02 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-02 17:58 - 2015-12-02 17:58 - 00000000 ___HD C:\$AVG
2015-12-02 17:54 - 2015-12-02 17:54 - 00000837 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-02 17:54 - 2015-12-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-02 17:51 - 2015-12-02 17:52 - 02924856 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ilaria\Downloads\AVG_Protection_Free_1005.exe
2015-12-02 17:23 - 2015-12-02 17:23 - 00000941 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-02 16:36 - 2015-12-02 16:36 - 00016330 _____ C:\Windows\SysWOW64\BroomData.bit
2015-12-02 16:36 - 2013-04-08 15:30 - 00022752 _____ C:\Windows\system32\PCloudBroom64.exe
2015-12-02 16:03 - 2015-12-02 16:03 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-02 16:03 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2015-12-02 16:03 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-12-02 16:02 - 2015-12-02 16:02 - 35192968 _____ (Panda Security ) C:\Users\ilaria\Downloads\PandaCloudCleaner.exe
2015-12-02 15:43 - 2015-12-02 15:43 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (1).exe
2015-12-02 15:40 - 2015-12-02 15:40 - 00347816 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-12-02 14:01 - 2015-12-02 14:01 - 00001728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000760 _____ C:\Users\Public\Desktop\Games.lnk
2015-12-02 14:01 - 2015-12-02 14:01 - 00000231 _____ C:\Users\Public\Desktop\More Great Games.url
2015-12-02 14:00 - 2015-12-02 14:01 - 00000000 ____D C:\Program Files (x86)\bfgclient
2015-12-02 13:59 - 2015-12-02 13:59 - 00237568 _____ (Big Fish Games) C:\Users\ilaria\Downloads\farm-frenzy-inc_s1_l1_gF8904T1L1_d2543295360.exe
2015-12-02 13:30 - 2015-12-02 13:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{E5B9EF64-E83C-400F-A865-38F4E13B8469}
2015-12-02 13:17 - 2015-12-02 13:18 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2D51ECE1-2CCB-4255-8838-4C03DCD93514}
2015-12-02 13:11 - 2015-12-02 13:11 - 00000125 _____ C:\FINIS_IT.TXT
2015-12-02 12:21 - 2015-12-02 12:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 12:20 - 2015-12-02 19:04 - 00000306 _____ C:\Windows\Tasks\RMSchedule.job
2015-12-02 12:20 - 2015-12-02 12:20 - 00002884 _____ C:\Windows\System32\Tasks\RMSchedule
2015-12-02 12:16 - 2015-12-02 12:17 - 00011376 _____ C:\Users\ilaria\Documents\cc_20151202_121640.reg
2015-12-02 11:42 - 2015-12-02 11:48 - 00000000 ____D C:\ProgramData\PC1Data
2015-12-02 11:22 - 2015-12-02 11:22 - 00000000 ____D C:\Users\ilaria\AppData\Local\{97197E8D-654F-4A20-9F6D-5A897EA63016}
2015-12-01 20:19 - 2015-12-01 20:19 - 00004264 _____ C:\Users\ilaria\Documents\cc_20151201_201916.reg
2015-12-01 20:18 - 2015-12-01 20:18 - 00146898 _____ C:\Users\ilaria\Documents\cc_20151201_201800.reg
2015-12-01 18:12 - 2015-12-01 18:27 - 781443488 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X64.exe
2015-12-01 18:03 - 2015-12-01 18:10 - 498580680 _____ (Microsoft Corporation) C:\Users\ilaria\Downloads\Windows6.0-KB948465-X86.exe
2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\Users\ilaria\AppData\Local\{517FC8D9-BA79-4BF0-BF14-716682725F5B}
2015-12-01 16:21 - 2015-12-01 16:21 - 00000000 ____D C:\7b361a8e4434a6279e480b71
2015-12-01 16:20 - 2015-12-01 16:20 - 00000000 ____D C:\Windows\CheckSur
2015-12-01 14:38 - 2015-12-01 14:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{50E2C87A-0EC2-4981-B313-57BC84DBEDC6}
2015-12-01 14:29 - 2015-12-01 14:29 - 00000000 ____D C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 14:16 - 2015-12-01 14:16 - 00000000 ____D C:\Users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 14:14 - 2015-12-01 14:57 - 00000000 ____D C:\MATS
2015-12-01 14:03 - 2015-12-01 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F730300D-5371-40DB-B39A-31DB8146DEE2}
2015-12-01 11:43 - 2015-12-01 11:43 - 00000000 ____D C:\8986f1190e149d948a69
2015-12-01 11:42 - 2015-12-01 11:42 - 00000898 _____ C:\Users\ilaria\Downloads\daticert (2).xml
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d.zip
2015-12-01 11:41 - 2015-12-01 11:42 - 00141003 _____ C:\Users\ilaria\Downloads\POSTA_CERTIFICATA%3a_Inoltrato_dalla_casella_edlcalzature_sas%40legalmail.it_-__POSTA_CERTIFICATA%3a_INAIL_Comunica_%5b21930055%5d (1).zip
2015-12-01 11:20 - 2015-12-01 11:20 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5C503F4E-FED8-43B4-A80E-49645B5768A5}
2015-12-01 11:11 - 2015-12-01 11:11 - 00000000 __SHD C:\found.000
2015-11-30 19:39 - 2015-11-30 19:40 - 00000000 ____D C:\Program Files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 19:33 - 2015-11-30 19:35 - 00000000 ____D C:\Program Files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 18:02 - 2015-11-30 18:02 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\GameInvest
