www.MegaLab.it

[daniele10]

Ciao a tutti e grazie in anticipo per l'aiuto.

Il mio problemaa è il seguente, non riesco a installare gli antivirus e nemmeno a rimuovere i virus presenti.
Ho cercato di seguire la guida PC infetto da virus e altro malware? Vediamo come intervenire

Purtroppo non sono riuscito a fare correttamente il "Terzo Step: Scansione con AntiVir" in quanto sia avira che altri antivirus non si installano nemmeno in modalità provvisoria e purtroppo non ho il masterizzatore con cui creare il cd

Quello che son riuscito ad eseguire dopo vari tentativi è:
- ccleaner
- Microsoft Safety Scanner (scansione completa ed eliminazione)
- malwarebytes
- combofix
- HijackThis

ho ritentato poi di installare avira o avg ma nessuno dei due si è installato, l'installazione "scompare" dopo aver iniziato
ora non riesco più a usare nemmeno Microsoft Safety Scanner, inizia ma poi anche lui "scompare"

inoltre all'avvio (normale) mi appaiono i seguenti messaggi:
- WMIServi application ha smesso di funzionare
- windows defender impossibile inizializzare l'applicazione 0x800106ba




HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.22.44, on 07/03/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\park\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: ovfe.exe (User 'Default user')
O4 - .DEFAULT User Startup: yfokko.exe (User 'Default user')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4236 bytes

ComboFix

ComboFix 14-03-05.01 - adriano 07/03/2014 7.52.37.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1790.1342 [GMT 1:00]
Eseguito da: c:\park\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFRB455.tmp
c:\drv\TVtuner\Liteon\Resources\_desktop.ini
c:\programdata\fefcffde31.nls
c:\users\adriano\AppData\Local\ServicePack
c:\users\adriano\AppData\Roaming\Nakod
c:\users\adriano\AppData\Roaming\Nakod\erkum.tmp
c:\users\adriano\AppData\Roaming\Sidu
c:\users\adriano\AppData\Roaming\Sidu\avson.elu
c:\windows\security\Database\tmp.edb
c:\windows\system32\spsys.log
c:\windows\system64
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
.
c:\windows\system32\spoolsv.exe . . . è infetto!!
.
c:\windows\bfsvc.exe . . . è infetto!!
.
c:\windows\fveupdate.exe . . . è infetto!!
.
c:\windows\HelpPane.exe . . . è infetto!!
.
c:\windows\hh.exe . . . è infetto!!
.
c:\windows\notepad.exe . . . è infetto!!
.
c:\windows\regedit.exe . . . è infetto!!
.
La copia infetta di c:\windows\DigitalLocker\digitalx.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-digitallocker_31bf3856ad364e35_6.0.6000.16386_none_029b1eaf2d7e8f60\digitalx.exe
.
La copia infetta di c:\windows\ehome\ehmsas.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-ehmsas_31bf3856ad364e35_6.0.6000.16386_none_28dc127d6ff3c7fa\ehmsas.exe
.
La copia infetta di c:\windows\ehome\ehprivjob.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.0.6000.16386_none_f2dc6ebc34e04866\ehprivjob.exe
.
La copia infetta di c:\windows\ehome\ehrec.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.0.6000.16386_none_48bccf19581cd2d8\ehrec.exe
.
La copia infetta di c:\windows\ehome\ehrecvr.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.0.6000.16386_none_bb32bc0824b34955\ehrecvr.exe
.
c:\windows\ehome\ehsched.exe . . . è infetto!!
.
c:\windows\ehome\ehshell.exe . . . è infetto!!
.
La copia infetta di c:\windows\ehome\ehtray.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.0.6000.16386_none_28a24bc3701e0760\ehtray.exe
.
La copia infetta di c:\windows\ehome\ehvid.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22670_none_4ba6b5206e120937\ehvid.exe
.
La copia infetta di c:\windows\ehome\McrMgr.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22670_none_3467df3ef350874f\McrMgr.exe
.
c:\windows\ehome\mcspad.exe . . . è infetto!!
.
La copia infetta di c:\windows\ehome\mcupdate.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_mcupdate_31bf3856ad364e35_6.0.6002.18005_none_ca884acba8f029e4\mcupdate.exe
.
La copia infetta di c:\windows\ehome\Mcx2Prov.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.0.6002.18005_none_da78aae016329fa4\Mcx2Prov.exe
.
La copia infetta di c:\windows\ehome\CreateDisc\SBEServer.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.0.6002.18005_none_1efd804d565c1928\SBEServer.exe
.
c:\windows\Help\Tablet PC\PenTraining.exe . . . è infetto!!
.
c:\windows\Help\Tablet PC\TouchTraining.exe . . . è infetto!!
.
La copia infetta di c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6002.18005_none_3d7a6880ab163624\NETFXSBS10.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_c512442c6b4566d7\AppLaunch.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_120341a3224c03b8\aspnet_regiis.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_80f871a1c32de056\aspnet_state.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.22477_none_ae219242a5eb019d\aspnet_wp.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6002.18005_none_fe5428b22d6c0e79\csc.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6002.18005_none_e59ba05e346044a2\cvtres.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6002.18005_none_cd77f4151b8ac157\dw20.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_02ebab318e2004bf\ilasm.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_1fd1ab49e8ca6ebb\mscorsvw.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-ngen_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_779867b84af56065\ngen.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.0.6002.18005_none_3fca9527a692e5a2\vbc.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_infocard_b77a5c561934e089_6.0.6002.18005_none_cb66ec8b18dd702e\infocard.exe
.
La copia infetta di c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6002.18005_none_020cd51c1a47b5b7\SMConfigInstaller.exe
.
La copia infetta di c:\windows\MSAgent\AgentSvr.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-agentsvr_31bf3856ad364e35_6.0.6000.16386_none_31188d362f02982e\AgentSvr.exe
.
La copia infetta di c:\windows\System32\alg.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6000.16386_none_a6b290245e337868\alg.exe
.
La copia infetta di c:\windows\System32\dfsr.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6002.18005_none_b86505b69725e0c7\dfsr.exe
.
c:\windows\System32\dllhost.exe . . . è infetto!!
.
c:\windows\System32\Locator.exe . . . è infetto!!
.
La copia infetta di c:\windows\System32\msdtc.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6000.16386_none_171c40e96317eaae\msdtc.exe
.
La copia infetta di c:\windows\System32\SearchIndexer.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_windowssearchengine_31bf3856ad364e35_7.0.6002.18005_none_3d746908b76294a3\SearchIndexer.exe
.
La copia infetta di c:\windows\System32\SLsvc.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_5062f685f6a7c614\SLsvc.exe
.
c:\windows\System32\snmptrap.exe . . . è infetto!!
.
La copia infetta di c:\windows\System32\UI0Detect.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6000.16386_none_dfb0260649c2ed9e\UI0Detect.exe
.
La copia infetta di c:\windows\System32\vds.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785\vds.exe
.
La copia infetta di c:\windows\System32\VSSVC.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6002.18005_none_5cb8478314f93f13\VSSVC.exe
.
La copia infetta di c:\windows\System32\wbem\WmiApSrv.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\WmiApSrv.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2014-02-07 al 2014-03-07 )))))))))))))))))))))))))))))))))))
.
.
2014-03-07 07:08 . 2014-03-07 07:09 -------- d-----w- c:\users\adriano\AppData\Local\temp
2014-03-07 07:08 . 2014-03-07 07:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-06 16:20 . 2014-03-06 16:20 -------- d-----w- c:\users\adriano\AppData\Roaming\Malwarebytes
2014-03-06 16:20 . 2014-03-06 16:20 -------- d-----w- c:\programdata\Malwarebytes
2014-03-06 16:20 . 2014-03-06 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-06 16:20 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-06 15:58 . 2014-03-07 06:23 -------- d-----w- c:\program files\CCleaner
2014-03-06 14:18 . 2014-03-06 16:26 -------- d-----w- c:\users\adriano\AppData\Roaming\Leugip
2014-03-06 13:43 . 2014-03-06 13:57 912384 ----atw- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ovfe.exe
2014-03-06 12:05 . 2014-03-06 16:26 -------- d-----w- c:\users\adriano\AppData\Roaming\Omygxe
2014-03-06 11:55 . 2014-03-06 11:55 -------- d-----w- c:\windows\system32\ca-ES
2014-03-06 11:55 . 2014-03-06 11:55 -------- d-----w- c:\windows\system32\eu-ES
2014-03-06 11:55 . 2014-03-06 11:55 -------- d-----w- c:\windows\system32\vi-VN
2014-03-06 11:51 . 2014-03-06 11:51 -------- d-----w- c:\windows\system32\SPReview
2014-03-06 11:35 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2014-03-06 11:35 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2014-03-06 11:28 . 2009-04-10 22:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2014-03-06 11:27 . 2014-03-06 13:39 678912 ----atw- c:\program files\Internet Explorer\iedw.exe
2014-03-06 11:26 . 2009-04-10 22:28 558080 ----a-w- c:\windows\system32\sysmain.dll
2014-03-06 11:22 . 2014-03-06 11:22 -------- d-----w- c:\windows\system32\EventProviders
2014-03-06 11:22 . 2014-03-06 11:51 -------- d-----w- C:\8e580ee915bcadb062e86915e94fc5
2014-03-06 11:10 . 2014-03-06 14:46 204288 ----atw- c:\windows\RegBootClean.exe
2014-03-06 11:02 . 2014-03-06 13:57 912384 ----atw- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\yfokko.exe
2014-03-06 10:19 . 2014-03-06 10:19 -------- d-----w- c:\users\adriano\AppData\Local\PowerCinema
2014-03-06 10:13 . 2014-03-06 16:02 -------- d-----w- c:\programdata\MFAData
2014-03-06 10:13 . 2014-03-06 10:13 -------- d--h--w- c:\programdata\Common Files
2014-03-06 10:13 . 2014-03-06 10:13 -------- d-----w- c:\users\adriano\AppData\Local\MFAData
2014-03-06 10:13 . 2014-03-06 10:13 -------- d-----w- c:\users\adriano\AppData\Local\Avg2014
2014-03-05 15:49 . 2014-03-05 15:49 -------- d-----w- c:\programdata\Lavasoft
2014-03-05 15:31 . 2014-03-05 15:31 -------- d-----w- c:\windows\system32\MRT
2014-03-05 14:49 . 2014-03-05 14:49 -------- d-----w- c:\users\adriano\AppData\Local\Macromedia
2014-03-05 14:48 . 2014-03-05 14:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-05 14:48 . 2014-03-05 14:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-05 14:43 . 2014-03-07 06:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-03-05 14:43 . 2014-03-06 13:44 603648 ----atw- c:\program files\Mozilla Firefox\plugin-container.exe
2014-03-04 16:41 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8F25FC1-D46B-4168-9865-C446B050F3F6}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-07 07:10 . 2014-03-07 07:10 653312 ----atw- c:\windows\system32\aqfjkhnk.tmp
2014-03-07 05:24 . 2007-07-28 00:58 909312 ----atw- c:\windows\HideWin.exe
2014-03-06 16:18 . 2007-07-28 09:30 979456 ----atw- c:\windows\system32\drivers\XAudio.exe
2014-03-06 16:18 . 2010-09-17 14:49 719872 ----atw- c:\windows\system32\spoolsv.exe
2014-03-06 16:18 . 2008-12-03 19:12 790528 ----atw- c:\windows\system32\nvvsvc.exe
2014-03-06 14:46 . 2007-07-28 00:59 1826816 ----atw- c:\windows\SkyTel.exe
2014-03-06 14:46 . 2007-07-28 00:59 1191936 ----atw- c:\windows\RtlUpd.exe
2014-03-06 14:09 . 2008-06-20 06:50 728064 -----tw- c:\windows\regedit.exe
2014-03-06 14:09 . 2008-06-20 06:50 745472 ----atw- c:\windows\notepad.exe
2014-03-06 14:05 . 2008-06-20 06:51 1091072 ----atw- c:\windows\HelpPane.exe
2014-03-06 14:05 . 2006-11-02 09:11 608256 ----atw- c:\windows\hh.exe
2014-03-06 14:05 . 2006-11-02 12:35 825344 ----atw- c:\windows\help\Tablet PC\PenTraining.exe
2014-03-06 14:05 . 2006-11-02 12:35 752640 ----atw- c:\windows\help\Tablet PC\TouchTraining.exe
2014-03-06 14:05 . 2008-06-20 06:49 606208 ----atw- c:\windows\fveupdate.exe
2014-03-06 14:04 . 2008-06-20 06:53 653312 ----atw- c:\windows\bfsvc.exe
2014-03-05 14:28 . 2006-11-02 08:58 605696 ----atw- c:\windows\system32\snmptrap.exe
2014-03-05 14:28 . 2006-11-02 08:50 601088 ----atw- c:\windows\system32\Locator.exe
2013-12-18 05:13 . 2009-10-05 08:55 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2014-03-06 1825280]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 4468736]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2014-03-06 1880064]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2014-03-06 1339392]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2014-03-06 753664]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-03-06 1546752]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ovfe.exe [2014-3-6 912384]
yfokko.exe [2014-3-6 912384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-05 15:37]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\adriano\AppData\Roaming\Mozilla\Firefox\Profiles\xqijfx91.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_entering_secure - false
FF - user.js: security.warn_entering_weak - false
FF - user.js: security.warn_leaving_secure - false
FF - user.js: browser.startup.homepage - about:blank
FF - user.js: browser.startup.page - 1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-07 08:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(1628)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\RtHDVCpl.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\wermgr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\vssvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2014-03-07 08:17:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-03-07 07:17
.
Pre-Run: 43.261.485.056 byte disponibili
Post-Run: 41.594.388.480 byte disponibili
.
- - End Of File - - 4575F1C02ADAD30F46A4B9CB0EA21D18
A863475757CC50891AA8458C415E4B25

