Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Can't remove a nasty strain of malware/adware
Message
<blockquote data-quote="Cooperdale" data-source="post: 506466" data-attributes="member: 52342"><p>Hello everybody, thanks in advance for any help.</p><p></p><p>I'm trying to remove Malware from a PC (not mine). It keeps opening up ads in the form of new tabs in any browser.</p><p></p><p>As described above, Adwcleaner found nothing, neither did Malwarebytes.</p><p></p><p>I checked all autoruns items for something strange, which I didn't find.</p><p></p><p>I also reset browsers to their defaults, to no avail.</p><p></p><p>I really don't know what else to do.</p><p></p><p>I'm pasting FRST logs, hope they can be of help (the system won't let me upload them).</p><p></p><p>==========================================================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2016</p><p>Ran by Utente (2016-05-02 13:39:20)</p><p>Running from C:\Documents and Settings\Utente\Desktop</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) (2008-10-24 22:49:07)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-1275210071-179605362-725345543-500 - Administrator - Disabled) => %SystemDrive%\Documents and Settings\Administrator</p><p>Guest (S-1-5-21-1275210071-179605362-725345543-501 - Limited - Enabled)</p><p>HelpAssistant (S-1-5-21-1275210071-179605362-725345543-1000 - Limited - Disabled)</p><p>SUPPORT_388945a0 (S-1-5-21-1275210071-179605362-725345543-1002 - Limited - Disabled)</p><p>Utente (S-1-5-21-1275210071-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Utente</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: ESET NOD32 Antivirus 9.0.377.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)</p><p>Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)</p><p>Adobe Reader XI (11.0.08) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2183461) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2360131) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2416400) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2482017) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2497640) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2530548) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2559049) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2586448) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2618444) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB976325) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB978207) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 7 (KB982381) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows XP (KB923689) (HKLM\...\KB923689) (Version: - Microsoft Corporation)</p><p>Aggiornamento della protezione per Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)</p><p>Aggiornamento per Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento per Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden</p><p>Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)</p><p>AKSwitcher Service (HKLM\...\AKSwitcher) (Version: 1.0 - ArubaKey)</p><p>ArcSoft Panorama Maker 3.0 (HKLM\...\{1CABB679-3958-44AA-BFFF-4E68A2684255}) (Version: - )</p><p>ATI - Programma di disinstallazione (HKLM\...\All ATI Software) (Version: 6.14.10.1019 - )</p><p>ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.15.0.20713 - ATI Technologies Inc.)</p><p>ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1220.2142 - )</p><p>ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.451-071220a1-057721C-ATI - )</p><p>ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )</p><p>ATI Parental Control & Encoder (Version: 3.0 - Nome società) Hidden</p><p>ATI Problem Report Wizard (HKLM\...\{5DA6F06A-B389-407B-BF8C-1548767914D8}) (Version: 8.10 - ATI Technologies)</p><p>AutoCAD 2010 - Italiano (HKLM\...\AutoCAD 2010 - Italiano) (Version: 18.0.55.0 - Autodesk)</p><p>AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden</p><p>ccc-core-preinstall (Version: 2007.1220.2143.38732 - ATI) Hidden</p><p>ccc-core-static (Version: 2007.1220.2143.38732 - ATI) Hidden</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)</p><p>CDDRV_Installer (Version: 4.60 - Logitech) Hidden</p><p>Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>DeskTopBinder - SmartDeviceMonitor for Client (HKLM\...\{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}) (Version: 8.6.7.0 - )</p><p>DeskTopBinder Lite (HKLM\...\{DD30D7C5-DD1A-46E7-9CA6-03CF6A398990}) (Version: 5.3.6.1 - Ricoh)</p><p>Docfa 3.0 SP5 (HKLM\...\Docfa 3.0 SP5) (Version: - )</p><p>Docfa 3.0.5 (HKLM\...\Docfa 3.0.5) (Version: - )</p><p>Docfa4 (HKLM\...\A9D22611-32B5-40C2-88BF-6A39245A0C76) (Version: 4.00.3 - Sogei)</p><p>DraftSight (HKLM\...\{7FB4CBC4-9236-4338-999D-6E77598D56A8}) (Version: 10.1.1069 - Dassault Systemes)</p><p>ESET NOD32 Antivirus (HKLM\...\{4E4A2342-F757-49F3-A3A1-364AF1AC0381}) (Version: 9.0.377.1 - ESET, spol. s r.o.)</p><p>ExtraCAD 6 (HKLM\...\ExtraCAD 6) (Version: - )</p><p>Facebook Plug-In (HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Facebook Plug-In) (Version: - Facebook, Inc.)</p><p>Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - <a href="http://www.hellopdf.com" target="_blank">www.hellopdf.com</a>)</p><p>Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)</p><p>Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden</p><p>Image Web Server 7.0 IE Plugins (Build:3,1,0,229) (HKLM\...\Image Web Server IE Plugin) (Version: - )</p><p>J2SE Runtime Environment 5.0 Update 16 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun Microsystems, Inc.)</p><p>KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden</p><p>K-Lite Mega Codec Pack 1.65 (HKLM\...\KLiteCodecPack_is1) (Version: 1.65 - )</p><p>Language Pack di AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden</p><p>LightScribe System Software 1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - hxxp://<a href="http://www.lightscribe.com" target="_blank">www.lightscribe.com</a>)</p><p>Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)</p><p>Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)</p><p>Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA (HKLM\...\{842F9881-E181-30B3-A152-008D61433274}) (Version: 2.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA (HKLM\...\{86BA3130-5938-3192-BBCF-6B0A2D86FA58}) (Version: 3.2.30729 - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ita) (Version: - Microsoft Corporation)</p><p>Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)</p><p>Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)</p><p>Microsoft Office XP Small Business (HKLM\...\{91130410-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Works (HKLM\...\{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}) (Version: 08.05.0822 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Nero 8 Essentials (HKLM\...\{65A54DC3-5FF6-4C75-906E-3EA1A3B71040}) (Version: 8.10.376 - Nero AG)</p><p>Nikon View 6 (HKLM\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - )</p><p>NoAdware v5.0 (HKLM\...\NoAdware 5.0_is1) (Version: - )</p><p>OpenOffice.org 3.3 (HKLM\...\{2A845A64-3F80-41D7-9F33-6146E56997E6}) (Version: 3.3.9567 - OpenOffice.org)</p><p>Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (HKLM\...\DF095A5F6BDF51B12AC8DFCDBA1B044C442E0ADE) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)</p><p>Pannello voci Ver. 4.0 (HKLM\...\Pannello voci_is1) (Version: - Anastasis Soc. Coop.)</p><p>Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5464 - Realtek Semiconductor Corp.)</p><p>Regolo Sicurezza 5 (HKLM\...\Microsoftware.RegoloSicurezza.5_is1) (Version: 5.0 - Microsoftware srl)</p><p>Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)</p><p>Skins (Version: 2007.1220.2143.38732 - ATI) Hidden</p><p>Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)</p><p>Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)</p><p>Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)</p><p>Type1232 TWAIN Driver Ver.3 (HKLM\...\{F67C1757-E0EF-466B-8C58-18686C445783}) (Version: - )</p><p>TypeC2550 TWAIN Driver Ver.4 (HKLM\...\{61777C41-766B-4C45-82D8-EE72917658F1}) (Version: 4.31 - )</p><p>UPSilon 2000 (HKLM\...\{E592E668-89A9-4098-B70C-0C2D59FB15CA}) (Version: 3.00 - Megatec)</p><p>Uranium Backup (HKLM\...\Uranium Backup) (Version: - )</p><p>VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden</p><p>Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p>Voltura 1.0 (HKLM\...\Voltura 1.0) (Version: - )</p><p>WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden</p><p>Win2PDF 3.10 (HKLM\...\Win2PDF_is1) (Version: 3.10 - Dane Prairie Systems, LLC.)</p><p>Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)</p><p>Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)</p><p>Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )</p><p>Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )</p><p>Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144514 - Microsoft Corporation)</p><p>WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - )</p><p>XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll ( )</p><p>CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Programmi\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job => C:\WINDOWS\system32\xp_eos.exe</p><p>Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job => C:\WINDOWS\system32\xp_eos.