2015-11-30 17:12 - 2015-11-30 17:13 - 00000000 ____D C:\Program Files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-30 11:38 - 2015-11-30 11:38 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A661D06A-6CC4-4F62-B9CD-BFB45880858E}
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 19:19 - 2015-11-29 19:22 - 00000000 ____D C:\Program Files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-29 18:25 - 2015-11-29 18:25 - 00547517 _____ C:\Users\ilaria\Downloads\p25181.pdf
2015-11-29 11:54 - 2015-11-29 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\{D5077F65-06A8-4C4F-9F1D-56B5BA34FFC0}
2015-11-27 13:07 - 2015-11-27 13:07 - 16176964 _____ C:\Users\ilaria\Downloads\accessori_lartigiana_Bottoni.zip
2015-11-27 11:10 - 2015-11-27 11:10 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1414A7D0-09A5-458C-935B-2161412B1076}
2015-11-26 18:30 - 2015-11-26 18:30 - 00001294 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-11-26 11:17 - 2015-11-26 11:17 - 00000000 ____D C:\Users\ilaria\AppData\Local\{5D63DCE3-F6C4-49EB-9AD9-1173687F5533}
2015-11-25 19:30 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-25 18:50 - 2015-12-02 17:54 - 00000000 ____D C:\Users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 18:43 - 2015-11-25 18:43 - 00000000 ____D C:\Users\ilaria\AppData\Local\{DB606EB1-9118-4D4F-B972-55132092B2AE}
2015-11-25 17:40 - 2015-11-25 17:52 - 754825497 _____ C:\Users\ilaria\Downloads\Senza titolo (5).zip
2015-11-25 12:23 - 2015-11-25 12:23 - 00001787 _____ C:\Users\Public\Desktop\Play Farm Frenzy Inc..lnk
2015-11-25 12:22 - 2015-12-02 14:02 - 00000000 ____D C:\Program Files (x86)\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-25 12:22 - 2015-12-01 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-11-18 18:00 - 2015-11-18 18:00 - 06633489 _____ C:\Users\ilaria\Downloads\I%3a_FOTO_ARTICOLI.zip
2015-11-17 13:56 - 2015-11-17 13:56 - 00001266 _____ C:\Users\Public\Desktop\Altri fantastici giochi.lnk
2015-11-17 10:30 - 2015-11-17 10:30 - 00000000 ____D C:\Users\ilaria\AppData\Local\{0D9E7E5B-0E72-4FF9-8424-886F689582DD}
2015-11-15 10:47 - 2015-11-15 10:47 - 00000000 ____D C:\Users\ilaria\AppData\Local\{1AC681F7-0B67-4877-8EB7-A1C2B3639DF5}
2015-11-13 11:00 - 2015-11-13 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{4FC773F2-93DA-4674-B632-1C45CBE2F820}
2015-11-11 23:13 - 2015-11-11 23:13 - 00000000 ____D C:\Users\ilaria\AppData\Local\{A2B206D7-AE9A-4526-9769-A6EE7E67C7F9}
2015-11-11 22:22 - 2015-10-17 15:35 - 02798592 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 22:22 - 2015-09-26 17:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 22:22 - 2015-09-26 17:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 22:22 - 2015-09-26 17:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 22:22 - 2015-09-26 16:58 - 00257536 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 22:22 - 2015-09-26 14:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-11-11 22:22 - 2015-09-22 14:10 - 00517976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 22:22 - 2015-09-22 14:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 22:16 - 2015-10-17 17:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 22:16 - 2015-10-17 16:41 - 00659456 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 22:13 - 2015-10-10 16:48 - 00736192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 22:04 - 2015-10-13 15:45 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 22:04 - 2015-10-13 15:44 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 22:01 - 2015-10-14 21:25 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 22:01 - 2015-10-14 21:25 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 22:01 - 2015-10-14 16:47 - 04691392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:25 - 2015-11-11 19:25 - 00324628 _____ C:\Users\ilaria\Downloads\Scheda Sintetica di Polizza_Alitalia Programma Viaggi_Mod. 012015_tcm12-6220.pdf
2015-11-11 11:22 - 2015-10-31 20:48 - 17079296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 10886144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:22 - 2015-10-31 20:45 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 11:22 - 2015-10-31 20:44 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 20:44 - 01299968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:22 - 2015-10-31 20:44 - 01295872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 20:43 - 02129408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00887296 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-11 11:22 - 2015-10-31 20:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-11 11:22 - 2015-10-31 19:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:22 - 2015-10-31 19:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 11:22 - 2015-10-31 19:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 11:22 - 2015-10-31 19:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 11:22 - 2015-10-31 19:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-11-11 11:22 - 2015-10-31 19:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-11-11 11:22 - 2015-10-31 19:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-11-08 11:18 - 2015-11-08 11:19 - 00000000 ____D C:\Users\ilaria\AppData\Local\{FB3702B7-83BB-42DD-BDA5-1EB28FC1AED1}