[sbrillo]

puoi usare Kaspersky Rescue Disk su pendrive
prima però prova anche HitmanPro e AdwCleaner
per il problema con windows defender prova con il fix fornito da microsoft

http://turbolab.it/158

http://turbolab.it/166

http://turbolab.it/42

http://support.microsoft.com/kb/931849/it

[stevens]

Il mio problemaa è il seguente, non riesco a installare gli antivirus e nemmeno a rimuovere i virus presenti.

devi prima rimuovere i virus

segui questo percorso

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

e quando sei nella cartella Startup rimuovi questi malware => ovfe.exe e yfokko.exe

fai anche questa

scarica OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt) che dovrai allegare

[daniele10]

grazie per gli aiuti e pre le risposte

per ora ho seguito la procedura di "stevens", e questi sono i file prodotti dal OTL



Extras

OTL Extras logfile created on: 10/03/2014 17.53.35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\park
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,75 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 80,13% Memory free
3,74 Gb Paging File | 3,52 Gb Available in Paging File | 94,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 40,69 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 56,31 Gb Free Space | 81,00% Space Free | Partition Type: NTFS

Computer Name: NANI | User Name: adriano | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2635558026-9833837-1243345675-1000]
"EnableNotifications" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{41431E72-2853-4898-AAF4-DCC05118FA02}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{6FB60DB5-EEFE-4B97-AC70-6904F91DFD94}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{93B1EC8C-102F-43BD-9376-158CF1891AA6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E7DB8020-1B73-4DD9-A4C1-F968A9B7E78A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{00122226-7FEF-4C5D-86EF-C3B8E43CA522}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1CAF175C-A986-4C6E-A9C1-23217C26FAB6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4C88BB86-C395-451A-9F31-CC85920D934F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{88AC98F5-CA1B-436A-8E2F-8E2CDEFE1BC2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye webcam
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{954B45A8-AB83-459C-A94A-EC5E1C7D3CEE}" = LibreOffice 4.0 Help Pack (Italian)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Italiano
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Mozilla Firefox 27.0.1 (x86 it)" = Mozilla Firefox 27.0.1 (x86 it)
"Mozilla Thunderbird 24.3.0 (x86 it)" = Mozilla Thunderbird 24.3.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2011 21.36.34 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.36.36 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.36.36 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.36.37 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.36.38 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.38.10 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18/04/2011 21.38.10 | Computer Name = nani | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26/04/2011 12.32.39 | Computer Name = nani | Source = Application Hang | ID = 1002
Description = Il programma soffice.BIN versione 2.3.9215.500 non interagisce più
con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Segnalazioni di problemi
e soluzioni nel Pannello di controllo. ID processo: 940 Ora di avvio: 01cc042f1a924e2b
Ora
di chiusura: 15

Error - 27/04/2011 10.10.47 | Computer Name = nani | Source = Application Hang | ID = 1002
Description = Il programma AcroRd32.exe versione 8.1.0.137 non interagisce più con
Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Segnalazioni di problemi
e soluzioni nel Pannello di controllo. ID processo: 354 Ora di avvio: 01cc04e4856687a0
Ora
di chiusura: 16

Error - 21/08/2011 3.37.01 | Computer Name = nani | Source = Application Hang | ID = 1002
Description = Il programma AcroRd32.exe versione 8.1.0.137 non interagisce più con
Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Segnalazioni di problemi
e soluzioni nel Pannello di controllo. ID processo: 1268 Ora di avvio: 01cc5fd40689b5eb
Ora
di chiusura: 31

[ System Events ]
Error - 09/03/2014 7.22.28 | Computer Name = nani | Source = Service Control Manager | ID = 7009
Description =

Error - 09/03/2014 7.22.28 | Computer Name = nani | Source = Service Control Manager | ID = 7000
Description =

Error - 09/03/2014 7.22.28 | Computer Name = nani | Source = Service Control Manager | ID = 7009
Description =

Error - 10/03/2014 12.49.07 | Computer Name = nani | Source = DCOM | ID = 10005
Description =

Error - 10/03/2014 12.49.15 | Computer Name = nani | Source = DCOM | ID = 10005
Description =

Error - 10/03/2014 12.49.20 | Computer Name = nani | Source = DCOM | ID = 10005
Description =

Error - 10/03/2014 12.49.21 | Computer Name = nani | Source = DCOM | ID = 10005
Description =

Error - 10/03/2014 12.49.40 | Computer Name = nani | Source = DCOM | ID = 10005
Description =

Error - 10/03/2014 12.50.17 | Computer Name = nani | Source = Service Control Manager | ID = 7001
Description =

Error - 10/03/2014 12.50.17 | Computer Name = nani | Source = Service Control Manager | ID = 7026
Description =


< End of report >

[daniele10]

OTL PRIMA PARTE

OTL logfile created on: 10/03/2014 17.53.35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\park
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,75 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 80,13% Memory free
3,74 Gb Paging File | 3,52 Gb Available in Paging File | 94,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 40,69 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 56,31 Gb Free Space | 81,00% Space Free | Partition Type: NTFS

Computer Name: NANI | User Name: adriano | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\park\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (AdobeARMservice) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (ONDAusbser6k) -- system32\DRIVERS\ONDAusbser6k.sys File not found
DRV - (ONDAusbnmea) -- system32\DRIVERS\ONDAusbnmea.sys File not found
DRV - (ONDAusbnet) -- system32\DRIVERS\ONDAusbnet.sys File not found
DRV - (ONDAusbmdm6k) -- system32\DRIVERS\ONDAusbmdm6k.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (imcydiwi) -- C:\Windows\system32\drivers\imcydiwi.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (DritekPortIO) -- C:\Programmi\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\..\SearchScopes,DefaultScope = {BC55CC7D-1207-4972-86D5-9155FC6A0BFB}
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\..\SearchScopes\{BC55CC7D-1207-4972-86D5-9155FC6A0BFB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1