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2009-07-16 10:28 - 2006-03-19 15:15 - 00015360 _____ () C:\WINDOWS\system32\win2pdfm.dll</p><p>2009-07-09 12:26 - 2009-07-09 12:26 - 00081920 _____ () C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe</p><p>2012-12-27 14:57 - 2012-12-27 14:57 - 00948144 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtNetwork4.dll</p><p>2012-12-27 14:57 - 2012-12-27 14:57 - 02623408 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtCore4.dll</p><p>2012-12-27 14:57 - 2012-12-27 14:57 - 00387505 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtXml4.dll</p><p>2008-10-25 01:35 - 2005-08-03 22:32 - 00125952 _____ () C:\Programmi\WinRAR\rarext.dll</p><p>2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Programmi\CCleaner\lang\lang-1040.dll</p><p>2007-10-29 14:00 - 2008-04-14 04:13 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""</p><p></p><p>==================== EXE Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p>IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com</p><p>IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com</p><p>IE restricted site: HKU\.DEFAULT\...\008k.com -> <a href="http://www.008k.com" target="_blank">www.008k.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\00hq.com -> <a href="http://www.00hq.com" target="_blank">www.00hq.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com</p><p>IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com</p><p>IE restricted site: HKU\.DEFAULT\...\0scan.com -> <a href="http://www.0scan.com" target="_blank">www.0scan.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> <a href="http://www.1-2005-search.com" target="_blank">www.1-2005-search.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> <a href="http://www.1-domains-registrations.com" target="_blank">www.1-domains-registrations.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> <a href="http://www.1000gratisproben.com" target="_blank">www.1000gratisproben.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\1001namen.com -> <a href="http://www.1001namen.com" target="_blank">www.1001namen.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com</p><p>IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> <a href="http://www.100sexlinks.com" target="_blank">www.100sexlinks.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\10sek.com -> <a href="http://www.10sek.com" target="_blank">www.10sek.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net</p><p>IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net</p><p>IE restricted site: HKU\.DEFAULT\...\123fporn.info -> <a href="http://www.123fporn.info" target="_blank">www.123fporn.info</a></p><p>IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> <a href="http://www.123haustiereundmehr.com" target="_blank">www.123haustiereundmehr.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> <a href="http://www.123moviedownload.com" target="_blank">www.123moviedownload.com</a></p><p>IE restricted site: HKU\.DEFAULT\...\123simsen.com -> <a href="http://www.123simsen.com" target="_blank">www.123simsen.com</a></p><p></p><p>There are 7866 more sites.</p><p></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\007guard.com -> install.007guard.com</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008i.com -> 008i.com</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008k.com -> <a href="http://www.008k.com" target="_blank">www.008k.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\00hq.com -> <a href="http://www.00hq.com" target="_blank">www.00hq.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\010402.com -> 010402.com</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\0scan.com -> <a href="http://www.0scan.com" target="_blank">www.0scan.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-2005-search.com -> <a href="http://www.1-2005-search.com" target="_blank">www.1-2005-search.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-domains-registrations.com -> <a href="http://www.1-domains-registrations.com" target="_blank">www.1-domains-registrations.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1000gratisproben.com -> <a href="http://www.1000gratisproben.com" target="_blank">www.1000gratisproben.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1001namen.com -> <a href="http://www.1001namen.com" target="_blank">www.1001namen.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100888290cs.com -> mir.100888290cs.com</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100sexlinks.com -> <a href="http://www.100sexlinks.com" target="_blank">www.100sexlinks.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\10sek.com -> <a href="http://www.10sek.com" target="_blank">www.10sek.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-26.net -> user1.12-26.net</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-27.net -> user1.12-27.net</p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123fporn.info -> <a href="http://www.123fporn.info" target="_blank">www.123fporn.info</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123haustiereundmehr.com -> <a href="http://www.123haustiereundmehr.com" target="_blank">www.123haustiereundmehr.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123moviedownload.com -> <a href="http://www.123moviedownload.com" target="_blank">www.123moviedownload.com</a></p><p>IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123simsen.com -> <a href="http://www.123simsen.com" target="_blank">www.123simsen.com</a></p><p></p><p>There are 7865 more sites.</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2007-10-29 14:00 - 2007-10-29 14:00 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p>127.0.0.1 localhost</p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp</p><p>DNS Servers: 208.67.222.222 - 208.67.220.220</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Function Palette.lnk => C:\WINDOWS\pss\Function Palette.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkvMon.exe.lnk => C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Rupsmon Daemon.lnk => C:\WINDOWS\pss\Rupsmon Daemon.lnkCommon Startup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk => C:\WINDOWS\pss\ERUNT AutoBackup.lnkStartup</p><p>MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup</p><p>MSCONFIG\startupreg: Adobe ARM => "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"</p><p>MSCONFIG\startupreg: CpnIconMng => "C:\Programmi\Panda Security\WAC\CpIcnMng.exe"</p><p>MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c</p><p>MSCONFIG\startupreg: LightScribe Control Panel => C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden</p><p>MSCONFIG\startupreg: NeroFilterCheck => C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe</p><p>MSCONFIG\startupreg: Skype => "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun</p><p>MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe"</p><p>MSCONFIG\startupreg: VoicePanel => C:\Programmi\Anastasis\VoicePanel\VoicePanel.exe</p><p>MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>StandardProfile\AuthorizedApplications: [D:\Installation\Setupx.exe] => Enabled:Nero ControlCenter</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\Adobe\Photoshop Elements 2\PhotoshopElements.exe] => Enabled:Adobe Photoshop Elements</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\RDS\PLTBar.exe] => Enabled:Ridoc Document System Ridoc Desk ToolLauncher Module</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa30\PGM\DOCFA30.exe] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />OCFA30</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa4\Pgm\Docfa40.exe] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />ocfa40</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\File comuni\Microsoft Shared\MSPaper\MSPSCAN.EXE] => Enabled:Microsoft® Office Document Scanning App</p><p>StandardProfile\AuthorizedApplications: [C:\Docfa4\PGM\Docfa40.exe] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />ocfa40</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\Skype\Phone\Skype.exe] => Enabled:Skype</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\AVG\AVG2015\avgmfapx.exe] => Enabled:Installazione di AVG</p><p>StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome</p><p>DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22004</p><p>DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22005</p><p>DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22001</p><p>DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22002</p><p>StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22004</p><p>StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22005</p><p>StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22001</p><p>StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite112" alt=":mad:" title="Mad :mad:" loading="lazy" data-shortname=":mad:" />xpsp2res.dll,-22002</p><p></p><p>==================== Restore Points =========================</p><p></p><p>03-02-2016 11:47:10 Punto di arresto del sistema</p><p>04-02-2016 12:24:17 Punto di arresto del sistema</p><p>05-02-2016 13:10:44 Punto di arresto del sistema</p><p>08-02-2016 12:12:32 Punto di arresto del sistema</p><p>09-02-2016 12:33:05 Punto di arresto del sistema</p><p>10-02-2016 13:10:35 Punto di arresto del sistema</p><p>11-02-2016 13:22:50 Punto di arresto del sistema</p><p>12-02-2016 13:29:56 Punto di arresto del sistema</p><p>15-02-2016 12:06:15 Punto di arresto del sistema</p><p>16-02-2016 13:19:04 Punto di arresto del sistema</p><p>17-02-2016 14:12:38 Punto di arresto del sistema</p><p>18-02-2016 14:29:53 Punto di arresto del sistema</p><p>19-02-2016 14:56:40 Punto di arresto del sistema</p><p>22-02-2016 13:34:01 Punto di arresto del sistema</p><p>23-02-2016 14:16:45 Punto di arresto del sistema</p><p>24-02-2016 14:45:24 Punto di arresto del sistema</p><p>25-02-2016 14:52:37 Punto di arresto del sistema</p><p>26-02-2016 15:49:39 Punto di arresto del sistema</p><p>28-02-2016 14:18:39 Punto di arresto del sistema</p><p>29-02-2016 14:26:11 Punto di arresto del sistema</p><p>01-03-2016 14:26:33 Punto di arresto del sistema</p><p>02-03-2016 14:47:02 Punto di arresto del sistema</p><p>03-03-2016 15:00:01 Punto di arresto del sistema</p><p>04-03-2016 15:00:41 Punto di arresto del sistema</p><p>07-03-2016 09:55:10 Punto di arresto del sistema</p><p>08-03-2016 10:25:12 Punto di arresto del sistema</p><p>09-03-2016 12:14:54 Punto di arresto del sistema</p><p>10-03-2016 12:46:26 Punto di arresto del sistema</p><p>11-03-2016 14:14:55 Punto di arresto del sistema</p><p>14-03-2016 09:38:20 Punto di arresto del sistema</p><p>15-03-2016 12:45:56 Punto di arresto del sistema</p><p>16-03-2016 13:20:41 Punto di arresto del sistema</p><p>17-03-2016 14:21:27 Punto di arresto del sistema</p><p>18-03-2016 14:22:40 Punto di arresto del sistema</p><p>21-03-2016 12:22:14 Punto di arresto del sistema</p><p>22-03-2016 13:16:54 Punto di arresto del sistema</p><p>23-03-2016 14:04:12 Punto di arresto del sistema</p><p>24-03-2016 14:34:46 Punto di arresto del sistema</p><p>25-03-2016 15:21:47 Punto di arresto del sistema</p><p>29-03-2016 11:49:44 Punto di arresto del sistema</p><p>30-03-2016 11:59:50 Punto di arresto del sistema</p><p>31-03-2016 12:21:31 Punto di arresto del sistema</p><p>01-04-2016 12:53:56 Punto di arresto del sistema</p><p>02-04-2016 13:21:07 Punto di arresto del sistema</p><p>04-04-2016 09:02:54 Punto di arresto del sistema</p><p>05-04-2016 09:16:54 Punto di arresto del sistema</p><p>06-04-2016 12:15:14 Punto di arresto del sistema</p><p>07-04-2016 13:07:56 Punto di arresto del sistema</p><p>08-04-2016 13:15:24 Punto di arresto del sistema</p><p>11-04-2016 12:29:52 Punto di arresto del sistema</p><p>12-04-2016 13:15:52 Punto di arresto del sistema</p><p>13-04-2016 13:38:33 Punto di arresto del sistema</p><p>14-04-2016 14:29:55 Punto di arresto del sistema</p><p>15-04-2016 14:52:28 Punto di arresto del sistema</p><p>18-04-2016 06:45:06 Punto di arresto del sistema</p><p>19-04-2016 10:10:53 Punto di arresto del sistema</p><p>20-04-2016 11:06:22 Punto di arresto del sistema</p><p>21-04-2016 11:21:51 Punto di arresto del sistema</p><p>22-04-2016 11:30:36 Punto di arresto del sistema</p><p>26-04-2016 09:49:18 Punto di arresto del sistema</p><p>27-04-2016 11:19:16 Punto di arresto del sistema</p><p>28-04-2016 12:22:35 Punto di arresto del sistema</p><p>29-04-2016 13:04:09 Punto di arresto del sistema</p><p>30-04-2016 13:25:35 Punto di arresto del sistema</p><p>02-05-2016 12:22:17 Punto di arresto del sistema</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p></p><p>System errors:</p><p>=============</p><p>Error: (05/02/2016 12:11:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)</p><p>Description: DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""</p><p>per eseguire il server</p><p>{E60687F7-01A1-40AA-86AC-DB1CBF673334}</p><p></p><p>Error: (05/02/2016 11:45:49 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:43:48 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p>Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: )</p><p>Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+</p><p>Percentage of memory in use: 25%</p><p>Total physical RAM: 3071.23 MB</p><p>Available physical RAM: 2285.25 MB</p><p>Total Virtual: 4957.16 MB</p><p>Available Virtual: 4327.56 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:278.22 GB) (Free:215.14 GB) NTFS ==>[drive with boot components (Windows XP)]</p><p>Drive d: (Acronis) (Fixed) (Total:19.87 GB) (Free:12.14 GB) NTFS</p><p>Drive f: (Copie) (Fixed) (Total:931.51 GB) (Free:857.5 GB) NTFS</p><p>Drive g: (ARUBAKEY) (Removable) (Total:0.94 GB) (Free:0.61 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 298.1 GB) (Disk ID: 76124D31)</p><p>Partition 1: (Active) - (Size=278.2 GB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=19.9 GB) - (Type=05)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FEBC4493)</p><p>Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 2 (Size: 1.9 GB) (Disk ID: 70707573)</p><p>No partition Table on disk 2.</p><p></p><p>==================== End of Addition.txt ============================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2016</p><p>Ran by Utente (administrator) on TOMMASO (02-05-2016 13:38:33)</p><p>Running from C:\Documents and Settings\Utente\Desktop</p><p>Loaded Profiles: Utente (Available Profiles: Utente & Administrator)</p><p>Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia)</p><p>Internet Explorer Version 8 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\ekrn.exe</p><p>(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe</p><p>(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe</p><p>(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe</p><p>() C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe</p><p>(Dassault Systèmes) C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe</p><p>(Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LSSrvc.exe</p><p>(Nero AG) C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe</p><p>(Google Inc.) C:\Programmi\Google\Update\1.3.29.5\GoogleCrashHandler.exe</p><p>(Mega System Technologies, Inc.) C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe</p><p>(Skype Technologies S.A.) C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe</p><p>(Mega Corp.) C:\Programmi\Megatec\UPSilon 2000\usbmate.exe</p><p>(ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\egui.exe</p><p>(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe</p><p>(Advanced Micro Devices Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe</p><p>(Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe</p><p>(Freesoft S.r.l.) C:\Programmi\FreeSoft\Uranium\Uranium.exe</p><p>(Logitech, Inc.) C:\Programmi\Logitech\SetPoint\SetPoint.exe</p><p>(RICOH COMPANY,LTD.) C:\Programmi\RDS\RMClient\PMCTray.exe</p><p>(Logitech, Inc.) C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe</p><p>(ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer.exe</p><p>(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\tv_w32.exe</p><p>(TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()</p><p>HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)</p><p>HKLM\...\Run: [JobHisInit] => C:\Programmi\RDS\RMClient\JobHisInit.exe [229481 2007-08-30] (RICOH COMPANY,LTD.)</p><p>HKLM\...\Run: [MplSetUp] => C:\Programmi\RDS\RMClient\MplSetUp.exe [49254 2007-08-30] (RICOH COMPANY,LTD.)</p><p>Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21] (ATI Technologies Inc.)</p><p>Winlogon\Notify\LBTWlgn: c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll [2008-05-02] (Logitech, Inc.)</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [Uranium] => C:\Programmi\FreeSoft\Uranium\Uranium.exe [9190528 2011-04-14] (Freesoft S.r.l.)</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoInstrumentation] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoResolveSearch] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSMBalloonTip] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\MountPoints2: {41c0254c-2b22-11de-925d-001e58e7f6a8} - G:\LaunchU3.exe -a</p><p>ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)</p><p>Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk [2015-12-02]</p><p>ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()</p><p>Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk [2008-10-25]</p><p>ShortcutTarget: Logitech SetPoint.lnk -> C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SmartDeviceMonitor for Client.lnk [2008-12-12]</p><p>ShortcutTarget: SmartDeviceMonitor for Client.lnk -> C:\Programmi\RDS\RMClient\PMClient.exe (RICOH COMPANY,LTD.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 31.3.244.140 31.3.244.132</p><p>Tcpip\..