2015-11-06 15:50 - 2015-11-06 15:50 - 00184240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-11-05 23:41 - 2015-11-05 23:41 - 00000000 ____D C:\Users\ilaria\AppData\Local\{F6782731-13CC-4BB2-BD8E-A4F18B0DBEC3}
2015-11-05 10:58 - 2015-11-05 11:00 - 00000000 ____D C:\Users\ilaria\AppData\Local\{BDF8F4BD-C1CC-427B-9649-A5A9FBF22211}
2015-11-03 10:59 - 2015-11-03 10:59 - 00000000 ____D C:\Users\ilaria\AppData\Local\{2A19DB56-8D03-4BDA-A08E-8A06597B4D4E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 16:39 - 2006-11-02 14:33 - 00000000 ____D C:\Windows
2015-12-03 16:03 - 2011-12-28 14:04 - 00001985 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 16:03 - 2011-12-28 14:02 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 15:55 - 2012-04-13 21:43 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 15:51 - 2011-12-24 17:01 - 00000000 ____D C:\ProgramData\MFAData
2015-12-03 15:51 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\tracing
2015-12-03 15:50 - 2011-12-26 18:11 - 00000000 ____D C:\Users\ilaria\Tracing
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:47 - 2006-11-02 16:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:46 - 2014-05-26 10:21 - 00000912 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-12-03 15:46 - 2011-12-28 14:02 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 15:46 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 15:45 - 2006-11-02 16:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-03 15:44 - 2015-04-11 11:58 - 00000693 _____ C:\Windows\wininit.ini
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-03 14:50 - 2011-12-24 16:35 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Skype
2015-12-03 13:04 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Temp
2015-12-02 20:27 - 2009-08-01 04:31 - 00714792 _____ C:\Windows\system32\perfh010.dat
2015-12-02 20:27 - 2009-08-01 04:31 - 00143172 _____ C:\Windows\system32\perfc010.dat
2015-12-02 20:27 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2015-12-02 20:27 - 2006-11-02 13:46 - 01606136 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 20:16 - 2011-12-24 16:39 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-12-02 19:38 - 2011-12-24 15:32 - 00000936 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-12-02 18:01 - 2015-03-10 14:25 - 00000000 ____D C:\Users\ilaria\AppData\Local\Avg
2015-12-02 17:58 - 2015-03-10 14:20 - 00000000 ____D C:\ProgramData\AVG
2015-12-02 17:56 - 2011-12-24 17:05 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-02 17:23 - 2011-12-24 15:32 - 00000951 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-02 17:23 - 2011-12-24 15:32 - 00000917 _____ C:\Users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-12-02 16:36 - 2013-03-18 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TavoliVerdi 2013
2015-12-02 16:35 - 2014-11-06 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidden World
2015-12-02 14:02 - 2013-07-09 22:07 - 00000000 ____D C:\BigFishCache
2015-12-02 14:00 - 2013-09-08 12:48 - 00000000 ____D C:\ProgramData\Big Fish
2015-12-02 13:11 - 2009-08-01 05:41 - 00000000 ___HD C:\hp
2015-12-02 13:09 - 2009-07-31 20:42 - 00000000 ____D C:\Program Files (x86)\SMINST
2015-12-02 12:21 - 2006-11-02 14:33 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-02 11:31 - 2006-11-02 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-01 20:13 - 2012-09-12 14:03 - 00000000 ____D C:\Windows\Minidump
2015-12-01 16:52 - 2009-07-31 20:48 - 00003576 _____ C:\Windows\System32\Tasks\HP Health Check
2015-12-01 16:47 - 2012-01-01 16:48 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\HpUpdate
2015-12-01 16:30 - 2009-07-31 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-01 15:24 - 2011-12-24 15:27 - 00000000 ____D C:\Users\ilaria