FF - user.js..browser.startup.homepage: "about:blank"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/05 16.28.59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2013/02/26 17.40.30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\adriano\AppData\Roaming\mozilla\Extensions
[2011/07/20 15.36.29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\adriano\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/03/05 16.41.01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\adriano\AppData\Roaming\mozilla\Firefox\Profiles\xqijfx91.default\extensions
[2014/03/05 16.41.01 | 000,000,000 | ---D | M] (.) -- C:\Users\adriano\AppData\Roaming\mozilla\Firefox\Profiles\xqijfx91.default\extensions\{531d7B73-ca38-cf2d-cf42-54617a7a1a34}
[2014/03/05 16.12.17 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2014/03/05 16.12.17 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/03/07 08.09.20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-2635558026-9833837-1243345675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D827AB-D940-4DEF-8EEC-A9DCE5FC0D94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5A9F96-FAB1-4AAA-A1BA-EB8B995636BC}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\adriano\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\adriano\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2014/03/07 08.21.30 | 000,000,000 | R--D | C] -- C:\Users\adriano\Desktop\park - collegamento
[2014/03/07 08.17.55 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Local\temp
[2014/03/07 08.09.35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/07 08.08.07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/07 07.50.54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/07 07.50.54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/07 07.50.54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/07 07.50.42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/07 07.50.20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/06 17.20.26 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Roaming\Malwarebytes
[2014/03/06 17.20.17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/06 17.20.17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/06 17.20.16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/06 17.20.16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/06 16.58.07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/06 15.18.50 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Roaming\Leugip
[2014/03/06 13.05.10 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Roaming\Omygxe
[2014/03/06 12.55.25 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2014/03/06 12.55.25 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2014/03/06 12.55.25 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2014/03/06 12.51.21 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2014/03/06 12.35.25 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2014/03/06 12.35.01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2014/03/06 12.29.27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/03/06 12.29.26 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/03/06 12.29.26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2014/03/06 12.29.25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2014/03/06 12.29.25 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2014/03/06 12.29.25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2014/03/06 12.29.24 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2014/03/06 12.29.24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2014/03/06 12.29.21 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2014/03/06 12.29.21 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2014/03/06 12.29.20 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2014/03/06 12.29.20 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2014/03/06 12.29.20 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2014/03/06 12.29.20 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2014/03/06 12.29.20 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2014/03/06 12.29.20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2014/03/06 12.29.20 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2014/03/06 12.29.20 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2014/03/06 12.29.20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2014/03/06 12.29.19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2014/03/06 12.29.19 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2014/03/06 12.29.19 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/03/06 12.29.19 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2014/03/06 12.29.19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2014/03/06 12.29.17 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2014/03/06 12.29.17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2014/03/06 12.29.17 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/03/06 12.29.16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2014/03/06 12.29.16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2014/03/06 12.29.16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2014/03/06 12.29.14 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2014/03/06 12.29.13 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2014/03/06 12.29.13 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2014/03/06 12.29.13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2014/03/06 12.29.12 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2014/03/06 12.29.12 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/03/06 12.29.12 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2014/03/06 12.29.12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2014/03/06 12.29.12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2014/03/06 12.29.11 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2014/03/06 12.29.10 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2014/03/06 12.29.10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2014/03/06 12.29.10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/03/06 12.29.10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2014/03/06 12.29.10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2014/03/06 12.29.10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2014/03/06 12.29.09 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2014/03/06 12.29.09 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2014/03/06 12.29.09 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/06 12.29.09 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2014/03/06 12.29.09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2014/03/06 12.29.09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2014/03/06 12.29.09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2014/03/06 12.29.09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2014/03/06 12.29.08 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/03/06 12.29.08 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/03/06 12.29.08 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2014/03/06 12.29.08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2014/03/06 12.29.08 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2014/03/06 12.29.08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/03/06 12.29.07 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/03/06 12.29.07 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2014/03/06 12.29.07 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/03/06 12.29.06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2014/03/06 12.29.06 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2014/03/06 12.29.06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2014/03/06 12.29.06 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2014/03/06 12.29.00 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2014/03/06 12.28.53 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2014/03/06 12.28.53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2014/03/06 12.28.49 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2014/03/06 12.28.49 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2014/03/06 12.28.49 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2014/03/06 12.28.49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2014/03/06 12.28.49 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2014/03/06 12.28.48 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/03/06 12.28.48 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2014/03/06 12.28.48 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2014/03/06 12.28.48 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2014/03/06 12.28.48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2014/03/06 12.28.47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2014/03/06 12.28.46 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2014/03/06 12.28.46 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2014/03/06 12.28.46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/03/06 12.28.46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2014/03/06 12.28.46 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/03/06 12.28.46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2014/03/06 12.28.45 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2014/03/06 12.28.45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/03/06 12.28.44 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2014/03/06 12.28.44 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2014/03/06 12.28.44 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2014/03/06 12.28.44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2014/03/06 12.28.44 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014/03/06 12.28.44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2014/03/06 12.28.44 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2014/03/06 12.28.43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2014/03/06 12.28.43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2014/03/06 12.28.43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2014/03/06 12.28.43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2014/03/06 12.28.42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2014/03/06 12.28.42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2014/03/06 12.28.42 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2014/03/06 12.28.42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/03/06 12.28.42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/03/06 12.28.42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2014/03/06 12.28.41 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2014/03/06 12.28.41 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2014/03/06 12.28.41 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2014/03/06 12.28.41 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2014/03/06 12.28.41 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2014/03/06 12.28.41 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2014/03/06 12.28.41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2014/03/06 12.28.40 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2014/03/06 12.28.40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2014/03/06 12.28.40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2014/03/06 12.28.40 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2014/03/06 12.28.40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2014/03/06 12.28.40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2014/03/06 12.28.40 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2014/03/06 12.28.40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2014/03/06 12.28.40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2014/03/06 12.28.39 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2014/03/06 12.28.39 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2014/03/06 12.28.39 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2014/03/06 12.28.39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2014/03/06 12.28.39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2014/03/06 12.28.38 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/03/06 12.28.38 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2014/03/06 12.28.38 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2014/03/06 12.28.38 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/03/06 12.28.38 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014/03/06 12.28.38 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2014/03/06 12.28.38 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/03/06 12.28.38 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2014/03/06 12.28.38 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/03/06 12.28.38 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2014/03/06 12.28.37 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2014/03/06 12.28.37 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2014/03/06 12.28.36 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2014/03/06 12.28.35 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2014/03/06 12.28.35 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2014/03/06 12.28.35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2014/03/06 12.28.34 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2014/03/06 12.28.34 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2014/03/06 12.28.34 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2014/03/06 12.28.34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2014/03/06 12.28.33 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2014/03/06 12.28.32 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2014/03/06 12.28.32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2014/03/06 12.28.31 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2014/03/06 12.28.31 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2014/03/06 12.28.31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2014/03/06 12.28.31 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2014/03/06 12.28.30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2014/03/06 12.28.29 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2014/03/06 12.28.29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2014/03/06 12.28.28 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2014/03/06 12.28.28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2014/03/06 12.28.28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2014/03/06 12.28.28 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2014/03/06 12.28.28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2014/03/06 12.28.28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2014/03/06 12.28.27 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2014/03/06 12.28.27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/03/06 12.28.27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2014/03/06 12.28.27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/03/06 12.28.26 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2014/03/06 12.28.26 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2014/03/06 12.28.26 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2014/03/06 12.28.26 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014/03/06 12.28.26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2014/03/06 12.28.26 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2014/03/06 12.28.26 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2014/03/06 12.28.25 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2014/03/06 12.28.25 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2014/03/06 12.28.25 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2014/03/06 12.28.25 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2014/03/06 12.28.25 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2014/03/06 12.28.25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2014/03/06 12.28.24 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2014/03/06 12.28.24 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2014/03/06 12.28.24 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2014/03/06 12.28.24 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2014/03/06 12.28.24 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2014/03/06 12.28.24 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2014/03/06 12.28.24 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/03/06 12.28.23 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/03/06 12.28.21 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2014/03/06 12.28.21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2014/03/06 12.28.21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2014/03/06 12.28.20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2014/03/06 12.28.19 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2014/03/06 12.28.19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2014/03/06 12.28.17 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2014/03/06 12.28.17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2014/03/06 12.28.17 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2014/03/06 12.28.17 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2014/03/06 12.28.15 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2014/03/06 12.28.15 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2014/03/06 12.28.15 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2014/03/06 12.28.15 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/03/06 12.28.15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/03/06 12.28.11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2014/03/06 12.28.11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2014/03/06 12.28.10 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2014/03/06 12.28.10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2014/03/06 12.28.09 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2014/03/06 12.28.09 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2014/03/06 12.28.09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2014/03/06 12.28.08 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2014/03/06 12.28.08 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2014/03/06 12.28.08 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2014/03/06 12.28.08 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2014/03/06 12.28.08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2014/03/06 12.28.08 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2014/03/06 12.28.08 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2014/03/06 12.28.08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/06 12.28.08 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2014/03/06 12.28.08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2014/03/06 12.28.08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2014/03/06 12.28.08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2014/03/06 12.28.07 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2014/03/06 12.28.07 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2014/03/06 12.28.07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2014/03/06 12.28.07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2014/03/06 12.28.07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2014/03/06 12.28.06 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2014/03/06 12.28.06 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2014/03/06 12.28.06 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2014/03/06 12.28.06 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2014/03/06 12.28.06 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2014/03/06 12.28.05 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2014/03/06 12.28.05 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2014/03/06 12.28.05 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2014/03/06 12.28.05 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2014/03/06 12.28.05 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/03/06 12.28.05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2014/03/06 12.28.05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2014/03/06 12.28.05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2014/03/06 12.28.05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2014/03/06 12.28.04 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/06 12.28.04 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2014/03/06 12.28.04 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2014/03/06 12.28.04 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/03/06 12.28.04 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/03/06 12.28.04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2014/03/06 12.28.02 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2014/03/06 12.28.02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2014/03/06 12.28.01 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2014/03/06 12.28.01 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2014/03/06 12.28.01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2014/03/06 12.28.00 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/03/06 12.28.00 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/03/06 12.28.00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2014/03/06 12.28.00 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2014/03/06 12.28.00 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2014/03/06 12.28.00 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/03/06 12.28.00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2014/03/06 12.28.00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2014/03/06 12.28.00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2014/03/06 12.28.00 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/03/06 12.27.59 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2014/03/06 12.27.59 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2014/03/06 12.27.59 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2014/03/06 12.27.59 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2014/03/06 12.27.59 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2014/03/06 12.27.59 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2014/03/06 12.27.57 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2014/03/06 12.27.56 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2014/03/06 12.27.55 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2014/03/06 12.27.55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2014/03/06 12.27.55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2014/03/06 12.27.54 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2014/03/06 12.27.54 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2014/03/06 12.27.53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2014/03/06 12.27.53 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2014/03/06 12.27.53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2014/03/06 12.27.52 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2014/03/06 12.27.52 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2014/03/06 12.27.52 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2014/03/06 12.27.52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2014/03/06 12.27.52 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2014/03/06 12.27.52 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2014/03/06 12.27.52 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2014/03/06 12.27.51 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2014/03/06 12.27.51 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2014/03/06 12.27.51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2014/03/06 12.27.50 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2014/03/06 12.27.50 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/06 12.27.50 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2014/03/06 12.27.50 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2014/03/06 12.27.49 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2014/03/06 12.27.49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2014/03/06 12.27.48 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2014/03/06 12.27.48 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/03/06 12.27.48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2014/03/06 12.27.48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2014/03/06 12.27.47 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2014/03/06 12.27.47 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2014/03/06 12.27.47 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2014/03/06 12.27.46 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2014/03/06 12.27.46 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2014/03/06 12.27.46 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2014/03/06 12.27.46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2014/03/06 12.27.45 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2014/03/06 12.27.45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/03/06 12.27.44 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2014/03/06 12.27.42 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2014/03/06 12.27.42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2014/03/06 12.27.40 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2014/03/06 12.27.38 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2014/03/06 12.27.34 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2014/03/06 12.27.34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2014/03/06 12.27.34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2014/03/06 12.27.31 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2014/03/06 12.27.31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2014/03/06 12.27.31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2014/03/06 12.27.30 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2014/03/06 12.27.30 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2014/03/06 12.27.29 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2014/03/06 12.27.27 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2014/03/06 12.27.27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2014/03/06 12.27.24 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2014/03/06 12.27.23 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2014/03/06 12.27.23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2014/03/06 12.27.21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2014/03/06 12.27.11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2014/03/06 12.27.06 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2014/03/06 12.27.06 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014/03/06 12.27.06 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2014/03/06 12.27.06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2014/03/06 12.27.06 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2014/03/06 12.27.06 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2014/03/06 12.27.05 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2014/03/06 12.27.05 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2014/03/06 12.27.05 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014/03/06 12.27.05 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/03/06 12.27.05 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2014/03/06 12.27.03 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2014/03/06 12.27.03 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2014/03/06 12.27.03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2014/03/06 12.27.03 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2014/03/06 12.27.02 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2014/03/06 12.27.01 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/03/06 12.27.01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2014/03/06 12.26.59 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2014/03/06 12.26.59 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2014/03/06 12.26.58 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2014/03/06 12.26.58 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2014/03/06 12.26.58 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2014/03/06 12.26.58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2014/03/06 12.26.58 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2014/03/06 12.26.58 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2014/03/06 12.26.58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2014/03/06 12.26.57 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2014/03/06 12.26.57 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2014/03/06 12.26.57 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2014/03/06 12.26.57 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2014/03/06 12.26.57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2014/03/06 12.26.57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2014/03/06 12.26.57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2014/03/06 12.26.57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2014/03/06 12.26.56 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2014/03/06 12.26.55 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2014/03/06 12.26.55 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2014/03/06 12.26.55 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2014/03/06 12.26.55 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2014/03/06 12.26.55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2014/03/06 12.26.55 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2014/03/06 12.26.55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2014/03/06 12.26.55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2014/03/06 12.26.55 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/03/06 12.26.55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2014/03/06 12.26.54 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2014/03/06 12.26.54 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2014/03/06 12.26.54 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2014/03/06 12.26.54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2014/03/06 12.26.54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2014/03/06 12.26.54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2014/03/06 12.26.53 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2014/03/06 12.26.49 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2014/03/06 12.26.48 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2014/03/06 12.26.48 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2014/03/06 12.26.48 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2014/03/06 12.26.48 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2014/03/06 12.22.45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2014/03/06 12.22.43 | 000,000,000 | ---D | C] -- C:\8e580ee915bcadb062e86915e94fc5
[2014/03/06 11.19.20 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Local\PowerCinema
[2014/03/06 11.13.31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/03/06 11.13.31 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Local\MFAData
[2014/03/06 11.13.31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/03/06 11.13.31 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Local\Avg2014
[2014/03/05 16.49.10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/03/05 16.31.39 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/03/05 15.53.14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/03/05 15.49.01 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Local\Macromedia
[2014/03/05 15.48.03 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/05 15.48.03 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/05 15.43.57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014/01/31 16.59.03 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Roaming\Neas
[2014/01/31 16.58.58 | 000,000,000 | ---D | C] -- C:\Users\adriano\AppData\Roaming\Cixu