\Interfaces\{95A07F52-3415-45D8-8671-25C9B7C2C9AA}: [NameServer] 208.67.222.222,208.67.220.220</p><p>Tcpip\..\Interfaces\{B3758DE8-3EEB-4428-8DF5-04E2DDEAA1B0}: [DhcpNameServer] 31.3.244.140 31.3.244.132</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" target="_blank">www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm</p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://<a href="http://www.google.it/" target="_blank">www.google.it/</a></p><p>HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> DefaultScope {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://<a href="http://www.google.com/search?q={searchTerms}" target="_blank">www.google.com/search?q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://<a href="http://www.google.com/search?q={searchTerms}" target="_blank">www.google.com/search?q={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {115511CE-B4D1-42D7-8EBC-9622074118D6} URL = hxxp://it.search.yahoo.com/search?fr=mcafee&type=A010IT773&p={SearchTerms}</p><p>SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {286B705F-8441-48F7-8706-8529CE432C16} URL = hxxps://it.search.yahoo.com/search?fr=mcafee&type=B010IT773D20140613&p={searchTerms}</p><p>BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll [2008-05-28] (Sun Microsystems, Inc.)</p><p>Toolbar: HKLM - Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx [2008-04-14] (Microsoft Corporation)</p><p>Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab</p><p>DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab</p><p>DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab</p><p>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab</p><p>DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} hxxp://<a href="http://www.cartografiarl.regione.liguria.it/ecwplugins/ncs.cab" target="_blank">www.cartografiarl.regione.liguria.it/ecwplugins/ncs.cab</a></p><p>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</p><p>Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)</p><p>Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)</p><p>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()</p><p>FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programmi\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)</p><p>FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)</p><p>FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)</p><p>FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-1275210071-179605362-725345543-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Profile: C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default</p><p>CHR Extension: (Presentazioni Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]</p><p>CHR Extension: (Documenti Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]</p><p>CHR Extension: (Google Drive) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]</p><p>CHR Extension: (YouTube) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]</p><p>CHR Extension: (Fogli Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]</p><p>CHR Extension: (Google Documenti offline) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]</p><p>CHR Extension: (AdBlock) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-02]</p><p>CHR Extension: (Pagamenti Chrome Web Store) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]</p><p>CHR Extension: (Gmail) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]</p><p>CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Programmi\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AK910SwitchService; C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe [81920 2009-07-09] () [File not signed]</p><p>S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-12-20] () [File not signed]</p><p>R2 DraftSight API Service; C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [86016 2012-12-27] (Dassault Systèmes) [File not signed]</p><p>R2 ekrn; C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [1982752 2016-04-13] (ESET)</p><p>S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-12-21] (Macrovision Europe Ltd.) [File not signed]</p><p>S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)</p><p>S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)</p><p>S3 LBTServ; C:\Programmi\File comuni\LogiShrd\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)</p><p>R2 LightScribeService; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company)</p><p>R2 Nero BackItUp Scheduler 3; C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)</p><p>S3 NMIndexingService; C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe [382248 2007-11-15] (Nero AG)</p><p>R2 Rupsmon; C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe [151552 2007-08-06] (Mega System Technologies, Inc.) [File not signed]</p><p>R2 Skype C2C Service; C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)</p><p>S2 SkypeUpdate; C:\Programmi\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)</p><p>R2 USBMate; C:\Programmi\Megatec\UPSilon 2000\USBMate.exe [106496 2007-02-01] (Mega Corp.) [File not signed]</p><p>S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)</p><p>S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices)</p><p>R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2007-08-29] (Atheros Communications, Inc.)</p><p>R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206312 2016-04-13] (ESET)</p><p>R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2016-04-13] (ESET)</p><p>R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2016-04-13] (ESET)</p><p>R3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)</p><p>R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)</p><p>R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()</p><p>R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)</p><p>U2 CertPropSvc; no ImagePath</p><p>S4 IntelIde; no ImagePath</p><p>U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>U4 WinDefend; no ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-05-02 13:38 - 2016-05-02 13:38 - 01728000 _____ (Farbar) C:\Documents and Settings\Utente\Desktop\FRST.exe</p><p>2016-05-02 13:38 - 2016-05-02 13:38 - 00018119 _____ C:\Documents and Settings\Utente\Desktop\FRST.txt</p><p>2016-05-02 13:38 - 2016-05-02 13:38 - 00000000 ____D C:\FRST</p><p>2016-05-02 11:42 - 2016-05-02 11:42 - 00108656 _____ C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT</p><p>2016-05-02 11:19 - 2016-05-02 11:19 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\TeamViewer</p><p>2016-05-02 11:18 - 2016-05-02 11:18 - 05044584 _____ (TeamViewer) C:\Documents and Settings\Utente\Desktop\TeamViewerQS_it-idcbft9wzh.exe</p><p>2016-05-02 10:51 - 2016-05-02 10:51 - 00014045 _____ C:\Documents and Settings\Utente\Desktop\rubrica.csv</p><p>2016-05-02 10:30 - 2016-05-02 10:30 - 00001781 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome.lnk</p><p>2016-05-02 10:30 - 2016-05-02 10:30 - 00001775 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>2016-05-02 10:27 - 2016-05-02 10:27 - 00987728 _____ (Google Inc.) C:\Documents and Settings\Utente\Desktop\ChromeSetup.exe</p><p>2016-05-02 10:19 - 2016-05-02 10:19 - 00150410 _____ C:\Documents and Settings\Utente\Desktop\bookmarks_02_05_16.html</p><p>2016-05-02 10:10 - 2016-05-02 10:12 - 00000314 _____ C:\Documents and Settings\Utente\Desktop\dati.txt</p><p>2016-05-02 09:57 - 2016-05-02 09:59 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2016-05-02 09:57 - 2016-05-02 09:57 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware</p><p>2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware</p><p>2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes</p><p>2016-05-02 09:57 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys</p><p>2016-05-02 09:57 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2016-05-02 09:56 - 2016-05-02 09:56 - 22851472 _____ (Malwarebytes ) C:\Documents and Settings\Utente\Desktop\mbam-setup-2.2.1.1043.exe</p><p>2016-05-02 09:48 - 2016-05-02 09:48 - 03615296 _____ C:\Documents and Settings\Utente\Desktop\adwcleaner_5.115.exe</p><p>2016-04-28 11:58 - 2016-04-28 11:58 - 01634584 _____ C:\Documents and Settings\Utente\Desktop\Trimestre 2016.pdf</p><p>2016-04-27 17:29 - 2016-04-27 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\ESET</p><p>2016-04-16 11:32 - 2016-04-16 11:32 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEONARDO</p><p>2016-04-13 13:31 - 2016-04-13 13:31 - 00206312 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys</p><p>2016-04-13 13:31 - 2016-04-13 13:31 - 00146024 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys</p><p>2016-04-13 13:31 - 2016-04-13 13:31 - 00127496 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdir.sys</p><p>2016-04-12 19:25 - 2016-04-12 19:25 - 00002607 _____ C:\Documents and Settings\Utente\Desktop\ritirocertificato.zip</p><p>2016-04-12 17:32 - 2016-04-14 17:31 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\DISCIPLINARE</p><p>2016-04-07 09:56 - 2016-04-07 09:56 - 00252349 _____ C:\Documents and Settings\Utente\Desktop\tuttocitta.pdf</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-05-02 13:38 