2015-12-01 15:24 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-01 15:22 - 2006-11-02 13:33 - 94633984 _____ C:\Windows\system32\config\software_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 70254592 _____ C:\Windows\system32\config\components_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 24379392 _____ C:\Windows\system32\config\system_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 04980736 _____ C:\Windows\system32\config\default_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-01 15:22 - 2006-11-02 13:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-01 15:20 - 2015-10-04 13:46 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\PlayFavoriteGames
2015-12-01 15:20 - 2015-09-12 14:03 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\DominiGames
2015-12-01 15:20 - 2015-08-16 13:36 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\MAI
2015-12-01 15:20 - 2014-11-18 14:54 - 00000000 ____D C:\Program Files (x86)\Burraconline
2015-12-01 15:20 - 2013-03-25 18:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-01 15:20 - 2006-11-02 16:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-01 15:20 - 2006-11-02 14:34 - 00000000 ____D C:\Windows\system32\spool
2015-12-01 15:20 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\registration
2015-12-01 15:19 - 2015-10-15 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\4 Friends Games
2015-12-01 15:19 - 2015-09-10 11:57 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Deep Shadows
2015-12-01 15:19 - 2015-08-04 11:54 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar Entertainment
2015-12-01 15:19 - 2015-08-02 11:08 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\SMIGames
2015-12-01 15:19 - 2015-07-12 13:09 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Awem
2015-12-01 15:19 - 2015-07-05 13:28 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Vendel-GAMES
2015-12-01 15:19 - 2015-04-15 21:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2015-12-01 14:33 - 2014-11-26 13:01 - 00000000 ____D C:\ProgramData\AVG2015
2015-11-30 19:35 - 2014-11-13 11:56 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\EleFun Games
2015-11-28 19:41 - 2014-11-09 17:21 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Elephant Games
2015-11-26 18:48 - 2014-11-07 13:41 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Eipix
2015-11-26 11:21 - 2011-12-24 16:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-25 19:08 - 2011-12-26 22:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AVG
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
2015-11-23 17:58 - 2014-11-07 12:30 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\ERS Game Studios
2015-11-23 16:26 - 2014-09-16 12:12 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\BlamGames
2015-11-11 23:32 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2015-11-11 23:07 - 2006-11-02 16:21 - 00384336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 23:02 - 2006-11-02 16:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 23:02 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 22:44 - 2013-07-18 13:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 22:24 - 2006-11-02 13:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 22:21 - 2012-05-12 11:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:08 - 2014-03-01 16:50 - 01582104 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 15:55 - 2012-04-13 21:43 - 00003830 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:55 - 2012-04-13 21:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 15:55 - 2011-12-26 21:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-07-27 10:16 - 2014-09-19 10:43 - 0000244 _____ () C:\Users\ilaria\AppData\Roaming\WB.CFG
2013-12-31 09:56 - 2014-01-02 11:47 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-13 09:22 - 2014-01-28 11:21 - 0000005 _____ () C:\Users\ilaria\AppData\Roaming\WBPU-TTL.DAT
2012-02-18 18:32 - 2014-05-24 10:45 - 0001770 _____ () C:\Users\ilaria\AppData\Roaming\wklnhst.dat
2011-12-26 10:44 - 2015-08-14 12:54 - 0000680 _____ () C:\Users\ilaria\AppData\Local\d3d9caps.dat
2011-12-27 15:24 - 2015-05-02 13:08 - 0021504 _____ () C:\Users\ilaria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-12 13:22 - 2015-07-12 13:23 - 0197874 _____ () C:\Users\ilaria\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-07-12 13:22 - 2015-07-12 13:22 - 0000002 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35error.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0114422 _____ () C:\Users\ilaria\AppData\Local\dd_dotnetfx35install.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0386352 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistMSI09C7.txt
2014-06-05 10:45 - 2014-06-05 10:45 - 0011368 _____ () C:\Users\ilaria\AppData\Local\dd_vcredistUI09C7.txt
2015-07-12 13:22 - 2015-07-12 13:23 - 0008074 _____ () C:\Users\ilaria\AppData\Local\uxeventlog.txt