##########################
################
NOTA DI DANIELE

CONTINUA NEL MESSAGGIO DOPO

[daniele10]

OTL SECONDA PARTE

========== Files - Modified Within 60 Days ==========

[2014/03/10 17.53.22 | 000,670,958 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/03/10 17.53.22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/10 17.53.22 | 000,122,880 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/03/10 17.53.22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/10 17.48.49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/09 12.31.15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 12.31.15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 12.21.33 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/03/09 12.21.33 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/03/07 08.09.20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/03/07 06.24.25 | 000,909,312 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2014/03/06 17.42.13 | 000,007,620 | ---- | M] () -- C:\Users\adriano\AppData\Local\d3d9caps.dat
[2014/03/06 17.20.17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/06 17.18.01 | 000,355,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/06 16.59.55 | 000,024,688 | ---- | M] () -- C:\Users\adriano\Documents\cc_20140306_165940.reg
[2014/03/06 16.58.08 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/06 16.38.01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/06 16.10.53 | 000,321,374 | ---- | M] () -- C:\Users\adriano\AppData\Local\census.cache
[2014/03/06 16.10.52 | 000,176,610 | ---- | M] () -- C:\Users\adriano\AppData\Local\ars.cache
[2014/03/06 15.46.51 | 001,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2014/03/06 15.46.51 | 000,204,288 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2014/03/06 15.05.20 | 001,091,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2014/03/06 15.05.14 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2014/03/06 15.04.35 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2014/03/06 11.38.09 | 000,000,036 | ---- | M] () -- C:\Users\adriano\AppData\Local\housecall.guid.cache
[2014/03/05 15.48.03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/05 15.48.03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl




========== Files Created - No Company Name ==========

[2014/03/07 07.50.54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/07 07.50.54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/07 07.50.54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/07 07.50.54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/07 07.50.54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/06 17.20.17 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/06 17.16.56 | 000,355,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/06 16.59.43 | 000,024,688 | ---- | C] () -- C:\Users\adriano\Documents\cc_20140306_165940.reg
[2014/03/06 16.58.08 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/06 12.29.12 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2014/03/06 12.29.09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2014/03/06 12.29.09 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2014/03/06 12.28.50 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2014/03/06 12.28.46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2014/03/06 12.28.44 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2014/03/06 12.27.48 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/03/06 12.27.02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2014/03/06 12.26.57 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2014/03/06 12.26.56 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2014/03/06 12.26.53 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2014/03/06 12.10.11 | 000,204,288 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2014/03/06 12.08.58 | 000,321,374 | ---- | C] () -- C:\Users\adriano\AppData\Local\census.cache
[2014/03/06 12.08.38 | 000,176,610 | ---- | C] () -- C:\Users\adriano\AppData\Local\ars.cache
[2014/03/06 11.38.09 | 000,000,036 | ---- | C] () -- C:\Users\adriano\AppData\Local\housecall.guid.cache
[2014/03/05 16.08.27 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/05 15.53.36 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/03/05 15.48.05 | 000,000,978 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/20 17.44.41 | 000,007,620 | ---- | C] () -- C:\Users\adriano\AppData\Local\d3d9caps.dat
[2012/05/22 16.49.39 | 000,151,517 | ---- | C] () -- C:\Windows\hpwins06.dat
[2012/05/22 16.49.39 | 000,001,756 | ---- | C] () -- C:\Windows\hpwmdl06.dat
[2009/05/04 15.09.14 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/04 15.09.14 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/12/23 14.02.16 | 000,007,680 | ---- | C] () -- C:\Users\adriano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 22.20.08 | 000,027,525 | ---- | C] () -- C:\Users\adriano\AppData\Roaming\nvModes.001
[2007/11/27 22.20.06 | 000,027,525 | ---- | C] () -- C:\Users\adriano\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 13.54.22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17.35.22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23.28.20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23.28.26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/06 17.26.35 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\Cixu
[2014/03/06 17.26.35 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\Leugip
[2013/04/15 15.45.13 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\LibreOffice
[2014/02/28 10.01.08 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\Neas
[2014/03/06 17.26.35 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\Omygxe
[2011/07/20 15.36.28 | 000,000,000 | ---D | M] -- C:\Users\adriano\AppData\Roaming\Thunderbird

========== Purity Check ==========



< End of report >

[stevens]

elimina queste cartelle poi riprova a installare un antivirus (avira o avast) ......e' un consiglio

C:\Users\adriano\AppData\Roaming\Neas

C:\Users\adriano\AppData\Roaming\Cixu

C:\Users\adriano\AppData\Roaming\Leugip

C:\Users\adriano\AppData\Roaming\Omygxe

[daniele10]

Ho seguito tutte le indicazioni di stevens e in più ho eseguito HitmanPro e AdwCleaner come ha consigliato sbrillo
Ora sono riuscito a installare l'antivirus AVIRA e eseguire una scansione completa come indicato nella guida
Adesso sto procedendo passo passo a ricontrollare il tutto ma sembra che manchino thunderbird e firefox, comunque continuo a controllare e poi vi faccio sapere com'è andata

[GERONIMO*]

che bella infezione

aspetta che stevens ti prepari uno script per otl per rimuovere altre schifezze
intanto vai in c:\windows\system32 ed elimina questa voce aqfjkhnk.tmp
e svuota il cestino

[stevens]

che bella infezione

noooooo Geronimo mi fanno male gli occhi preparala tu che e' meglio

[daniele10]

Ragazzi, grazie per l'aiuto ma sto reinstallando il sistema operativo perché non ne venivo a capo

[GERONIMO*]

Prego
scusaci ma purtroppo stevense è uno sfaticato

[Pciccio]

Ciao ragazzi sono disperato, non riesco ad installare Avira: nel mio PC ho Windows 7 ultimate 64 bit , ma non riesco ad installare Avira, mi da un errore di registro e indica qualcosa relativo a windows installer. Allora ho provato a disinstallare Avira e rimuovere tutte le tracce rimanenti e poi ho pulito il registro con CCleaner e l'apposito tool di Avira, poi ho provato a eseguire di nuovo l'installazione in modalità provvisoria ma mi da lo stesso errore. Non so se si tratti di un virus o di un problema con il sistema operativo.
Seguendo la prima strada ho fatto una "passata" con Hitman Pro che ha tolto un po' di immondizia, poi con Adwcleaner che anch'esso ha pulito qualcosa, e adesso vorrei cortesemente un vostro aiuto e vi posto il log di Hijacthis e Combofix

Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:06:16, on 08/11/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)

FIREFOX: 49.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Users\Kekko\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [EaseUS TB Tray Agent] "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2510 Series" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2510 Series" (User 'Default user')
O4 - Global Startup: SolidWorks 2014 Fast Start.lnk = ?
O4 - Global Startup: SolidWorks Background Downloader.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{19962E46-7F97-47F1-AA17-5E8177408A8D}: NameServer = 192.168.1.1,208.67.220.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{19962E46-7F97-47F1-AA17-5E8177408A8D}: NameServer = 192.168.1.1,208.67.220.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{19962E46-7F97-47F1-AA17-5E8177408A8D}: NameServer = 192.168.1.1,208.67.220.222
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS-R@1n - Unknown owner - C:\Windows\KMS-QAD.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12321 bytes

