www.MegaLab.it

[afronights]

Salve a tutti Vorrei esporVi un mio problema, penso di aver preso un virus nel mio pc (windows 8 pro), il task manager è disabilitato anche con la combinazione Alt à ctrl + canc, ed anche mi trovo il tasto dx del mouse che non funziona piu.

Penso che sia un virus ma facendo la scansione con Windows defender non ho trovato niente, ora ho iniziato la scansione con kaspersky ma arrivato ad un certo punto mi si blocca. potreste suggerirmi qualche soluzione per individuarne la causa ? thanks ( ho già provato a modificare il registro di sistema ma niente da fare).

ciao e grazie Andrea-

[Hironori]

prova con hitman pro se il tasto ctrl di sono da solo funziona tienilo premuto mentre lanci hitman fino alla comparsa del programma ( bloccherà alcuni processi che ritiene dannosi ) http://www.surfright.nl/en/downloads/ oppure se hai una chiavetta usb usi la funzione kickstart http://www.surfright.nl/en/kickstart ovviamente funziona con tutti i virus riconosciuti . Per rimuovere hai una licenza di 30 gg

[afronights]

grazie della risposta !!! appena finisce la scansione di kaspersky (azz è da ieri che sta scansionando !!!) provo subito !!!

[afronights]

scansione finita, rilevati alcuni trojan e rimossi, ma la combinazione ctrl alt canc ancora non funziona.

Ho anche effettuato la scansione con hitman pro dove mi ha anche eliminato quache trojan.

Successivamente ho voluto provare Hitman pro con kickstart con chiave USB, ma non sono riuscito a far bottare la chiave, mi ha dato errore nel boot !!!

dopo di che il sistema si è automaticamente riavviato ed è andato in tilt, nel sense che mentre l'hard disk caricava il S.O. lo schermo era spento.

successivamente il pc mi è andato in stand by senza preavviso !!! poi lo riavviato e pare che i driver nvidia siano andati a p.... !.

punti di ripristino ne ho solo uno perché mi sono accorto che era al 1% di utilizzo !!!. il disco originale di windows al momento non c'è l'ho ma forse se

riesco a recuperare il product key credete che riuscirei a scaricarne la ISO dalla microsoft ?

sono ad un punto cieco, se quacuno potrebbe consigliarmi qualcosaltro ve ne sarei grato grazie Andrea.

[afronights]

Volevo precisare che solo la combinazione ctrl alt canc non funziona, perché se vado a far avviare la gestione attività da menu a tendina si avvia tranquillamente.

Comunque ho notato che la voce "Gestione" nel menu a tendina (tasto destro del mouse) sulla barra delle applicazioni, è abilitata (non in grigietto) ma non funzionante !.

[Hironori]

kick start era se hitman pro non riusciva a istallrsi
Hai un punto di ripristino ?
K ha completato la scansione ? Avevo capito che si bloccava , per questo avevo suggerito hitman e kick start
Hai conservato un log di hit e kasp ?
I driver li puoi scaricare dal sito del produttore della tua scheda video

[afronights]

hitmapro senza kick ma non quello con il kick, ti allega suo log (quello con kick mi dava errore di boot all'avvio):

Codice: Seleziona tutto

HitmanPro 3.7.7.205
www.hitmanpro.com

   Computer name . . . . : AFRONIGHTS
   Windows . . . . . . . : 6.2.0.9200.X64/8
   User name . . . . . . : AFRONIGHTS\Afro
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-09-15 15:53:55
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 34m 14s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 415
   Traces  . . . . . . . : 1081

   Objects scanned . . . : 3,329,691
   Files scanned . . . . : 151,813
   Remnants scanned  . . : 1,349,150 files / 1,828,728 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8007579460
      DriverName . . . . : \Driver\storahci
      DriverPath . . . . : \SystemRoot\System32\drivers\storahci.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA80068482C0 +0
   Solution
      DriverObject . . . : FFFFFA8007579460
      DriverName . . . . : \Driver\storahci
      DriverPath . . . . : \SystemRoot\System32\drivers\storahci.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000E62DA0 \SystemRoot\System32\drivers\storport.sys+11680