Some files in TEMP:
====================
C:\Users\ilaria\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ilaria\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 15:54

==================== End of FRST.txt ============================
Torna in alto
 
iladel
Inviato: Thursday, December 03, 2015 4:57:54 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Grazie per il tuo aiuto
Torna in alto
 
shapiro
Inviato: Thursday, December 03, 2015 9:02:54 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
controlla questa cartella, dimmi cosa c'e' dentro oppure se e' vuota

C:\Users\ilaria\AppData\Roaming\Eipix



apri blocco note e copia dentro questo codice

start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
end



salvalo sul desktop come fixlist.txt

chiudi tutti i programmi

ora avvia nuovamente FRST e clicca su FIX

attendi la fine delle operazioni, se il pc non si riavvia fallo tu

al termine della scansione verra' rilasciato un file come fixlog.txt

allegalo qui nel forum
Torna in alto
 
giza
Inviato: Friday, December 04, 2015 10:11:45 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
zen è invadente. eliminalo
Torna in alto
 
iladel
Inviato: Monday, December 07, 2015 3:24:10 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
C:\Users\ilaria\AppData\Roaming\Eipix
in questa cartella ci son demo di giochi

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by ilaria (2015-12-07 14:54:46) Run:1
Running from C:\Users\ilaria\Desktop
Loaded Profiles: ilaria (Available Profiles: ilaria)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
SearchScopes: HKU\S-1-5-21-300956757-2756368608-3835130273-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F17B539F-E2C4-4A5D-AC8B-8F77809FD0D9}&mid=cfb5bdce605b47d1828dd16d674baa43-8d629c5e06620ea23c319b6bfb95aa08292dad68&lang=it&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-02 18:08:06&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Yontoo) - C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2015-12-03] [UpdateUrl: hxxps://download.yontoo.com/chrome-update.xml] <==== ATTENTION
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
2015-12-03 15:32 - 2015-12-03 15:32 - 00000000 ____D C:\Program Files (x86)\Yontoo
2015-12-02 18:07 - 2015-12-02 18:07 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-03 15:47 - 2012-10-17 11:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-03 15:46 - 2015-04-11 10:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 15:44 - 2015-04-11 10:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-02 18:08 - 2015-03-03 10:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-25 12:32 - 2014-10-31 13:40 - 00000000 ____D C:\ProgramData\Alawar
2015-11-25 12:32 - 2014-10-11 11:49 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\Alawar
2015-11-24 16:51 - 2014-09-30 11:32 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-24 16:51 - 2013-07-04 22:07 - 00000000 ____D C:\Users\ilaria\AppData\Roaming\AlawarEntertainment
end


*****************

[3240] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe => process closed successfully.
[3760] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe => process closed successfully.
"HKU\S-1-5-21-300956757-2756368608-3835130273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\Users\ilaria\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc <==== ATTENTION => not found
NAVENG => service removed successfully
NAVEX15 => service removed successfully
C:\Program Files (x86)\Yontoo => moved successfully
C:\ProgramData\AVG Secure Search => moved successfully
C:\Windows\system32\Ikeext.etl => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\AVG Security Toolbar => moved successfully
C:\ProgramData\Alawar => moved successfully
C:\Users\ilaria\AppData\Roaming\Alawar => moved successfully
C:\ProgramData\AlawarEntertainment => moved successfully
C:\Users\ilaria\AppData\Roaming\AlawarEntertainment => moved successfully

==== End of Fixlog 15:04:10 ====
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 10:11:00 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


fammi sapere se hai ancora il problema esposto nella discussione, altrimenti facciamo altri controlli
Torna in alto
 
iladel
Inviato: Tuesday, December 08, 2015 4:44:04 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Si i problemi sono invariati, non mi fa entrare in istalla /disinstalla programmi del pannello di controllo . E continuano gli errori precedenti.
Comunque ho disinstallato avg con ccleaner e lo ho sostituito con avast.

Grazie del tuo interessamento
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 4:54:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

potrebbe anche non essere un'infezione, ma facciamo le dovute verifiche


scarica combofix sul desktop

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

Non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
iladel
Inviato: Tuesday, December 08, 2015 5:06:50 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
Mi dice di disattivare avast...che faccio?
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 5:19:58 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



disattiva avast e disconnettiti ...riattivalo subito dopo finita la scansione
Torna in alto
 