Log Combofix

ComboFix 16-11-06.01 - Kekko 08/11/2016 18:58:12.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.7116.4305 [GMT 1:00]
Eseguito da: c:\users\Kekko\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1449068232.bdinstall.bin
c:\programdata\1449068457.bdinstall.bin
c:\programdata\1449068490.bdinstall.bin
c:\programdata\1449068528.bdinstall.bin
c:\programdata\1449068651.bdinstall.bin
c:\programdata\1449068834.bdinstall.bin
c:\programdata\1449069177.bdinstall.bin
c:\programdata\1449070692.bdinstall.bin
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2016-10-08 al 2016-11-08 )))))))))))))))))))))))))))))))))))
.
.
2016-11-08 18:02 . 2016-11-08 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-08 17:30 . 2016-11-08 17:30 -------- d-----w- c:\program files\EpsonNet
2016-11-08 17:30 . 2012-11-12 19:41 535552 ----a-w- c:\windows\system32\ensppui.dll
2016-11-08 17:30 . 2012-11-12 19:41 535552 ----a-w- c:\windows\system32\enppui.dll
2016-11-08 17:30 . 2012-11-12 14:15 558592 ----a-w- c:\windows\system32\ensppmon.dll
2016-11-08 17:30 . 2012-11-12 14:15 558592 ----a-w- c:\windows\system32\enppmon.dll
2016-11-08 17:30 . 2012-10-22 16:19 219648 ----a-w- c:\windows\system32\enspres.dll
2016-11-08 17:30 . 2012-10-22 16:19 219648 ----a-w- c:\windows\system32\enpres.dll
2016-11-08 17:30 . 2012-07-23 23:00 466432 ----a-w- c:\windows\system32\esxw2ud.dll
2016-11-08 17:30 . 2011-12-11 23:00 135824 ----a-w- c:\windows\system32\escsvc64.exe
2016-11-08 17:14 . 2016-11-08 17:14 54736 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2016-11-08 11:58 . 2016-11-08 12:00 -------- d-----w- C:\AdwCleaner
2016-11-08 11:48 . 2016-11-08 11:49 -------- d-----w- c:\program files\HitmanPro
2016-11-08 11:48 . 2016-11-08 11:55 -------- d-----w- c:\programdata\HitmanPro
2016-11-07 18:51 . 2016-11-07 18:51 -------- d-----w- c:\program files (x86)\Avira
2016-11-07 08:33 . 2016-11-07 08:33 -------- d-----w- c:\programdata\AVAST Software
2016-11-04 18:36 . 2016-11-04 18:36 -------- d-----w- c:\program files\CCleaner
2016-11-04 18:22 . 2015-12-09 03:08 182784 ----a-w- c:\windows\system32\E_2LM0DE.DLL
2016-11-04 18:22 . 2011-03-15 02:03 83968 ----a-w- c:\windows\system32\E_2D4B0DE.DLL
2016-10-26 13:22 . 2016-10-26 13:32 -------- d-----w- c:\users\Kekko\AppData\Local\IIIQF
2016-10-24 07:58 . 2016-10-24 07:58 -------- d-----w- c:\users\Kekko\AppData\Local\Avira
2016-10-10 14:22 . 2016-10-25 08:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-08 09:21 . 2015-03-09 19:59 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-08 09:21 . 2015-03-09 19:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-28 10:41 . 2015-03-07 00:19 451 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-09-28 10:38 . 2016-09-28 10:38 481768 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2016-09-28 10:37 . 2016-09-28 10:37 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2016-09-28 10:37 . 2016-09-28 10:37 1030400 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2016-09-28 10:37 . 2015-03-07 00:29 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2016-09-28 10:36 . 2016-09-28 10:36 3793872 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2016-09-28 10:36 . 2016-09-28 10:36 609280 ----a-w- c:\windows\system32\MetroIntelGenericUIFramework.dll
2016-09-28 10:36 . 2016-09-28 10:36 86528 ----a-w- c:\windows\system32\igfxCUIServicePS.dll
2016-09-28 10:36 . 2016-09-28 10:36 69632 ----a-w- c:\windows\system32\igfxDHLibv2_0.dll
2016-09-28 10:36 . 2016-09-28 10:36 64000 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2016-09-28 10:36 . 2016-09-28 10:36 60416 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2016-09-28 10:36 . 2016-09-28 10:36 59904 ----a-w- c:\windows\system32\igfxDHLib.dll
2016-09-28 10:36 . 2016-09-28 10:36 5120 ----a-w- c:\windows\system32\igfxLHMLibv2_0.dll
2016-09-28 10:36 . 2016-09-28 10:36 5120 ----a-w- c:\windows\system32\igfxLHMLib.dll
2016-09-28 10:36 . 2016-09-28 10:36 454760 ----a-w- c:\windows\system32\igdmd64.dll
2016-09-28 10:36 . 2016-09-28 10:36 376832 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2016-09-28 10:36 . 2016-09-28 10:36 371712 ----a-w- c:\windows\system32\igfxOSP.dll
2016-09-28 10:36 . 2016-09-28 10:36 366680 ----a-w- c:\windows\SysWow64\igdmd32.dll
2016-09-28 10:36 . 2016-09-28 10:36 3650832 ----a-w- c:\windows\SysWow64\igdusc32.dll
2016-09-28 10:36 . 2016-09-28 10:36 31448 ----a-w- c:\windows\system32\igfxexps.dll
2016-09-28 10:36 . 2016-09-28 10:36 30720 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2016-09-28 10:36 . 2016-09-28 10:36 286720 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2016-09-28 10:36 . 2016-09-28 10:36 218848 ----a-w- c:\windows\system32\iglhcp64.dll
2016-09-28 10:36 . 2016-09-28 10:36 2027008 ----a-w- c:\windows\system32\igfxcmjit64.dll
2016-09-28 10:36 . 2016-09-28 10:36 1986560 ----a-w- c:\windows\system32\igdrcl64.dll
2016-09-28 10:36 . 2016-09-28 10:36 190464 ----a-w- c:\windows\system32\igfxCoIn_v4425.dll
2016-09-28 10:36 . 2016-09-28 10:36 188496 ----a-w- c:\windows\system32\igfxcmrt64.dll
2016-09-28 10:36 . 2016-09-28 10:36 184832 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2016-09-28 10:36 . 2016-09-28 10:36 183840 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2016-09-28 10:36 . 2016-09-28 10:36 1785856 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2016-09-28 10:36 . 2016-09-28 10:36 1758208 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2016-09-28 10:36 . 2016-09-28 10:36 159096 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2016-09-28 10:36 . 2016-09-28 10:36 155136 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2016-09-28 10:36 . 2016-09-28 10:36 1137120 ----a-w- c:\windows\system32\iglhsip64.dll
2016-09-28 10:36 . 2016-09-28 10:36 1133000 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2016-09-28 10:36 . 2016-09-28 10:36 10946840 ----a-w- c:\windows\system32\igdumdim64.dll
2016-09-28 10:36 . 2016-09-28 10:36 10752 ----a-w- c:\windows\system32\igfxDILibv2_0.dll
2016-09-28 10:36 . 2016-09-28 10:36 10752 ----a-w- c:\windows\system32\igfxDILib.dll
2016-09-28 10:36 . 2016-09-28 10:36 10474040 ----a-w- c:\windows\SysWow64\igdumdim32.dll
2016-09-28 10:36 . 2016-09-28 10:36 10240 ----a-w- c:\windows\system32\igfxEMLibv2_0.dll
2016-09-28 10:36 . 2016-09-28 10:36 10240 ----a-w- c:\windows\system32\igfxEMLib.dll
2016-09-28 10:36 . 2016-09-28 10:36 22905344 ----a-w- c:\windows\system32\igdfcl64.dll
2016-09-28 10:36 . 2015-01-10 11:42 672256 ----a-w- c:\windows\system32\igfxDH.dll
2016-09-28 10:36 . 2015-01-10 11:42 4611816 ----a-w- c:\windows\system32\igdusc64.dll
2016-09-28 10:36 . 2015-01-10 11:42 284672 ----a-w- c:\windows\system32\igfxDI.dll
2016-09-28 10:36 . 2015-01-10 11:42 252416 ----a-w- c:\windows\system32\igfxLHM.dll
2016-09-28 10:36 . 2015-01-10 11:42 209408 ----a-w- c:\windows\system32\igfxDTCM.dll
2016-09-28 10:36 . 2016-09-28 10:36 8587776 ----a-w- c:\windows\system32\ig75icd64.dll
2016-09-28 10:36 . 2016-09-28 10:36 6584832 ----a-w- c:\windows\SysWow64\ig75icd32.dll
2016-09-28 10:36 . 2016-09-28 10:36 366080 ----a-w- c:\windows\system32\igdbcl64.dll
2016-09-28 10:36 . 2016-09-28 10:36 321536 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2016-09-28 10:36 . 2016-09-28 10:36 221184 ----a-w- c:\windows\system32\igdde64.dll
2016-09-28 10:36 . 2016-09-28 10:36 182784 ----a-w- c:\windows\SysWow64\igdde32.dll
2016-09-28 10:36 . 2016-09-28 10:36 17837568 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2016-09-28 10:36 . 2016-09-28 10:36 162304 ----a-w- c:\windows\system32\igdail64.dll
2016-09-28 10:36 . 2016-09-28 10:36 143872 ----a-w- c:\windows\SysWow64\igdail32.dll
2016-09-28 10:36 . 2016-09-28 10:36 11783680 ----a-w- c:\windows\SysWow64\igd10iumd32.dll
2016-09-28 10:36 . 2016-09-28 10:36 280696 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2016-09-28 10:36 . 2015-01-10 11:41 12211184 ----a-w- c:\windows\system32\igd10iumd64.dll
2016-09-28 10:36 . 2016-09-28 10:36 959608 ----a-w- c:\windows\system32\GfxUIEx.exe
2016-09-28 10:36 . 2016-09-28 10:36 545912 ----a-w- c:\windows\system32\DPTopologyApp.exe
2016-09-28 10:36 . 2016-09-28 10:36 545400 ----a-w- c:\windows\system32\DPTopologyAppv2_0.exe
2016-09-28 10:36 . 2016-09-28 10:36 4382840 ----a-w- c:\windows\system32\Gfxv4_0.exe
2016-09-28 10:36 . 2016-09-28 10:36 4379256 ----a-w- c:\windows\system32\Gfxv2_0.exe
2016-09-28 10:36 . 2016-09-28 10:36 399992 ----a-w- c:\windows\system32\CustomModeApp.exe
2016-09-28 10:36 . 2016-09-28 10:36 399480 ----a-w- c:\windows\system32\CustomModeAppv2_0.exe
2016-09-28 10:36 . 2016-09-28 10:36 255488 ----a-w- c:\windows\system32\igfxCPL.cpl
2016-09-28 10:36 . 2016-09-28 10:36 195192 ----a-w- c:\windows\system32\igfxext.exe
2016-09-28 10:36 . 2016-09-28 10:36 156280 ----a-w- c:\windows\system32\difx64.exe
2016-09-28 10:36 . 2015-01-10 11:42 530552 ----a-w- c:\windows\system32\igfxEM.exe
2016-09-28 10:36 . 2015-01-10 11:42 372856 ----a-w- c:\windows\system32\igfxTray.exe
2016-09-28 10:36 . 2015-01-10 11:42 319096 ----a-w- c:\windows\system32\igfxCUIService.exe
2016-09-28 10:36 . 2015-01-10 11:42 247416 ----a-w- c:\windows\system32\igfxHK.exe
2016-09-28 10:36 . 2016-09-28 10:36 31712 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2016-09-28 10:36 . 2016-09-28 10:36 1469952 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2016-09-28 10:35 . 2016-09-28 10:35 181304 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2016-09-28 10:34 . 2016-09-28 10:34 33960 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2016-09-28 10:27 . 2016-09-28 10:27 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-12 18:02 1741104 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE" [2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"EaseUS TB Tray Agent"="c:\program files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" [2014-12-15 253992]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE" [2012-02-28 283232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks 2014 Fast Start.lnk - c:\windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2015-3-8 335872]
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\Gestore installazioni SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2015-3-8 2740264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMS-R@1n;KMS-R@1n;c:\windows\KMS-QAD.exe;c:\windows\KMS-QAD.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 EuFdMount;EuFdMount;c:\program files (x86)\EaseUS\Todo Backup\drv\EuFdMount.sys;c:\program files (x86)\EaseUS\Todo Backup\drv\EuFdMount.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-09 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-03-14 13671792]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
TCP: Interfaces\{19962E46-7F97-47F1-AA17-5E8177408A8D}: NameServer = 192.168.1.1,208.67.220.222
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default\
FF - user.js: extensions.zonealarm.id - dbb0448000000000000074d435ec587e
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16502
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1716:22
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN127217423955669-1001
FF - user.js: extensions.zonealarm.dfltLng - IT
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{80107F16-CB2E-42AB-AB9D-6C11540D5A8B} - c:\programdata\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}\WinThrusterSetup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2016-11-08 19:04:21
ComboFix-quarantined-files.txt 2016-11-08 18:04
.
Pre-Run: 234.537.558.016 byte disponibili
Post-Run: 233.989.947.392 byte disponibili
.
- - End Of File - - F19ED368EF95375B9389230ACB9BF413
A36C5E4F47E84449FF07ED3517B43A31