Malware _____________________________________________________________________

   C:\Users\Afro\Downloads\Adobe CS5 All Products\Adobe CS5 All Products Keygens + Individual Product Keygen\Adobe InDesign CS5 Premium\adobe_IDP_CS5_keygen.exe
      Size . . . . . . . : 63,937 bytes
      Age  . . . . . . . : 299.7 days (2012-11-20 00:02:39)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 84A2CBE77D6E18A4393EA36F92CF92B32190B032F45EE85DF00820163C32F3C6
    > G Data . . . . . . : Trojan.Generic.6555408 (Engine-A)
      Fuzzy  . . . . . . : 117.0

   C:\Users\Afro\Downloads\Adobe Photoshop CC 14.0 Final Multilingual\patch\patcher_x64.exe
      Size . . . . . . . : 8,749 bytes
      Age  . . . . . . . : 76.6 days (2013-07-01 00:28:23)
      Entropy  . . . . . : 3.2
      SHA-256  . . . . . : E9C332214E304C358ED390D1609898C84D23B43B6DD529F6E705D1F3634F0B71
    > Ikarus . . . . . . : Trojan.Win32.Webprefix!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Afro\Downloads\Adobe Photoshop CC 14.0 Final Multilingual\patch\patcher_x86.exe
      Size . . . . . . . : 8,749 bytes
      Age  . . . . . . . : 76.6 days (2013-07-01 00:28:23)
      Entropy  . . . . . : 3.2
      SHA-256  . . . . . : FB30F97969815A0A2FBE10754F5C0EF884A331AB81344EFD9479673BDC826361
    > Ikarus . . . . . . : Trojan.Win32.Webprefix!IK
      Fuzzy  . . . . . . : 106.0

   C:\Users\Afro\Downloads\CRACK-MinImage\Phx_data\Plugins\Phx_Default.dll
      Size . . . . . . . : 152,064 bytes
      Age  . . . . . . . : 299.7 days (2012-11-20 00:06:04)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : AFE89C0688D7AB16519B08B6A95D241ECDE516EEE64EED9A0317C790D0CBEB29
      Product  . . . . . : Phoenix Default plugin DLL
      Publisher  . . . . : $t@t!c_V()1D
      Description  . . . : Phoenix Default plugin DLL
      Version  . . . . . : 1.0.2.6
      Copyright
    > Ikarus . . . . . . : MalwareScope.Trojan-PWS.Game!IK
      Fuzzy  . . . . . . : 100.0

   C:\Users\Afro\Downloads\CS6 amtlib.dll\amtlib x64\amtlib.dll
      Size . . . . . . . : 2,249,352 bytes
      Age  . . . . . . . : 96.8 days (2013-06-10 19:41:35)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : F7C93C9F262A94360ECEF3725ED20DC3B43BFAD4243AB3FDAF5B8E56222E3F54
      Product  . . . . . : AMTLib (64 Bit)
      Publisher  . . . . : Adobe Systems, Incorporated
      Description  . . . : AMT Licensing
      Version  . . . . . : 6.0.0.75
      Copyright  . . . . : Copyright 2006-2011 Adobe Systems Incorporated. All rights reserved.
      RSA Key Size . . . : 1024
      Authenticode . . . : Invalid
    > Ikarus . . . . . . : possible-Threat.Crack.Adobe!IK
      Fuzzy  . . . . . . : 120.0

   C:\Users\Afro\Downloads\SAT\PROGRAMMI\UCDS2ver702c_Full_20_10_04\ucds2ver702c.exe
      Size . . . . . . . : 256,512 bytes
      Age  . . . . . . . : 299.6 days (2012-11-20 00:26:12)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : EADA33B1733F9538D5757333F66AB2C1D2C8BB4F8E3DA27954ED4F0131DC1BBA
      Product  . . . . . : UCDS 2
      Version  . . . . . : 7.00.0002
      Copyright  . . . . : by Golfinger66
    > Ikarus . . . . . . : Trojan.Win32.Zmunik!IK
      Fuzzy  . . . . . . : 109.0