iladel
Inviato: Tuesday, December 08, 2015 6:05:22 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
ComboFix 15-12-07.01 - ilaria 08/12/2015 17.28.28.1.2 - x64
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.4093.1710 [GMT 1:00]
Eseguito da: c:\users\ilaria\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ilaria\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2015-11-08 al 2015-12-08 )))))))))))))))))))))))))))))))))))
.
.
2015-12-08 16:46 . 2015-12-08 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-08 15:53 . 2015-12-08 15:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2015-12-08 15:49 . 2015-12-08 15:49 -------- d-----w- c:\program files (x86)\QuickTime
2015-12-08 15:29 . 2015-12-08 15:29 -------- d-----w- c:\program files\ATI
2015-12-07 19:16 . 2015-12-07 19:16 -------- d-----w- C:\9d2972e931e5937411ca38732929
2015-12-07 15:14 . 2015-12-07 15:09 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-07 15:10 . 2015-12-07 15:10 -------- d-----w- c:\users\ilaria\AppData\Roaming\AVAST Software
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-07 15:10 . 2015-12-07 15:09 211448 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-07 15:10 . 2015-12-07 15:09 450504 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-07 15:10 . 2015-12-07 15:09 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-07 15:10 . 2015-12-07 15:09 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-07 15:10 . 2015-12-07 15:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-07 15:10 . 2015-12-07 15:09 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-07 15:10 . 2015-12-07 15:09 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-07 15:09 . 2015-12-07 15:09 43112 ----a-w- c:\windows\avastSS.scr
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\program files\AVAST Software
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\programdata\AVAST Software
2015-12-03 17:30 . 2015-12-03 17:38 -------- d-----w- c:\users\ilaria\AppData\Roaming\Hidden Objects ChaperonRouge
2015-12-03 15:39 . 2015-12-07 14:04 -------- d-----w- C:\FRST
2015-12-03 14:32 . 2015-12-03 14:33 -------- d-----w- c:\users\ilaria\AppData\Local\Facebook
2015-12-03 14:32 . 2015-12-03 14:32 -------- d-----w- c:\programdata\Tarma Installer
2015-12-03 14:32 . 2015-04-11 11:58 9018 ----a-w- C:\Quarantine.reg
2015-12-02 15:36 . 2013-04-08 14:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2015-12-02 15:03 . 2015-01-29 17:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-12-02 15:03 . 2015-09-14 12:03 39672 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2015-12-02 15:03 . 2015-12-02 15:03 -------- d-----w- c:\program files (x86)\Panda Security
2015-12-02 13:00 . 2015-12-02 13:01 -------- d-----w- c:\program files (x86)\bfgclient
2015-12-02 11:21 . 2015-12-02 11:21 -------- d-----w- c:\users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 10:42 . 2015-12-02 10:48 -------- d-----w- c:\programdata\PC1Data
2015-12-02 10:10 . 2015-11-17 06:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C817CA7D-9B92-40DF-8566-1B74EEDF7DAF}\mpengine.dll
2015-12-01 15:21 . 2015-12-01 15:21 -------- d-----w- C:\7b361a8e4434a6279e480b71
2015-12-01 15:20 . 2015-12-01 15:20 -------- d-----w- c:\windows\CheckSur
2015-12-01 13:29 . 2015-12-01 13:29 -------- d-----w- C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 13:16 . 2015-12-01 13:16 -------- d-----w- c:\users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 13:14 . 2015-12-01 13:57 -------- d-----w- C:\MATS
2015-12-01 10:43 . 2015-12-01 10:43 -------- d-----w- C:\8986f1190e149d948a69
2015-12-01 10:11 . 2015-12-01 10:11 -------- d-----w- C:\found.000
2015-11-30 18:39 . 2015-11-30 18:40 -------- d-----w- c:\program files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 18:33 . 2015-11-30 18:35 -------- d-----w- c:\program files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 17:02 . 2015-11-30 17:02 -------- d-----w- c:\users\ilaria\AppData\Roaming\GameInvest
2015-11-30 16:12 . 2015-11-30 16:13 -------- d-----w- c:\program files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-29 18:24 . 2015-11-29 18:24 -------- d-----w- c:\users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 18:19 . 2015-11-29 18:22 -------- d-----w- c:\program files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-25 18:30 . 2015-06-23 11:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 17:50 . 2015-12-07 14:42 -------- d-----w- c:\users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 11:22 . 2015-12-02 13:02 -------- d-----w- c:\program files (x86)\Farm Frenzy Inc
2015-11-11 21:22 . 2015-09-26 16:04 206336 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-11-11 21:22 . 2015-09-26 15:58 257536 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 281600 ----a-w- c:\windows\SysWow64\schannel.dll
2015-11-11 21:22 . 2015-09-26 15:58 350720 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 21:22 . 2015-09-26 13:21 275968 ----a-w- c:\windows\SysWow64\bcrypt.dll
2015-11-11 21:22 . 2015-09-22 13:10 517976 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-11 21:22 . 2015-09-22 13:10 306688 ----a-w- c:\windows\system32\bcrypt.dll
2015-11-11 21:22 . 2015-10-17 14:35 2798592 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 21:16 . 2015-10-17 16:01 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-11-11 21:16 . 2015-10-17 15:41 659456 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 21:13 . 2015-10-10 15:48 736192 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 21:11 . 2015-10-01 15:41 1506816 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-11-11 21:11 . 2015-10-01 16:03 940032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:11 . 2015-10-01 15:41 1823232 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-11-11 21:11 . 2015-10-01 15:41 1482752 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-11-11 21:11 . 2015-10-01 15:41 1455104 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:04 . 2015-10-13 14:45 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 21:04 . 2015-10-13 14:44 94720 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 21:01 . 2015-10-14 20:25 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 21:01 . 2015-10-14 20:25 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-11-11 21:01 . 2015-10-14 15:47 4691392 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 21:24 . 2006-11-02 12:35 145617392 ----a-w- c:\windows\system32\mrt.exe
2015-11-11 14:55 . 2012-04-13 20:42 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 14:55 . 2011-12-26 20:56 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-26 21416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-07 7021880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
c:\users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-648UB\WlanCU.exe [2011-12-24 499712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-03 15:00 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:55]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
2015-12-07 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2011-12-27 13:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-07 15:09 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.com/?trackid=sp-006
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~3\TARMAI~1\{889DF~1\Setup.exe
AddRemove-DSite - c:\users\ilaria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Ora fine scansione: 2015-12-08 18:02:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-12-08 17:02
.
Pre-Run: 748.409.954.304 byte disponibili
Post-Run: 748.690.833.408 byte disponibili
.
- - End Of File - - 2F6AB49CDD5EF27008A7CDBB9775C2E9
81CD5EC01DB0CE57EDD853F82462EF27
Torna in alto
 