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Temp</p><p>2016-05-02 13:00 - 2011-12-19 18:30 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-05-02 11:42 - 2008-11-14 20:28 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt</p><p>2016-05-02 11:42 - 2008-10-25 01:21 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt</p><p>2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni</p><p>2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente</p><p>2016-05-02 11:41 - 2011-12-19 18:30 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2016-05-02 11:41 - 2008-10-25 00:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2016-05-02 11:40 - 2008-10-25 00:50 - 00032616 ____N C:\WINDOWS\SchedLgU.Txt</p><p>2016-05-02 11:40 - 2008-10-25 00:50 - 00000306 ___SH C:\Documents and Settings\Utente\ntuser.ini</p><p>2016-05-02 10:30 - 2008-10-28 18:59 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google</p><p>2016-05-02 10:30 - 2008-10-25 02:30 - 00000000 ___RD C:\Programmi</p><p>2016-05-02 10:30 - 2008-10-25 02:29 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi</p><p>2016-05-02 10:29 - 2008-10-28 18:59 - 00000000 ____D C:\Programmi\Google</p><p>2016-05-02 10:29 - 2008-10-27 12:00 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Mozilla</p><p>2016-05-02 10:16 - 2015-12-01 19:43 - 00000194 ___SH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2016-05-02 10:15 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Impostazioni locali\Temp</p><p>2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Programmi\Avira</p><p>2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Avira</p><p>2016-05-02 10:14 - 2008-10-25 02:20 - 00000000 ____D C:\WINDOWS\PeerNet</p><p>2016-05-02 10:13 - 2013-10-15 19:34 - 00754504 _____ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat</p><p>2016-05-02 10:13 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni</p><p>2016-05-02 09:57 - 2008-10-25 02:27 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni</p><p>2016-05-02 09:55 - 2008-10-25 02:30 - 01073550 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2016-05-02 09:55 - 2007-10-29 14:00 - 00479236 _____ C:\WINDOWS\system32\perfh010.dat</p><p>2016-05-02 09:55 - 2007-10-29 14:00 - 00079720 _____ C:\WINDOWS\system32\perfc010.dat</p><p>2016-05-02 09:50 - 2013-10-25 18:15 - 00000000 ____D C:\AdwCleaner</p><p>2016-05-02 09:47 - 2015-12-01 19:43 - 00000000 __RHD C:\Documents and Settings\Administrator\Dati applicazioni</p><p>2016-05-02 09:47 - 2015-03-20 19:28 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Avira</p><p>2016-05-02 09:47 - 2015-03-20 19:23 - 00000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Avira</p><p>2016-05-02 09:41 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator</p><p>2016-05-01 19:32 - 2007-10-29 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl</p><p>2016-04-30 11:30 - 2009-07-16 10:28 - 00001667 _____ C:\WINDOWS\1way.ini</p><p>2016-04-29 09:47 - 2010-11-10 12:08 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PUC ALASSIO e ONERI</p><p>2016-04-28 11:41 - 2015-03-20 19:30 - 00000000 ____D C:\WINDOWS\system32\NtmsData</p><p>2016-04-28 11:37 - 2008-10-25 00:44 - 00000000 ____D C:\WINDOWS\Registration</p><p>2016-04-28 11:27 - 2008-10-25 18:45 - 00002442 _____ C:\Documents and Settings\Utente\Desktop\Word .lnk</p><p>2016-04-28 08:16 - 2015-12-01 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\NoAdware</p><p>2016-04-27 18:39 - 2015-03-24 18:53 - 00000000 ____D C:\Programmi\NoAdware5.0</p><p>2016-04-27 17:31 - 2008-10-25 02:20 - 00000000 ___HD C:\WINDOWS\inf</p><p>2016-04-22 10:21 - 2015-04-30 09:01 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\SICUREZZA</p><p>2016-04-21 09:31 - 2008-10-29 17:34 - 00000069 _____ C:\WINDOWS\NeroDigital.ini</p><p>2016-04-19 18:00 - 2012-09-13 18:44 - 00000920 _____ C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat</p><p>2016-04-19 18:00 - 2008-10-25 00:50 - 00000000 __RHD C:\Documents and Settings\Utente\Dati applicazioni</p><p>2016-04-15 17:36 - 2014-11-19 10:06 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\CLIENTI</p><p>2016-04-15 08:48 - 2013-10-29 12:54 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Package Cache</p><p>2016-04-08 11:47 - 2014-09-24 16:04 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEGGI DETRAZIONE TARIFFARIO</p><p>2016-04-05 15:52 - 2014-09-11 12:24 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PTCP</p><p>2016-04-05 08:31 - 2011-04-27 18:57 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\FAUSTO</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2009-11-17 19:07 - 2009-11-17 19:07 - 0021935 _____ () C:\Programmi\FirmaVerifica2.1_InstallLog.log</p><p>2014-11-28 12:28 - 2014-11-28 12:31 - 155536928 _____ () C:\Programmi\OOo_3.3.0_Win_x86_install-wJRE_it.exe</p><p>2012-09-13 18:44 - 2016-04-19 18:00 - 0000920 _____ () C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat</p><p>2015-12-01 17:58 - 2015-12-01 18:35 - 0002219 ____H () C:\Documents and Settings\Utente\Dati applicazioni\xpy.ini</p><p>2008-11-03 10:51 - 2014-05-29 18:12 - 0024064 _____ () C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Documents and Settings\Administrator\Impostazioni locali\Temp\avgnt.exe</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>==================== End of FRST.txt ============================</p></blockquote><p></p>
[QUOTE="Cooperdale, post: 506466, member: 52342"] Hello everybody, thanks in advance for any help. I'm trying to remove Malware from a PC (not mine). It keeps opening up ads in the form of new tabs in any browser. As described above, Adwcleaner found nothing, neither did Malwarebytes. I checked all autoruns items for something strange, which I didn't find. I also reset browsers to their defaults, to no avail. I really don't know what else to do. I'm pasting FRST logs, hope they can be of help (the system won't let me upload them). ========================================================== Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2016 Ran by Utente (2016-05-02 13:39:20) Running from C:\Documents and Settings\Utente\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2008-10-24 22:49:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1275210071-179605362-725345543-500 - Administrator - Disabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-1275210071-179605362-725345543-501 - Limited - Enabled) HelpAssistant (S-1-5-21-1275210071-179605362-725345543-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1275210071-179605362-725345543-1002 - Limited - Disabled) Utente (S-1-5-21-1275210071-179605362-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Utente ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 9.0.377.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.08) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Aggiornamento della protezione per Windows Internet Explorer 7 (KB2183461) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2360131) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2416400) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2482017) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2497640) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2530548) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2544521) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2559049) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2586448) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2618444) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB2647516) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB953838) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB958215) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB960714) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB976325) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB978207) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 7 (KB982381) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB923689) (HKLM\...\KB923689) (Version: - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation) Aggiornamento per Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento per Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) AKSwitcher Service (HKLM\...\AKSwitcher) (Version: 1.0 - ArubaKey) ArcSoft Panorama Maker 3.0 (HKLM\...\{1CABB679-3958-44AA-BFFF-4E68A2684255}) (Version: - ) ATI - Programma di disinstallazione (HKLM\...\All ATI Software) (Version: 6.14.10.1019 - ) ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.15.0.20713 - ATI Technologies Inc.) ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1220.2142 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.451-071220a1-057721C-ATI - ) ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - ) ATI Parental Control & Encoder (Version: 3.0 - Nome società) Hidden ATI Problem Report Wizard (HKLM\...\{5DA6F06A-B389-407B-BF8C-1548767914D8}) (Version: 8.10 - ATI Technologies) AutoCAD 2010 - Italiano (HKLM\...