   C:\Windows\SysWOW64\flt1chk3.dll
      Size . . . . . . . : 315,728 bytes
      Age  . . . . . . . : 3243.9 days (2004-10-28 17:38:10)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : E6FEEA66EE1F57C0A4138FE401FC51C90BCF7D60EDDF0AC4895496C30D86037C
    > Emsisoft . . . . . : Trojan.Win32.SuspLibLoad.AMN!A2
      Fuzzy  . . . . . . : 116.0


Suspicious files ____________________________________________________________

   C:\Users\Afro\Documents\BFBC2\pb\pbcl.dll
      Size . . . . . . . : 962,185 bytes
      Age  . . . . . . . : 299.8 days (2012-11-19 21:01:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Afro\Downloads\Far Cry 3 Deluxe Edition PC\rld-fc3104\Crack\FC3.dll
      Size . . . . . . . : 29,961,384 bytes
      Age  . . . . . . . : 250.9 days (2013-01-07 18:09:22)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 40F9951F8C82BA931678D0D0DB70B66C8C2BCDD6F46E2860AACBD92975EAA3B8
      Product  . . . . . : Far Cry 3
      Publisher  . . . . : Ubisoft Entertainment
      Description  . . . : Dunia Engine/Far Cry 2 Dynamic Link Library
      Version  . . . . . : 0.1.0.1
      Copyright  . . . . : Copyright (C) 2008 Ubisoft Entertainment
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

   C:\Users\Afro\Downloads\Far Cry 3 Deluxe Edition PC\rld-fc3104\Crack\FC3_d3d11.dll
      Size . . . . . . . : 30,023,848 bytes
      Age  . . . . . . . : 250.9 days (2013-01-07 18:09:22)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 208E63891323E22916BF9E8078848EFC8FACBC71CDA0339E3CB8B0A05E9C2938
      Product  . . . . . : Far Cry 3
      Publisher  . . . . : Ubisoft Entertainment
      Description  . . . : Dunia Engine/Far Cry 2 Dynamic Link Library
      Version  . . . . . : 0.1.0.1
      Copyright  . . . . : Copyright (C) 2008 Ubisoft Entertainment
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro)
   HKU\S-1-5-21-4245315389-2014982766-2237935216-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

   C:\Users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\cookies.sqlite:doubleclick.net
   C:\Users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\cookies.sqlite:eas8.emediate.eu
   C:\Users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\cookies.sqlite:serving-sys.com
   C:\Users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\cookies.sqlite:vodafoneit.solution.weborama.fr
   C:\Users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\cookies.sqlite:weborama.fr




di seguito anche log di combo fixer se puo essere utile:

ComboFix 13-09-13.01 - Afro 13/09/2013 18.15.27.1.8 - x64 NETWORK
Microsoft Windows 8 Pro 6.2.9200.0.1252.39.1040.18.8136.6661 [GMT 2:00]
Eseguito da: c:\users\Afro\Downloads\errfgd.exe
AV: Spybot - Search and Destroy *Disabled/Outdated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\users\Afro\AppData\Local\assembly\tmp
c:\users\Afro\Documents\~WRL0001.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\SCLabel.ocx
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-08-13 al 2013-09-13 )))))))))))))))))))))))))))))))))))
.
.
2013-09-13 16:23 . 2013-09-13 16:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-13 15:59 . 2013-09-13 15:59 -------- d-----w- C:\fgfgd
2013-09-13 13:54 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF5272F2-D479-41ED-8D82-75F402CC5B45}\mpengine.dll
2013-09-12 12:03 . 2013-09-12 12:03 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 11:30 . 2013-09-13 12:59 -------- d-----w- c:\users\Afro\AppData\Roaming\ViberPC
2013-09-12 11:29 . 2013-09-13 13:29 -------- d-----w- c:\users\Afro\AppData\Local\Viber
2013-09-10 10:43 . 2013-09-10 10:43 -------- d-----w- c:\users\Afro\AppData\Local\World in Conflict
2013-09-08 20:08 . 2013-09-08 20:08 -------- d-----w- c:\program files (x86)\Microsoft
2013-09-07 13:42 . 2013-09-07 13:42 -------- d-----w- c:\users\Afro\AppData\Roaming\Highresolution Enterprises
2013-09-07 13:42 . 2013-09-13 13:11 -------- d-----w- c:\program files\Highresolution Enterprises
2013-09-03 11:50 . 2013-09-03 11:52 101685 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall_Liguria_110.exe
2013-09-03 10:33 . 2013-09-13 13:38 -------- d-----w- C:\GMouse
2013-08-29 18:38 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-08-29 18:38 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-29 18:38 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-08-29 18:38 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-08-29 18:38 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-08-29 18:38 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-29 18:38 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-29 18:38 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-08-29 18:38 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 15:41 . 2013-05-14 11:20 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-09-06 21:24 . 2012-12-19 16:25 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-06 21:24 . 2012-12-02 23:22 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-06 21:24 . 2012-12-02 10:24 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-29 18:49 . 2012-12-12 19:20 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-29 15:36 . 2013-07-29 15:29 1147232 ----a-w- c:\programdata\Microsoft\VWDExpress\11.0\1040\ResourceCache.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-21 12:06 . 2013-07-30 16:07 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-30 16:07 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-30 16:07 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-30 16:07 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-30 16:07 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-30 16:07 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-30 16:07 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-30 16:07 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-30 16:07 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-30 16:07 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-30 16:07 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-30 16:07 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-30 16:07 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-30 16:07 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-30 16:07 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-30 16:07 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-30 16:07 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-30 16:07 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-30 16:07 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-30 16:07 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-30 16:07 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-05-23 19:08 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2012-11-19 18:46 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2012-11-19 18:46 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2012-10-18 23:02 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2012-10-18 23:02 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2012-11-19 18:47 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2012-11-19 18:47 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2012-11-19 18:47 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2012-11-19 18:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2012-11-19 18:47 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2012-11-19 18:47 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-16 22:41 . 2013-07-28 12:27 997632 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-02-17 03:27 . 2013-02-17 03:27 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
1998-09-25 13:16 . 2012-12-03 14:23 270848 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Afro\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"EADM"="g:\program files (x86)\Origin\Origin.exe" [2013-08-29 3549528]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"DesktopOK"="c:\users\Afro\Downloads\DesktopOK\DesktopOK_x64.exe" [2013-04-01 391168]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe" [2012-12-24 1067232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-29 6581488]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-09-03 2237328]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"GMouse"="c:\gmouse\GMouse.exe" [2010-03-25 987136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-04-15 1320328]
.
c:\users\Afro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-8-16 316416]
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\Gestore installazioni SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-3-16 1855080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82x64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
R2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [x]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MsDepSvc;Servizio Agente distribuzione Web;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;g:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;g:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz134;cpuz134;c:\users\Afro\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Afro\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;g:\program files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;g:\program files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\System32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\System32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\System32\drivers\ICCWDT.sys;c:\windows\SYSNATIVE\drivers\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\System32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-26 19:08]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 00:21]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 00:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-30 08:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-30 08:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-30 08:01 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"ROG GameFirst II"="c:\program files\ASUS\ROG GameFirst II\cFosSpeed.exe" [2012-08-09 3064232]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/|http://www.virgi ... cebook.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-07 21:35; jid1-93WyvpgvxzGATw@jetpack; c:\users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\extensions\jid1-93WyvpgvxzGATw@jetpack.xpi
FF - ExtSQL: 2013-08-07 21:35; {9aad3da6-6c46-4ef0-9109-6df5eaaf597c}; c:\users\Afro\AppData\Roaming\Mozilla\Firefox\Profiles\6cgwp7y0.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-ATR_72500 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
@=hex:44,e6,03,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:6a,f3,e9,90,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:2b,34,1c,92,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:24,a8,05,92,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:82,af,f4,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:2d,c3,81,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:2a,ad,5a,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
@=hex:50,79,0a,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:1b,bb,8f,92,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:b1,69,e2,90,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:77,89,32,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:85,c9,86,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:ca,45,ae,92,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:2c,59,2f,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:7b,f4,11,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:3d,ea,ea,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:f2,bc,12,92,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:12,bf,18,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:f8,4b,78,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:a0,fc,8b,91,5e,76,ce,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2013-09-13 18:25:08
ComboFix-quarantined-files.txt 2013-09-13 16:25
.
Pre-Run: 262,266,372,096 byte disponibili
Post-Run: 262,031,093,760 byte disponibili
.
- - End Of File - - 5BFC459B7B776785207DA7D51E199819
A36C5E4F47E84449FF07ED3517B43A31