shapiro
Inviato: Tuesday, December 08, 2015 6:19:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ma hai copiato bene tutto il log? manca una parte importante
Torna in alto
 
iladel
Inviato: Tuesday, December 08, 2015 6:35:23 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
2015-12-08 16:59:22 . 2015-12-08 16:59:22 704 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-DSite.reg.dat
2015-12-08 16:59:00 . 2015-12-08 16:59:00 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmartMenu.reg.dat
2015-12-08 16:58:46 . 2015-12-08 16:58:46 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2015-12-08 16:58:46 . 2015-12-08 16:58:46 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2015-12-08 16:41:18 . 2015-12-08 16:41:18 8,142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-12-08 16:22:29 . 2015-12-08 16:22:29 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2015-04-15 20:56:22 . 2015-04-15 20:56:23 115,137 ----a-w- C:\Qoobox\Quarantine\C\Users\ilaria\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll.vir
2015-04-11 10:58:46 . 2015-12-03 14:44:37 693 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir

Questa è la quarantena era in un'altra nota
Torna in alto
 
iladel
Inviato: Tuesday, December 08, 2015 6:36:56 PM
Rank: Member

Iscritto dal : 12/3/2015
Posts: 19
ComboFix 15-12-07.01 - ilaria 08/12/2015 17.28.28.1.2 - x64
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.4093.1710 [GMT 1:00]
Eseguito da: c:\users\ilaria\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ilaria\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2015-11-08 al 2015-12-08 )))))))))))))))))))))))))))))))))))
.
.
2015-12-08 16:46 . 2015-12-08 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-08 15:53 . 2015-12-08 15:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2015-12-08 15:49 . 2015-12-08 15:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2015-12-08 15:49 . 2015-12-08 15:49 -------- d-----w- c:\program files (x86)\QuickTime
2015-12-08 15:29 . 2015-12-08 15:29 -------- d-----w- c:\program files\ATI
2015-12-07 19:16 . 2015-12-07 19:16 -------- d-----w- C:\9d2972e931e5937411ca38732929
2015-12-07 15:14 . 2015-12-07 15:09 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-07 15:10 . 2015-12-07 15:10 -------- d-----w- c:\users\ilaria\AppData\Roaming\AVAST Software
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-07 15:10 . 2015-12-07 15:09 211448 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-07 15:10 . 2015-12-07 15:09 450504 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-07 15:10 . 2015-12-07 15:09 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-07 15:10 . 2015-12-07 15:09 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-07 15:10 . 2015-12-07 15:09 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-07 15:10 . 2015-12-07 15:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-07 15:10 . 2015-12-07 15:09 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-07 15:10 . 2015-12-07 15:09 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-07 15:09 . 2015-12-07 15:09 43112 ----a-w- c:\windows\avastSS.scr
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\program files\AVAST Software
2015-12-07 15:07 . 2015-12-07 15:07 -------- d-----w- c:\programdata\AVAST Software
2015-12-03 17:30 . 2015-12-03 17:38 -------- d-----w- c:\users\ilaria\AppData\Roaming\Hidden Objects ChaperonRouge
2015-12-03 15:39 . 2015-12-07 14:04 -------- d-----w- C:\FRST
2015-12-03 14:32 . 2015-12-03 14:33 -------- d-----w- c:\users\ilaria\AppData\Local\Facebook
2015-12-03 14:32 . 2015-12-03 14:32 -------- d-----w- c:\programdata\Tarma Installer
2015-12-03 14:32 . 2015-04-11 11:58 9018 ----a-w- C:\Quarantine.reg
2015-12-02 15:36 . 2013-04-08 14:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2015-12-02 15:03 . 2015-01-29 17:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-12-02 15:03 . 2015-09-14 12:03 39672 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2015-12-02 15:03 . 2015-12-02 15:03 -------- d-----w- c:\program files (x86)\Panda Security
2015-12-02 13:00 . 2015-12-02 13:01 -------- d-----w- c:\program files (x86)\bfgclient
2015-12-02 11:21 . 2015-12-02 11:21 -------- d-----w- c:\users\ilaria\AppData\Roaming\Registry Mechanic
2015-12-02 10:42 . 2015-12-02 10:48 -------- d-----w- c:\programdata\PC1Data
2015-12-02 10:10 . 2015-11-17 06:43 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C817CA7D-9B92-40DF-8566-1B74EEDF7DAF}\mpengine.dll
2015-12-01 15:21 . 2015-12-01 15:21 -------- d-----w- C:\7b361a8e4434a6279e480b71
2015-12-01 15:20 . 2015-12-01 15:20 -------- d-----w- c:\windows\CheckSur
2015-12-01 13:29 . 2015-12-01 13:29 -------- d-----w- C:\ce3adb00cc1f8a509a7ea33c7469a1