Spero in un vostro aiuto !!!!!!!!!

[stevens]

sicuramente nel tuo pc ci sono dei crack e questo rende difficile l'installazione di avira e per questo te la blocca

ora dovrai farmi queste due scansioni, questa per prima

scaricaCKScanner sul desktop

doppio clic sull'icona CKScanner.exe per lanciare il programma e quindi clic sul pulsante Search For Files.

Quando la scansione è terminata (- il cursore clessidra scompare quando la scansione è completata), clicca sulla lista pulsante Save to File.

verrà creata sul desktop --- > ckfiles.txt che devi allegare

clic sul pulsante Esci per chiudere il programma

ora fai questa

scarica farbar recovery scan tool

mettilo sul desktop

n.b. Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

•Doppio click per avviarlo.
•Quando ti chiede di accettare le condizioni clicca su yes.
•Clicca sul pulsante SCAN
•Quando finito il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
•La prima volta che FRST sarà avviato verrà creato un altro log chiamato Addition.txt
•Allega entrambi i log

Mi raccomando, non copiare i log ma allegali

[Pciccio]

Ok grazie appena posso seguo i passi consigliati da te. Ma scusa , non va bene come ho allegato i log prima ?

[stevens]

Ma scusa , non va bene come ho allegato i log prima ?

si vanno bene anche cosi'

[Pciccio]

Ecco qua

CKScanner

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\autocad 2010\keygen_xf-acad2010_x64.exe
c:\program files (x86)\removewat\installremovewat.bat
c:\program files (x86)\removewat\uninstall.exe
c:\program files (x86)\removewat\uninstall.ini
c:\users\kekko\downloads\removewatermark_20090509.zip
c:\users\kekko\downloads\emule\incoming\catia v5r20 2010 cracknocd.rar
c:\users\kekko\downloads\emule\incoming\catia.v5r20.crack.rar
c:\users\kekko\downloads\emule\incoming\microsoft office 2010 [ita - x86 - x64 - crack].rar
c:\users\kekko\downloads\windows_loader_2_1_7_by_daz\windows loader 2.1.7 by daz\keys.ini
c:\users\kekko\pictures\diario\removewat.zip
c:\windows\kms-qad.exe
scanner sequence 3.EF.11.XQNARZ
----- EOF -----

Farbar

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Kekko (09-11-2016 12:37:47)
Running from C:\Users\Kekko\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-03-06 23:01:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3451799898-3022645531-4058858740-500 - Administrator - Disabled)
Guest (S-1-5-21-3451799898-3022645531-4058858740-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3451799898-3022645531-4058858740-1002 - Limited - Enabled)
Kekko (S-1-5-21-3451799898-3022645531-4058858740-1000 - Administrator - Enabled) => C:\Users\Kekko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AutoCAD 2010 - Italiano (HKLM\...\AutoCAD 2010 - Italiano) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden
Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Disinstalla EPSON Universal Print Driver Printer (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Guida di rete WF-2510 Series (HKLM-x32\...\WF-2510 Series Netg) (Version: - )
Epson Guida utente WF-2510 Series (HKLM-x32\...\WF-2510 Series Useg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68}) (Version: 4.4.3 - SEIKO EPSON CORPORATION)
EPSON WF-2510 Series Printer Uninstall (HKLM\...\EPSON WF-2510 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.38.1036 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Language Pack di AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 it) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 it)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 it) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 it)) (Version: 45.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Software per periferiche con chipset Intel® (x32 Version: 10.0.24 - Intel(R) Corporation) Hidden
SolidWorks 2014 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20140-40300-1100-100) (Version: 22.3.0.56 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP03 (Version: 22.130.56 - SolidWorks) Hidden
SolidWorks 2014x64 Italian Resources (Version: 22.130.56 - Nome società) Hidden
SolidWorks eDrawings 2014 x64 Edition SP03 (Version: 14.3.107 - Dassault Systèmes SolidWorks Corp) Hidden
Songr (HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\...\Songr) (Version: 2.1 - Xamasoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{F0251A43-AD36-4A86-8C10-B86802E999FD}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0410-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3451799898-3022645531-4058858740-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3451799898-3022645531-4058858740-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3451799898-3022645531-4058858740-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3451799898-3022645531-4058858740-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {050A94AD-E528-44D1-89CF-8AD3120EACD3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D518058-AB54-4DF2-8647-0B5A83FFA4C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {242A7C55-57C9-4C60-A471-A2F965CA6119} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {26B98FC9-7FD9-4BF5-8DD1-7D3C2DABDC6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {37AAEF3D-EFD9-434B-B2A4-C61EC590CA7A} - System32\Tasks\R@1n-KMS\Office15x64ProP => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {551BF4D3-1E00-4307-8A08-5DC053833A1F} - System32\Tasks\{0682982E-491D-42AD-B468-C38ED657B89F} => pcalua.exe -a C:\Users\Kekko\Downloads\HijackThis.exe -d C:\Users\Kekko\Downloads
Task: {95AF9CC8-7237-4472-9ECD-3E129BBE4F60} - System32\Tasks\{51B84F6A-4294-42A4-8C9B-700ED8B60573} => pcalua.exe -a D:\dotnetfx35.exe -d D:\
Task: {A231B0F2-DB1A-43C3-A663-8165BA77CF97} - System32\Tasks\Driver Booster SkipUAC (Kekko) => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
Task: {C00D9B1F-FF7C-4B01-98FE-634B960A859A} - System32\Tasks\AdobeAAMUpdater-1.0-Kekko-PC-Kekko => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {D8EF63E7-5701-4838-8435-A7F2F8522132} - System32\Tasks\{015FE4C8-CFC4-4273-8250-ADA01B7B47AC} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\Loader.exe [2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
Task: {E1DFFC27-F480-4C60-8FD3-BD51D389B210} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E5B9A331-B492-44C6-BF27-D5C1FCB82012} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-06 11:58 - 2015-10-06 11:58 - 00022528 _____ () C:\Windows\KMS-QAD.exe
2015-03-10 05:29 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
2014-04-01 02:54 - 2014-04-01 02:54 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2015-03-10 05:29 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-09-28 17:26 - 2016-09-28 17:26 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1040.dll
2016-11-09 12:33 - 2016-11-09 12:33 - 00468480 _____ () C:\Users\Kekko\Downloads\CKScanner.exe
2015-03-10 05:29 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-03-10 05:29 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
2015-03-10 05:29 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
2015-03-10 05:29 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
2015-03-10 05:29 - 2014-12-15 01:04 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
2015-03-10 05:29 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-01-06 15:40 - 2015-01-06 15:40 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-11-08 19:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kekko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 208.67.220.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CF50BC13-4574-450D-B6A5-F170DBC589DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B08CFE1A-EFAA-4052-9444-FCCBCEAC8217}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91127447-79FF-4B27-82F3-560DD72F1D30}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{D02904AD-F6A9-4D57-BC4F-FD8029B1B666}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89D2955A-6604-4B3B-87B8-4051E044931F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1EF8E56-A8B7-4F05-80DB-90D91D42519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8929C7FB-9AF2-4BE6-8777-4BAA2F62B30B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF3C106-16CC-4B8D-AD40-4E1BDE609806}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{A68FE731-98C5-4889-A2FB-AAB0110C2CAC}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{6B27ED24-3FE0-4624-8B0D-6D6F2ED7D84B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{C546E7A5-E058-4F70-83FA-74A3EC86B309}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{45C008B1-7C6F-4933-AD41-6B9F4CAB0343}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{4803E919-840B-45C6-B5CB-F400D2EC7EC1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{958B0F96-D026-4C29-865A-62409F7EF6C4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{144E12E4-20AB-4923-951B-F7CB1CA6FCA6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{9F76F900-A2DD-4CB1-8CFA-AED7496A4E8E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{425AC8AB-7A82-4863-9C53-F7FBD8FDB717}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{F5FFA9E0-C630-4F08-A04A-F63552A21DE3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{249D693C-96C5-4618-8D29-D35090228D8E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{0D443ECC-5841-4C7C-9C18-DDA13B8091D6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{9DFB5691-2C97-461F-BB15-E16D1AA5A91B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{7A7B4FE9-31EE-4AF1-95EF-4895E9557BD4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6E3DBCCB-8B73-4EE3-BA2C-B49107F4FA64}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D1A5E0DF-E843-4725-A54E-B8F320FCD3C1}] => (Allow) C:\Program Files (x86)\eMule\emule.exe
FirewallRules: [{9DD1B6CC-7865-4D1E-BBF2-C10EA24E51C9}] => (Allow) C:\Program Files (x86)\eMule\emule.exe
FirewallRules: [{5CB458D1-43AE-4CF9-9F6C-63FDCDC50592}] => (Allow) C:\Program Files (x86)\eMule\emule.exe
FirewallRules: [{90FCE918-62EE-4FE9-8C4D-77F9993A50C1}] => (Allow) C:\Program Files (x86)\eMule\emule.exe
FirewallRules: [{5043E059-EB20-4818-A64C-9B2431EFD304}] => (Allow) C:\Program Files (x86)\eMule\emule.exe
FirewallRules: [TCP Query User{65866F1C-500D-4705-B696-E55B8353750B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AF34ACC1-4AB8-43F1-A71B-F53510A8E4B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{534C222F-3062-4B04-94D8-C3C91B8B4B3A}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [{862C9D35-6BB2-42A4-AC33-8370DB8CDC40}] => (Allow) C:\Windows\KMS-QAD.exe
FirewallRules: [{741FAE78-0A39-4A5F-A3A1-53722C473608}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF34971E-0401-449B-A71A-4D6397FD9785}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A687B22D-7B7A-4587-BF9B-58147BD888BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70C87A35-E2E2-4334-9C31-E84E3924B44A}] => (Allow) LPort=2869
FirewallRules: [{330D65A8-AC1C-4CA3-877F-8FB8ABFAE54C}] => (Allow) LPort=1900