[afronights]

AL momento ho installato Avira antivirus in prova per 30 giorni ma dopo 2 ariavvia l'ombrellino si è disattivato !!!

[afronights]

cosa curiosta durante secondo installazione di avira (con protezione disattiva) mi è uscita dialogbox che mi assiva di aggiornamento e che dovevo riavviare, invece di riavviandosi si blocca ad un certo punto e va in stand by devo quindo spegnare e riaccendere per poi scoprire che i driver nvidia sono danneggiati e devo reinstallarli (cosa che mi è gia capitata altra volta quando ho tentato di far partire hitman pro con kickstart da boot USB !!!!.

[Hironori]

visto velocemente i log
Lo sai che hai un poco di tutto crakkato ?
I virus vari sono proprio le crack
Non ho capito se hai risolto qualcosa o meno

[afronights]

in teoria dai risultati che sono emersi pare, dico pare, che tutti i file crakkati infetti rilevati siano stati eliminati.

Ma in pratica secondo me c'è qualcosaltro (forse un rootkit) che nn viene rilavato da nessuno.

al momento sto facendo una altra scansione di Avira (ma secondo me anche quest'ultimo antivirus è sotto il controllo del virus !!!

[GERONIMO*]

Bhè sei pieno di crack e keygen..ovvio che sei zeppo di virus
segui questa guida alla lettera,salta hitmanpro che già hai fatto
http://www.windoctor.it/sicurezza/ripul ... 8-i-virus/

[afronights]

tutti eseguiti a aprte aswMBR che ad un certo punto della scansione mi si blocca sul servizio di Windows Defender !!! e mi va in crash il programma uscendo.

[Hironori]

tdss rileva qualcosa ?
comunque dopo tdss e combofix un rootkit dovrebbe essere piallato

[GERONIMO*]

combofix non lo pensare perché non possiamo fare affidamento su di lui visto che per ora non è compatibile con windows 8,quindi meglio non rischiare di eliminare file leggittimi,e generare un log strano
hai troppi software per la sicurezza su quel pc,vanno in conflitto trà loro
disinstalla Spybot e Avira che hai scelto la demo non la free
e lasciati solo windows defender che è antivirus e antispyware

poi
disattiva momentaneamente windows defender e riprova con aswMBR

[afronights]

comunque windows defender mi dice già che sia disattivato, comunque ora tolgo avira e spybot, ciao.

[afronights]

fatto tolot spybot ed avira.

una curiosità quando ho disinstallato spybot ho riavviato il pc ed invece di riavviarsi automaticamente, è passato in stand by, quindi ho dovuto spegnere con il bottone tasto power. Una volta fatto ripartire l'ombrellino di avira ( che ancora nn era disinstallato) era chiuso, quindi ho disinstallato anche avira.

ma windows 8 ormai è diventato un grosso virus !!!

[GERONIMO*]

non ho capito bene il fatto dello standby..comunque
2 cose sei riuscito a lanciare aswMBR?
Comunica il pc che problemi ti da ancora

poi facciamo un ulteriore controllo più approfondito con OTL
Scarica OTL by OldTimer sul Desktop
http://www.windoctor.it/download/otl/

Chiudi tutti i programmi aperti Metti il segno di spunta su Scan All Users
LOP Ceck
Purity Ceck
Clicca su Run Scan
Attendere la fine della scansione, OTL lascierà due file di log (OTL.txt ed Extras.txt),
postali sul forum
caricali da qui perché sono molto lunghi
http://www.filedropper.com/