\AutoCAD 2010 - Italiano) (Version: 18.0.55.0 - Autodesk) AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden ccc-core-preinstall (Version: 2007.1220.2143.38732 - ATI) Hidden ccc-core-static (Version: 2007.1220.2143.38732 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DeskTopBinder - SmartDeviceMonitor for Client (HKLM\...\{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}) (Version: 8.6.7.0 - ) DeskTopBinder Lite (HKLM\...\{DD30D7C5-DD1A-46E7-9CA6-03CF6A398990}) (Version: 5.3.6.1 - Ricoh) Docfa 3.0 SP5 (HKLM\...\Docfa 3.0 SP5) (Version: - ) Docfa 3.0.5 (HKLM\...\Docfa 3.0.5) (Version: - ) Docfa4 (HKLM\...\A9D22611-32B5-40C2-88BF-6A39245A0C76) (Version: 4.00.3 - Sogei) DraftSight (HKLM\...\{7FB4CBC4-9236-4338-999D-6E77598D56A8}) (Version: 10.1.1069 - Dassault Systemes) ESET NOD32 Antivirus (HKLM\...\{4E4A2342-F757-49F3-A3A1-364AF1AC0381}) (Version: 9.0.377.1 - ESET, spol. s r.o.) ExtraCAD 6 (HKLM\...\ExtraCAD 6) (Version: - ) Facebook Plug-In (HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Facebook Plug-In) (Version: - Facebook, Inc.) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - [URL="http://www.hellopdf.com"]www.hellopdf.com[/URL]) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden Image Web Server 7.0 IE Plugins (Build:3,1,0,229) (HKLM\...\Image Web Server IE Plugin) (Version: - ) J2SE Runtime Environment 5.0 Update 16 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun Microsystems, Inc.) KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden K-Lite Mega Codec Pack 1.65 (HKLM\...\KLiteCodecPack_is1) (Version: 1.65 - ) Language Pack di AutoCAD 2010 - Italiano (Version: 18.0.55.0 - Autodesk) Hidden LightScribe System Software 1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - hxxp://[URL="http://www.lightscribe.com"]www.lightscribe.com[/URL]) Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech) Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA (HKLM\...\{842F9881-E181-30B3-A152-008D61433274}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA (HKLM\...\{86BA3130-5938-3192-BBCF-6B0A2D86FA58}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ita) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office XP Small Business (HKLM\...\{91130410-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM\...\{62D5B0B1-9E1D-4d66-A593-D68F3FED7709}) (Version: 08.05.0822 - Microsoft Corporation) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 Essentials (HKLM\...\{65A54DC3-5FF6-4C75-906E-3EA1A3B71040}) (Version: 8.10.376 - Nero AG) Nikon View 6 (HKLM\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version: - ) NoAdware v5.0 (HKLM\...\NoAdware 5.0_is1) (Version: - ) OpenOffice.org 3.3 (HKLM\...\{2A845A64-3F80-41D7-9F33-6146E56997E6}) (Version: 3.3.9567 - OpenOffice.org) Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (HKLM\...\DF095A5F6BDF51B12AC8DFCDBA1B044C442E0ADE) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices) Pannello voci Ver. 4.0 (HKLM\...\Pannello voci_is1) (Version: - Anastasis Soc. Coop.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5464 - Realtek Semiconductor Corp.) Regolo Sicurezza 5 (HKLM\...\Microsoftware.RegoloSicurezza.5_is1) (Version: 5.0 - Microsoftware srl) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skins (Version: 2007.1220.2143.38732 - ATI) Hidden Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Type1232 TWAIN Driver Ver.3 (HKLM\...\{F67C1757-E0EF-466B-8C58-18686C445783}) (Version: - ) TypeC2550 TWAIN Driver Ver.4 (HKLM\...\{61777C41-766B-4C45-82D8-EE72917658F1}) (Version: 4.31 - ) UPSilon 2000 (HKLM\...\{E592E668-89A9-4098-B70C-0C2D59FB15CA}) (Version: 3.00 - Megatec) Uranium Backup (HKLM\...\Uranium Backup) (Version: - ) VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Voltura 1.0 (HKLM\...\Voltura 1.0) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Win2PDF 3.10 (HKLM\...\Win2PDF_is1) (Version: 3.10 - Dane Prairie Systems, LLC.) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144514 - Microsoft Corporation) WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - ) XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll ( ) CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Programmi\AutoCAD 2010\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1275210071-179605362-725345543-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Programmi\AutoCAD 2010\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job => C:\WINDOWS\system32\xp_eos.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2009-07-16 10:28 - 2006-03-19 15:15 - 00015360 _____ () C:\WINDOWS\system32\win2pdfm.dll 2009-07-09 12:26 - 2009-07-09 12:26 - 00081920 _____ () C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe 2012-12-27 14:57 - 2012-12-27 14:57 - 00948144 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtNetwork4.dll 2012-12-27 14:57 - 2012-12-27 14:57 - 02623408 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtCore4.dll 2012-12-27 14:57 - 2012-12-27 14:57 - 00387505 _____ () C:\Programmi\Dassault Systemes\DraftSight\bin\QtXml4.dll 2008-10-25 01:35 - 2005-08-03 22:32 - 00125952 _____ () C:\Programmi\WinRAR\rarext.dll 2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Programmi\CCleaner\lang\lang-1040.dll 2007-10-29 14:00 - 2008-04-14 04:13 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> [URL="http://www.008k.com"]www.008k.com[/URL] IE restricted site: HKU\.DEFAULT\...\00hq.com -> [URL="http://www.00hq.com"]www.00hq.com[/URL] IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> [URL="http://www.0scan.com"]www.0scan.com[/URL] IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> [URL="http://www.1-2005-search.com"]www.1-2005-search.com[/URL] IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> [URL="http://www.1-domains-registrations.com"]www.1-domains-registrations.com[/URL] IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> [URL="http://www.1000gratisproben.com"]www.1000gratisproben.com[/URL] IE restricted site: HKU\.DEFAULT\...\1001namen.com -> [URL="http://www.1001namen.com"]www.1001namen.com[/URL] IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> [URL="http://www.100sexlinks.com"]www.100sexlinks.com[/URL] IE restricted site: HKU\.DEFAULT\...\10sek.com -> [URL="http://www.10sek.com"]www.10sek.com[/URL] IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> [URL="http://www.123fporn.info"]www.123fporn.info[/URL] IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> [URL="http://www.123haustiereundmehr.com"]www.123haustiereundmehr.com[/URL] IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> [URL="http://www.123moviedownload.com"]www.123moviedownload.com[/URL] IE restricted site: HKU\.DEFAULT\...\123simsen.com -> [URL="http://www.123simsen.com"]www.123simsen.com[/URL] There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\008k.com -> [URL="http://www.008k.com"]www.008k.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\00hq.com -> [URL="http://www.00hq.com"]www.00hq.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\0scan.com -> [URL="http://www.0scan.com"]www.0scan.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-2005-search.com -> [URL="http://www.1-2005-search.com"]www.1-2005-search.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1-domains-registrations.com -> [URL="http://www.1-domains-registrations.com"]www.1-domains-registrations.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1000gratisproben.com -> [URL="http://www.1000gratisproben.com"]www.1000gratisproben.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\1001namen.com -> [URL="http://www.1001namen.com"]www.1001namen.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\100sexlinks.com -> [URL="http://www.100sexlinks.com"]www.100sexlinks.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\10sek.com -> [URL="http://www.10sek.com"]www.10sek.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123fporn.info -> [URL="http://www.123fporn.info"]www.123fporn.info[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123haustiereundmehr.com -> [URL="http://www.123haustiereundmehr.com"]www.123haustiereundmehr.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123moviedownload.com -> [URL="http://www.123moviedownload.com"]www.123moviedownload.com[/URL] IE restricted site: HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\123simsen.com -> [URL="http://www.123simsen.com"]www.123simsen.com[/URL] There are 7865 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2007-10-29 14:00 - 2007-10-29 14:00 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1275210071-179605362-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp DNS Servers: 208.67.222.222 - 208.67.220.220 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Function Palette.lnk => C:\WINDOWS\pss\Function Palette.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkvMon.exe.lnk => C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Rupsmon Daemon.lnk => C:\WINDOWS\pss\Rupsmon Daemon.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk => C:\WINDOWS\pss\ERUNT AutoBackup.