2015-12-01 13:16 . 2015-12-01 13:16 -------- d-----w- c:\users\ilaria\AppData\Local\ElevatedDiagnostics
2015-12-01 13:14 . 2015-12-01 13:57 -------- d-----w- C:\MATS
2015-12-01 10:43 . 2015-12-01 10:43 -------- d-----w- C:\8986f1190e149d948a69
2015-12-01 10:11 . 2015-12-01 10:11 -------- d-----w- C:\found.000
2015-11-30 18:39 . 2015-11-30 18:40 -------- d-----w- c:\program files (x86)\Fear For Sale - Mystery of McInroy Manor
2015-11-30 18:33 . 2015-11-30 18:35 -------- d-----w- c:\program files (x86)\Fear for Sale - Endless Voyage Collectors Edition
2015-11-30 17:02 . 2015-11-30 17:02 -------- d-----w- c:\users\ilaria\AppData\Roaming\GameInvest
2015-11-30 16:12 . 2015-11-30 16:13 -------- d-----w- c:\program files (x86)\Fantastic Creations - House of Brass Collector's Edition
2015-11-29 18:24 . 2015-11-29 18:24 -------- d-----w- c:\users\ilaria\AppData\Roaming\The House of Fables
2015-11-29 18:19 . 2015-11-29 18:22 -------- d-----w- c:\program files (x86)\Eventide - Slavic Fable Collectors Edition
2015-11-25 18:30 . 2015-06-23 11:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 17:50 . 2015-12-07 14:42 -------- d-----w- c:\users\ilaria\AppData\Local\AvgSetupLog
2015-11-25 11:22 . 2015-12-02 13:02 -------- d-----w- c:\program files (x86)\Farm Frenzy Inc
2015-11-11 21:22 . 2015-09-26 16:04 206336 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-11-11 21:22 . 2015-09-26 15:58 257536 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 21:22 . 2015-09-26 16:05 281600 ----a-w- c:\windows\SysWow64\schannel.dll
2015-11-11 21:22 . 2015-09-26 15:58 350720 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 21:22 . 2015-09-26 13:21 275968 ----a-w- c:\windows\SysWow64\bcrypt.dll
2015-11-11 21:22 . 2015-09-22 13:10 517976 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-11 21:22 . 2015-09-22 13:10 306688 ----a-w- c:\windows\system32\bcrypt.dll
2015-11-11 21:22 . 2015-10-17 14:35 2798592 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 21:16 . 2015-10-17 16:01 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-11-11 21:16 . 2015-10-17 15:41 659456 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 21:13 . 2015-10-10 15:48 736192 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 21:11 . 2015-10-01 15:41 1506816 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-11-11 21:11 . 2015-10-01 16:03 940032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:11 . 2015-10-01 15:41 1823232 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-11-11 21:11 . 2015-10-01 15:41 1482752 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-11-11 21:11 . 2015-10-01 15:41 1455104 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 21:04 . 2015-10-13 14:45 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 21:04 . 2015-10-13 14:44 94720 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 21:01 . 2015-10-14 20:25 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 21:01 . 2015-10-14 20:25 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-11-11 21:01 . 2015-10-14 15:47 4691392 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 21:24 . 2006-11-02 12:35 145617392 ----a-w- c:\windows\system32\mrt.exe
2015-11-11 14:55 . 2012-04-13 20:42 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 14:55 . 2011-12-26 20:56 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-26 21416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-09 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-07 7021880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
c:\users\ilaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-648UB\WlanCU.exe [2011-12-24 499712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-03 15:00 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:55]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 19:48]
.
2015-12-08 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
2015-12-07 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2011-12-27 13:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-07 15:09 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.com/?trackid=sp-006
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~3\TARMAI~1\{889DF~1\Setup.exe
AddRemove-DSite - c:\users\ilaria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Ora fine scansione: 2015-12-08 18:02:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-12-08 17:02
.
Pre-Run: 748.409.954.304 byte disponibili
Post-Run: 748.690.833.408 byte disponibili
.
- - End Of File - - 2F6AB49CDD5EF27008A7CDBB9775C2E9
81CD5EC01DB0CE57EDD853F82462EF27
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » zen avg


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.