==================== Restore Points =========================

24-10-2016 08:03:16 Avira System Speedup 2.7.0
25-10-2016 09:56:47 Ottimizzazione Avira System Speedup
26-10-2016 14:31:19 WinThruster (64-bit) Backup
04-11-2016 18:25:41 Installed Epson Software Updater
04-11-2016 19:55:12 Removed Avira Browser Safety
08-11-2016 12:53:51 Punto di controllo di HitmanPro
08-11-2016 12:55:08 Punto di controllo di HitmanPro
08-11-2016 18:19:55 Rimosso FAX Utility
08-11-2016 18:21:06 Removed Epson Event Manager
08-11-2016 18:21:49 Rimosso Easy Photo Print Plug-in for PMB(Picture Motion Browser){XY
08-11-2016 18:31:11 Installato FAX Utility
08-11-2016 18:32:16 Installed Epson Event Manager
08-11-2016 18:35:35 Installato Easy Photo Print Plug-in for PMB(Picture Motion BrowsîÕï@

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2016 06:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: SETUP.EXE_InstallShield, versione: 16.0.0.400, timestamp: 0x4ab84bb7
Nome del modulo che ha generato l'errore: ISSetup.dll, versione: 16.0.0.400, timestamp: 0x4ab84b70
Codice eccezione: 0xc0000005
Offset errore 0x000a7a6f
ID processo che ha generato l'errore: 0xe9c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d239e678aed18a
Percorso dell'applicazione che ha generato l'errore: C:\Users\Kekko\AppData\Local\Temp\{41C7006E-EF0B-4A1D-938D-06805964BA57}\SETUP.EXE
Percorso del modulo che ha generato l'errore: C:\Users\Kekko\AppData\Local\Temp\{41C7006E-EF0B-4A1D-938D-06805964BA57}\ISSetup.dll
ID segnalazione: bdb3db83-a5d9-11e6-b9e5-74d435ec587e

Error: (11/08/2016 06:29:57 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: Event-ID 2

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x000009fc,(null),0,REG_BINARY,00000000076ED660.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Nome del processo di scrittura: MSSearch Service Writer
ID dell'istanza del processo di scrittura: {66d722ec-f0d6-4e92-9854-1f8d4070ae5a}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x000002cc,(null),0,REG_BINARY,0000000006A4D030.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {42abfb52-64be-4109-9f20-424bf2a3d3d9}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x00000194,(null),0,REG_BINARY,000000000328DFE0.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Nome del processo di scrittura: Registry Writer
ID dell'istanza del processo di scrittura: {9831e4cd-0ca2-42eb-847a-21fa4626f8b3}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x000001a8,(null),0,REG_BINARY,0000000001D6DEB0.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Nome del processo di scrittura: COM+ REGDB Writer
ID dell'istanza del processo di scrittura: {e2af4e53-b7d5-450b-948c-0f5ab0b98fb9}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x000002cc,(null),0,REG_BINARY,0000000006A4D220.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {42abfb52-64be-4109-9f20-424bf2a3d3d9}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x0000078c,(null),0,REG_BINARY,000000000C74CDF0.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Nome del processo di scrittura: WMI Writer
ID dell'istanza del processo di scrittura: {e264367c-079e-49d1-801d-675c5597059b}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x00000194,(null),0,REG_BINARY,000000000328E1D0.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Nome del processo di scrittura: Registry Writer
ID dell'istanza del processo di scrittura: {9831e4cd-0ca2-42eb-847a-21fa4626f8b3}

Error: (11/08/2016 12:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Errore del servizio Copia Shadow del volume: errore inatteso durante il richiamo della routine RegSetValueExW(0x000001a8,(null),0,REG_BINARY,0000000001D6E0A0.72). hr = 0x80070005, Accesso negato.
.


Operazione:
Evento PostSnapshot

Contesto:
Contesto di esecuzione: Writer
ID della classe del processo di scrittura: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Nome del processo di scrittura: COM+ REGDB Writer
ID dell'istanza del processo di scrittura: {e2af4e53-b7d5-450b-948c-0f5ab0b98fb9}


System errors:
=============
Error: (11/09/2016 08:25:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Precedente arresto del sistema inatteso a 19:22:15 su ‎08/‎11/‎2016.

Error: (11/08/2016 07:02:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente.

Error: (11/08/2016 07:02:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software per richiedere una versione compatibile del driver.

Error: (11/08/2016 07:01:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio EaseUS Agent Service. Questo evento si è già verificato 5 volta(e).

Error: (11/08/2016 07:01:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio EaseUS Agent Service. Questo evento si è già verificato 4 volta(e).

Error: (11/08/2016 07:00:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema non è configurato per consentire servizi interattivi. Questo servizio potrà non funzionare correttamente.

Error: (11/08/2016 06:58:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio EaseUS Agent Service. Questo evento si è già verificato 3 volta(e).

Error: (11/08/2016 06:58:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio KMS-R@1n. Questo evento si è già verificato 1 volta(e).

Error: (11/08/2016 06:58:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio EaseUS Agent Service. Questo evento si è già verificato 2 volta(e).

Error: (11/08/2016 06:57:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio EaseUS Agent Service. Questo evento si è già verificato 1 volta(e).


CodeIntegrity:
===================================
Date: 2016-11-08 19:02:20.728
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2016-11-08 19:02:20.712
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-03-08 05:00:05.340
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Kekko\Desktop\Nuova cartella\drivers hp\cmdGuard.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-03-08 05:00:05.293
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Kekko\Desktop\Nuova cartella\drivers hp\cmdGuard.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-03-08 05:00:05.231
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Kekko\Desktop\Nuova cartella\drivers hp\cmdGuard.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

Date: 2015-03-08 05:00:05.184
Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Users\Kekko\Desktop\Nuova cartella\drivers hp\cmdGuard.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 7115.8 MB
Available physical RAM: 4172.06 MB
Total Virtual: 14229.8 MB
Available Virtual: 11415.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:300.12 GB) (Free:217.83 GB) NTFS
Drive d: (Volume) (Fixed) (Total:631.3 GB) (Free:289.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 54FE5C17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[stevens]

mi serve anche il log frst.txt

[stevens]

devi allegarmi anche il log frst.txt altrimenti non posso andare avanti

e se non lo fai faccio venire Geronimo poi te ne accorgi

[Pciccio]

OOps , eccolo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Kekko (administrator) on KEKKO-PC (09-11-2016 12:37:21)
Running from C:\Users\Kekko\Downloads
Loaded Profiles: Kekko (Available Profiles: Kekko)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Windows\KMS-QAD.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Kekko\Downloads\CKScanner.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2015-03-08]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-03-08]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\Gestore installazioni SolidWorks\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{19962E46-7F97-47F1-AA17-5E8177408A8D}: [NameServer] 192.168.1.1,208.67.220.222

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3451799898-3022645531-4058858740-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Guida per l'accesso all'account Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fjfiikv2.default
FF DefaultProfile: z2rymkr7.default
FF ProfilePath: C:\Users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default [2016-11-09]
FF user.js: detected! => C:\Users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default\user.js [2016-11-08]
FF Extension: (Avira Browser Safety) - C:\Users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default\Extensions\abs@avira.com.xpi [2016-11-08]
FF Extension: (Firefox Hotfix) - C:\Users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\Kekko\AppData\Roaming\Mozilla\Firefox\Profiles\fjfiikv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-02]
FF ProfilePath: C:\Users\Kekko\AppData\Roaming\illbillythehungryshark-a5517bd1f829f12e92ced5eb101417b6\Profiles\z2rymkr7.default [2015-06-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\golliver.xml [2015-03-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-08] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-09-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2015-01-06] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-QAD.exe [22528 2015-10-06] () [File not signed]
S3 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-03-08] (SolidWorks) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-08] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuFdMount; C:\Program Files (x86)\EaseUS\Todo Backup\drv\EuFdMount.sys [17448 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-28] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-09-28] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-09-28] (Intel Corporation)
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-09-28] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-09 12:37 - 2016-11-09 12:37 - 00015786 _____ C:\Users\Kekko\Downloads\FRST.txt
2016-11-09 12:36 - 2016-11-09 12:37 - 00000000 ____D C:\FRST
2016-11-09 12:35 - 2016-11-09 12:35 - 00000780 _____ C:\Users\Kekko\Downloads\ckfiles.txt
2016-11-09 12:34 - 2016-11-09 12:34 - 02410496 _____ (Farbar) C:\Users\Kekko\Downloads\FRST64.exe
2016-11-09 12:33 - 2016-11-09 12:33 - 00468480 _____ () C:\Users\Kekko\Downloads\CKScanner.exe
2016-11-08 19:07 - 2016-11-08 19:07 - 00023968 _____ C:\Users\Kekko\Desktop\combofix log.txt
2016-11-08 19:04 - 2016-11-08 19:04 - 00023968 _____ C:\ComboFix.txt
2016-11-08 18:57 - 2016-11-08 19:04 - 00000000 ____D C:\Qoobox
2016-11-08 18:57 - 2016-11-08 19:03 - 00000000 ____D C:\Windows\erdnt
2016-11-08 18:57 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-08 18:57 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-08 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-08 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-08 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-08 18:57 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-08 18:57 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-08 18:57 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-08 18:56 - 2016-11-08 18:56 - 05659834 ____R (Swearware) C:\Users\Kekko\Downloads\ComboFix.exe
2016-11-08 18:56 - 2016-11-08 18:56 - 00000766 _____ C:\Users\Kekko\Desktop\forum.txt
2016-11-08 18:36 - 2016-11-08 18:36 - 00002171 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2016-11-08 18:33 - 2016-11-08 18:35 - 00002362 _____ C:\Users\Public\Desktop\Epson Guida di rete WF-2510 Series.lnk
2016-11-08 18:33 - 2016-11-08 18:35 - 00000279 _____ C:\Users\Public\Desktop\Epson Guida utente WF-2510 Series.url
2016-11-08 18:33 - 2016-11-08 18:35 - 00000256 _____ C:\Users\Public\Desktop\Guida di Epson Connect.url
2016-11-08 18:31 - 2016-11-08 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-11-08 18:30 - 2016-11-08 18:30 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-11-08 18:30 - 2016-11-08 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-08 18:30 - 2016-11-08 18:30 - 00000000 ____D C:\Program Files\EpsonNet
2016-11-08 18:30 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2016-11-08 18:30 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2016-11-08 18:30 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2016-11-08 18:30 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2016-11-08 18:30 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2016-11-08 18:30 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2016-11-08 18:30 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2016-11-08 18:30 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2016-11-08 13:06 - 2016-11-08 13:06 - 00003128 _____ C:\Windows\System32\Tasks\{0682982E-491D-42AD-B468-C38ED657B89F}
2016-11-08 12:58 - 2016-11-08 13:00 - 00000000 ____D C:\AdwCleaner
2016-11-08 12:58 - 2016-11-08 12:58 - 03910208 _____ C:\Users\Kekko\Downloads\adwcleaner_6.030.exe
2016-11-08 12:55 - 2016-11-08 12:55 - 00000660 _____ C:\Windows\system32\.crusader
2016-11-08 12:51 - 2016-11-08 12:51 - 00000013 _____ C:\Users\Kekko\Desktop\pwml.txt
2016-11-08 12:50 - 2016-11-08 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kekko\Downloads\HijackThis.exe
2016-11-08 12:49 - 2016-11-08 12:49 - 00001871 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-11-08 12:48 - 2016-11-08 12:55 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-08 12:48 - 2016-11-08 12:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-08 12:47 - 2016-11-08 12:48 - 11579432 _____ (SurfRight B.V.) C:\Users\Kekko\Downloads\hitmanpro_x64.exe
2016-11-07 19:51 - 2016-11-07 19:51 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-07 19:43 - 2016-11-07 19:43 - 00000136 _____ C:\Users\Kekko\Desktop\Nuovo collegamento Internet (2).url
2016-11-07 19:28 - 2016-11-07 19:29 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kekko\Downloads\avira_it_av_5739e3137b6c7145831ebd76ff4fa3402b01c5__ws.exe
2016-11-07 18:51 - 2016-11-08 13:07 - 00263342 _____ C:\Windows\ntbtlog.txt
2016-11-07 18:40 - 2016-11-07 18:40 - 00000177 _____ C:\Users\Kekko\Desktop\Nuovo collegamento Internet.url
2016-11-07 13:05 - 2016-11-07 13:05 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\Kekko\Desktop\avira_registry_cleaner_en.exe
2016-11-07 09:33 - 2016-11-07 09:33 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-07 09:19 - 2016-11-07 09:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-04 20:00 - 2016-11-08 12:38 - 00000000 ____D C:\Users\Kekko\Documents\Backup CCleaner
2016-11-04 19:36 - 2016-11-04 19:36 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-04 19:36 - 2016-11-04 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-04 19:36 - 2016-11-04 19:36 - 00000000 ____D C:\Program Files\CCleaner
2016-11-04 19:22 - 2015-12-09 04:08 - 00182784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_2LM0DE.DLL
2016-11-04 19:22 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_2D4B0DE.DLL
2016-10-26 16:14 - 2016-10-26 16:14 - 00217748 _____ C:\Users\Kekko\Desktop\DocumentiOnLine_BancaMarche_26102016_17.14.49.pdf
2016-10-26 14:22 - 2016-10-26 14:32 - 00000000 ____D C:\Users\Kekko\AppData\Local\IIIQF
2016-10-26 09:53 - 2016-10-26 09:53 - 00605029 _____ C:\Users\Kekko\Desktop\cat_captacion_general fagor sa_2.pdf
2016-10-26 09:04 - 2016-10-26 09:04 - 02737825 _____ C:\Users\Kekko\Desktop\cat_captacion_general fagor sa.pdf
2016-10-25 09:46 - 2016-11-04 19:25 - 00400141 _____ C:\Windows\SysWOW64\winapp2_reg.csv
2016-10-25 09:46 - 2016-10-25 09:48 - 00018888 _____ C:\Windows\SysWOW64\Defrag.debuglog
2016-10-24 08:58 - 2016-10-24 08:58 - 00000000 ____D C:\Users\Kekko\AppData\Local\AviraSpeedup
2016-10-24 08:58 - 2016-10-24 08:58 - 00000000 ____D C:\Users\Kekko\AppData\Local\Avira
2016-10-24 08:03 - 2016-11-04 19:25 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2016-10-21 11:35 - 2016-10-25 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-19 10:56 - 2016-10-19 10:56 - 00070953 _____ C:\Users\Kekko\Desktop\C_UsersutenteAppDataLocalTempdbw_exp0002.pdf
2016-10-10 15:22 - 2016-10-25 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-09 12:21 - 2015-03-09 20:59 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-09 10:32 - 2015-03-07 01:37 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5665323E-EF42-4891-A965-A400F6EB1AC1}
2016-11-09 08:48 - 2015-03-19 18:52 - 00000000 ____D C:\Users\Kekko\Documents\Officina
2016-11-09 08:35 - 2009-07-14 05:45 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-09 08:35 - 2009-07-14 05:45 - 00016896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 08:30 - 2009-08-17 15:12 - 00742804 _____ C:\Windows\system32\perfh010.dat
2016-11-09 08:30 - 2009-08-17 15:12 - 00147712 _____ C:\Windows\system32\perfc010.dat
2016-11-09 08:30 - 2009-07-14 06:13 - 01659648 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-09 08:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-09 08:27 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-09 08:26 - 2015-03-07 01:19 - 00000000 __SHD C:\Users\Kekko\IntelGraphicsProfiles
2016-11-09 08:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-08 19:02 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-08 18:36 - 2015-03-20 10:06 - 00000000 ____D C:\ProgramData\UDL
2016-11-08 18:36 - 2015-03-20 09:49 - 00000000 ____D C:\Program Files (x86)\Epson Software
2016-11-08 18:36 - 2015-03-07 01:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-08 18:35 - 2015-03-20 10:05 - 00000308 _____ C:\Windows\setup.iss
2016-11-08 18:33 - 2015-03-20 09:49 - 00000000 ____D C:\Program Files (x86)\epson
2016-11-08 13:09 - 2015-03-07 01:22 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-08 10:21 - 2015-03-09 20:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 10:21 - 2015-03-09 20:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 10:21 - 2015-03-09 20:59 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 10:21 - 2015-03-09 20:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 10:21 - 2015-03-08 15:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 08:43 - 2015-03-08 15:04 - 00000000 ____D C:\Users\Kekko\AppData\Local\Adobe
2016-11-07 19:33 - 2015-03-08 16:30 - 00000000 ____D C:\ProgramData\FLEXnet
2016-11-07 19:19 - 2016-03-02 18:47 - 00000000 ____D C:\ProgramData\Avira
2016-11-07 18:49 - 2009-07-14 06:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-07 09:13 - 2015-11-13 08:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-04 19:23 - 2015-03-13 11:21 - 00000000 ____D C:\ProgramData\EPSON
2016-11-03 08:58 - 2015-03-09 10:59 - 00004096 ___SH C:\{139B84D8-7F25-45E0-BA8A-0E569275D602}.CBM
2016-11-03 08:55 - 2015-03-07 03:27 - 00308224 ___SH C:\EUMONBMP.SYS
2016-11-02 12:46 - 2015-09-28 11:13 - 00000000 ____D C:\Users\Kekko\Documents\GraLe
2016-10-26 16:25 - 2016-03-02 18:09 - 00000000 ____D C:\Users\Kekko\AppData\Roaming\vlc
2016-10-26 15:47 - 2015-09-03 10:44 - 00000000 ____D C:\Users\Kekko\AppData\Roaming\TeamViewer
2016-10-26 14:36 - 2015-03-07 00:01 - 00000000 ____D C:\Users\Kekko
2016-10-26 14:29 - 2016-09-28 11:28 - 00000000 ____D C:\ProgramData\ProductData
2016-10-26 14:18 - 2016-09-28 11:27 - 00002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Kekko)
2016-10-26 14:14 - 2016-03-02 17:22 - 00000000 ____D C:\Windows\Minidump
2016-10-25 09:59 - 2015-03-08 18:19 - 00000000 ____D C:\Users\Kekko\AppData\Roaming\TeraCopy
2016-10-25 09:59 - 2015-03-07 01:15 - 00000000 ____D C:\Intel
2016-10-25 09:59 - 2015-03-06 23:44 - 00000000 ____D C:\Windows\Panther
2016-10-25 09:58 - 2015-09-25 17:59 - 00000000 ____D C:\Program Files (x86)\eMule
2016-10-25 09:58 - 2015-03-08 16:33 - 00000000 ____D C:\Users\Kekko\AppData\Local\Microsoft Help
2016-10-25 09:58 - 2015-03-08 16:15 - 00000000 ____D C:\Users\Kekko\AppData\Roaming\SolidWorks
2016-10-25 09:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-10-24 14:44 - 2009-07-14 05:45 - 05152360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-24 08:05 - 2015-03-07 01:54 - 00156848 _____ C:\Users\Kekko\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-24 07:52 - 2015-03-07 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-19 09:41 - 2015-03-09 21:32 - 00000000 ____D C:\Users\Kekko\AppData\Local\ElevatedDiagnostics
2016-10-13 08:05 - 2015-06-26 07:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-27 17:32

==================== End of FRST.txt ============================