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup MSCONFIG\startupreg: Adobe ARM => "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CpnIconMng => "C:\Programmi\Panda Security\WAC\CpIcnMng.exe" MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: LightScribe Control Panel => C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: NeroFilterCheck => C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe MSCONFIG\startupreg: Skype => "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programmi\Java\jre1.5.0_16\bin\jusched.exe" MSCONFIG\startupreg: VoicePanel => C:\Programmi\Anastasis\VoicePanel\VoicePanel.exe MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [D:\Installation\Setupx.exe] => Enabled:Nero ControlCenter StandardProfile\AuthorizedApplications: [C:\Programmi\Adobe\Photoshop Elements 2\PhotoshopElements.exe] => Enabled:Adobe Photoshop Elements StandardProfile\AuthorizedApplications: [C:\Programmi\RDS\PLTBar.exe] => Enabled:Ridoc Document System Ridoc Desk ToolLauncher Module StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa30\PGM\DOCFA30.exe] => Enabled:DOCFA30 StandardProfile\AuthorizedApplications: [C:\Programmi\Docfa4\Pgm\Docfa40.exe] => Enabled:Docfa40 StandardProfile\AuthorizedApplications: [C:\Programmi\File comuni\Microsoft Shared\MSPaper\MSPSCAN.EXE] => Enabled:Microsoft® Office Document Scanning App StandardProfile\AuthorizedApplications: [C:\Docfa4\PGM\Docfa40.exe] => Enabled:Docfa40 StandardProfile\AuthorizedApplications: [C:\Programmi\Skype\Phone\Skype.exe] => Enabled:Skype StandardProfile\AuthorizedApplications: [C:\Programmi\AVG\AVG2015\avgmfapx.exe] => Enabled:Installazione di AVG StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= 03-02-2016 11:47:10 Punto di arresto del sistema 04-02-2016 12:24:17 Punto di arresto del sistema 05-02-2016 13:10:44 Punto di arresto del sistema 08-02-2016 12:12:32 Punto di arresto del sistema 09-02-2016 12:33:05 Punto di arresto del sistema 10-02-2016 13:10:35 Punto di arresto del sistema 11-02-2016 13:22:50 Punto di arresto del sistema 12-02-2016 13:29:56 Punto di arresto del sistema 15-02-2016 12:06:15 Punto di arresto del sistema 16-02-2016 13:19:04 Punto di arresto del sistema 17-02-2016 14:12:38 Punto di arresto del sistema 18-02-2016 14:29:53 Punto di arresto del sistema 19-02-2016 14:56:40 Punto di arresto del sistema 22-02-2016 13:34:01 Punto di arresto del sistema 23-02-2016 14:16:45 Punto di arresto del sistema 24-02-2016 14:45:24 Punto di arresto del sistema 25-02-2016 14:52:37 Punto di arresto del sistema 26-02-2016 15:49:39 Punto di arresto del sistema 28-02-2016 14:18:39 Punto di arresto del sistema 29-02-2016 14:26:11 Punto di arresto del sistema 01-03-2016 14:26:33 Punto di arresto del sistema 02-03-2016 14:47:02 Punto di arresto del sistema 03-03-2016 15:00:01 Punto di arresto del sistema 04-03-2016 15:00:41 Punto di arresto del sistema 07-03-2016 09:55:10 Punto di arresto del sistema 08-03-2016 10:25:12 Punto di arresto del sistema 09-03-2016 12:14:54 Punto di arresto del sistema 10-03-2016 12:46:26 Punto di arresto del sistema 11-03-2016 14:14:55 Punto di arresto del sistema 14-03-2016 09:38:20 Punto di arresto del sistema 15-03-2016 12:45:56 Punto di arresto del sistema 16-03-2016 13:20:41 Punto di arresto del sistema 17-03-2016 14:21:27 Punto di arresto del sistema 18-03-2016 14:22:40 Punto di arresto del sistema 21-03-2016 12:22:14 Punto di arresto del sistema 22-03-2016 13:16:54 Punto di arresto del sistema 23-03-2016 14:04:12 Punto di arresto del sistema 24-03-2016 14:34:46 Punto di arresto del sistema 25-03-2016 15:21:47 Punto di arresto del sistema 29-03-2016 11:49:44 Punto di arresto del sistema 30-03-2016 11:59:50 Punto di arresto del sistema 31-03-2016 12:21:31 Punto di arresto del sistema 01-04-2016 12:53:56 Punto di arresto del sistema 02-04-2016 13:21:07 Punto di arresto del sistema 04-04-2016 09:02:54 Punto di arresto del sistema 05-04-2016 09:16:54 Punto di arresto del sistema 06-04-2016 12:15:14 Punto di arresto del sistema 07-04-2016 13:07:56 Punto di arresto del sistema 08-04-2016 13:15:24 Punto di arresto del sistema 11-04-2016 12:29:52 Punto di arresto del sistema 12-04-2016 13:15:52 Punto di arresto del sistema 13-04-2016 13:38:33 Punto di arresto del sistema 14-04-2016 14:29:55 Punto di arresto del sistema 15-04-2016 14:52:28 Punto di arresto del sistema 18-04-2016 06:45:06 Punto di arresto del sistema 19-04-2016 10:10:53 Punto di arresto del sistema 20-04-2016 11:06:22 Punto di arresto del sistema 21-04-2016 11:21:51 Punto di arresto del sistema 22-04-2016 11:30:36 Punto di arresto del sistema 26-04-2016 09:49:18 Punto di arresto del sistema 27-04-2016 11:19:16 Punto di arresto del sistema 28-04-2016 12:22:35 Punto di arresto del sistema 29-04-2016 13:04:09 Punto di arresto del sistema 30-04-2016 13:25:35 Punto di arresto del sistema 02-05-2016 12:22:17 Punto di arresto del sistema ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (05/02/2016 12:11:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM ha ricevuto l'errore "%%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti "" per eseguire il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (05/02/2016 11:45:49 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:45:09 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:44:29 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:43:48 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/02/2016 11:43:08 AM) (Source: DCOM) (EventID: 10020) (User: ) Description: Il descrittore di protezione di Avvio e attivazione Predefinito non è valido. Contiene voci di controllo dell'accesso che includono autorizzazioni non valide. L'azione richiesta non verrà eseguita. Per modificare tale autorizzazione di protezione, è possibile utilizzare lo strumento amministrativo Servizi componenti. ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of memory in use: 25% Total physical RAM: 3071.23 MB Available physical RAM: 2285.25 MB Total Virtual: 4957.16 MB Available Virtual: 4327.56 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:278.22 GB) (Free:215.14 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (Acronis) (Fixed) (Total:19.87 GB) (Free:12.14 GB) NTFS Drive f: (Copie) (Fixed) (Total:931.51 GB) (Free:857.5 GB) NTFS Drive g: (ARUBAKEY) (Removable) (Total:0.94 GB) (Free:0.61 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 76124D31) Partition 1: (Active) - (Size=278.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=19.9 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FEBC4493) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1.9 GB) (Disk ID: 70707573) No partition Table on disk 2. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2016 Ran by Utente (administrator) on TOMMASO (02-05-2016 13:38:33) Running from C:\Documents and Settings\Utente\Desktop Loaded Profiles: Utente (Available Profiles: Utente & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\ekrn.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe () C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe (Dassault Systèmes) C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Hewlett-Packard Company) C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Nero AG) C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe (Google Inc.) C:\Programmi\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Mega System Technologies, Inc.) C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Mega Corp.) C:\Programmi\Megatec\UPSilon 2000\usbmate.exe (ESET) C:\Programmi\Eset\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Advanced Micro Devices Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe (Freesoft S.r.l.) C:\Programmi\FreeSoft\Uranium\Uranium.exe (Logitech, Inc.) C:\Programmi\Logitech\SetPoint\SetPoint.exe (RICOH COMPANY,LTD.) C:\Programmi\RDS\RMClient\PMCTray.exe (Logitech, Inc.) C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe (ATI Technologies Inc.) C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\DOCUME~1\Utente\IMPOST~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16384000 2007-08-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [JobHisInit] => C:\Programmi\RDS\RMClient\JobHisInit.exe [229481 2007-08-30] (RICOH COMPANY,LTD.) HKLM\...\Run: [MplSetUp] => C:\Programmi\RDS\RMClient\MplSetUp.exe [49254 2007-08-30] (RICOH COMPANY,LTD.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21] (ATI Technologies Inc.) Winlogon\Notify\LBTWlgn: c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll [2008-05-02] (Logitech, Inc.) HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [CCleaner] => C:\Programmi\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Run: [Uranium] => C:\Programmi\FreeSoft\Uranium\Uranium.exe [9190528 2011-04-14] (Freesoft S.r.l.) HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-1275210071-179605362-725345543-1003\...\MountPoints2: {41c0254c-2b22-11de-925d-001e58e7f6a8} - G:\LaunchU3.exe -a ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation) ShellIconOverlayIdentifiers: [Gestore icona firma digitale di AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.) Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk [2015-12-02] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Programmi\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk [2008-10-25] ShortcutTarget: Logitech SetPoint.lnk -> C:\Programmi\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\SmartDeviceMonitor for Client.lnk [2008-12-12] ShortcutTarget: SmartDeviceMonitor for Client.lnk -> C:\Programmi\RDS\RMClient\PMClient.exe (RICOH COMPANY,LTD.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 31.3.244.140 31.3.244.132 Tcpip\..\Interfaces\{95A07F52-3415-45D8-8671-25C9B7C2C9AA}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{B3758DE8-3EEB-4428-8DF5-04E2DDEAA1B0}: [DhcpNameServer] 31.3.244.140 31.3.244.132 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"]www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.google.it/"]www.google.it/[/URL] HKU\S-1-5-21-1275210071-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> DefaultScope {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://[URL="http://www.google.com/search?q={searchTerms}"]www.google.com/search?q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {00000000-0000-0000-0000-474f4f474c45} URL = hxxp://[URL="http://www.google.com/search?q={searchTerms}"]www.google.com/search?q={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {115511CE-B4D1-42D7-8EBC-9622074118D6} URL = hxxp://it.search.yahoo.com/search?fr=mcafee&type=A010IT773&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1275210071-179605362-725345543-1003 -> {286B705F-8441-48F7-8706-8529CE432C16} URL = hxxps://it.search.yahoo.com/search?fr=mcafee&type=B010IT773D20140613&p={searchTerms} BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.5.0_16\bin\ssv.dll [2008-05-28] (Sun Microsystems, Inc.) Toolbar: HKLM - Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx [2008-04-14] (Microsoft Corporation) Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} hxxp://[URL="http://www.cartografiarl.regione.liguria.it/ecwplugins/ncs.cab"]www.cartografiarl.regione.liguria.it/ecwplugins/ncs.cab[/URL] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programmi\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1275210071-179605362-725345543-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Utente\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( ) Chrome: ======= CHR Profile: C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default CHR Extension: (Presentazioni Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02] CHR Extension: (Documenti Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02] CHR Extension: (Google Drive) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02] CHR Extension: (YouTube) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02] CHR Extension: (Fogli Google) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02] CHR Extension: (Google Documenti offline) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02] CHR Extension: (AdBlock) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-02] CHR Extension: (Pagamenti Chrome Web Store) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02] CHR Extension: (Gmail) - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Programmi\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AK910SwitchService; C:\Programmi\ArubaKey\AKSwitcher\ak910switchservice.exe [81920 2009-07-09] () [File not signed] S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-12-20] () [File not signed] R2 DraftSight API Service; C:\Programmi\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [86016 2012-12-27] (Dassault Systèmes) [File not signed] R2 ekrn; C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [1982752 2016-04-13] (ESET) S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-12-21] (Macrovision Europe Ltd.) [File not signed] S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) S3 LBTServ; C:\Programmi\File comuni\LogiShrd\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.) R2 LightScribeService; C:\Programmi\File comuni\LightScribe\LSSrvc.exe [79136 2007-10-18] (Hewlett-Packard Company) R2 Nero BackItUp Scheduler 3; C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG) S3 NMIndexingService; C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe [382248 2007-11-15] (Nero AG) R2 Rupsmon; C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe [151552 2007-08-06] (Mega System Technologies, Inc.) [File not signed] R2 Skype C2C Service; C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S2 SkypeUpdate; C:\Programmi\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies) R2 USBMate; C:\Programmi\Megatec\UPSilon 2000\USBMate.exe [106496 2007-02-01] (Mega Corp.) [File not signed] S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation) S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-06-18] (Advanced Micro Devices) R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2007-08-29] (Atheros Communications, Inc.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206312 2016-04-13] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2016-04-13] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2016-04-13] (ESET) R3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) U2 CertPropSvc; no ImagePath S4 IntelIde; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U4 WinDefend; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-02 13:38 - 2016-05-02 13:38 - 01728000 _____ (Farbar) C:\Documents and Settings\Utente\Desktop\FRST.exe 2016-05-02 13:38 - 2016-05-02 13:38 - 00018119 _____ C:\Documents and Settings\Utente\Desktop\FRST.txt 2016-05-02 13:38 - 2016-05-02 13:38 - 00000000 ____D C:\FRST 2016-05-02 11:42 - 2016-05-02 11:42 - 00108656 _____ C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2016-05-02 11:19 - 2016-05-02 11:19 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\TeamViewer 2016-05-02 11:18 - 2016-05-02 11:18 - 05044584 _____ (TeamViewer) C:\Documents and Settings\Utente\Desktop\TeamViewerQS_it-idcbft9wzh.exe 2016-05-02 10:51 - 2016-05-02 10:51 - 00014045 _____ C:\Documents and Settings\Utente\Desktop\rubrica.csv 2016-05-02 10:30 - 2016-05-02 10:30 - 00001781 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome.lnk 2016-05-02 10:30 - 2016-05-02 10:30 - 00001775 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2016-05-02 10:27 - 2016-05-02 10:27 - 00987728 _____ (Google Inc.) C:\Documents and Settings\Utente\Desktop\ChromeSetup.exe 2016-05-02 10:19 - 2016-05-02 10:19 - 00150410 _____ C:\Documents and Settings\Utente\Desktop\bookmarks_02_05_16.html 2016-05-02 10:10 - 2016-05-02 10:12 - 00000314 _____ C:\Documents and Settings\Utente\Desktop\dati.txt 2016-05-02 09:57 - 2016-05-02 09:59 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-02 09:57 - 2016-05-02 09:57 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware 2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware 2016-05-02 09:57 - 2016-05-02 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes 2016-05-02 09:57 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-05-02 09:57 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-05-02 09:56 - 2016-05-02 09:56 - 22851472 _____ (Malwarebytes ) C:\Documents and Settings\Utente\Desktop\mbam-setup-2.2.1.1043.exe 2016-05-02 09:48 - 2016-05-02 09:48 - 03615296 _____ C:\Documents and Settings\Utente\Desktop\adwcleaner_5.115.exe 2016-04-28 11:58 - 2016-04-28 11:58 - 01634584 _____ C:\Documents and Settings\Utente\Desktop\Trimestre 2016.pdf 2016-04-27 17:29 - 2016-04-27 17:29 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\ESET 2016-04-16 11:32 - 2016-04-16 11:32 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEONARDO 2016-04-13 13:31 - 2016-04-13 13:31 - 00206312 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys 2016-04-13 13:31 - 2016-04-13 13:31 - 00146024 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys 2016-04-13 13:31 - 2016-04-13 13:31 - 00127496 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwtdir.sys 2016-04-12 19:25 - 2016-04-12 19:25 - 00002607 _____ C:\Documents and Settings\Utente\Desktop\ritirocertificato.zip 2016-04-12 17:32 - 2016-04-14 17:31 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\DISCIPLINARE 2016-04-07 09:56 - 2016-04-07 09:56 - 00252349 _____ C:\Documents and Settings\Utente\Desktop\tuttocitta.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-02 13:38 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Temp 2016-05-02 13:00 - 2011-12-19 18:30 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-02 11:42 - 2008-11-14 20:28 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt 2016-05-02 11:42 - 2008-10-25 01:21 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni 2016-05-02 11:42 - 2008-10-25 00:50 - 00000000 ____D C:\Documents and Settings\Utente 2016-05-02 11:41 - 2011-12-19 18:30 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-02 11:41 - 2008-10-25 00:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-02 11:40 - 2008-10-25 00:50 - 00032616 ____N C:\WINDOWS\SchedLgU.Txt 2016-05-02 11:40 - 2008-10-25 00:50 - 00000306 ___SH C:\Documents and Settings\Utente\ntuser.ini 2016-05-02 10:30 - 2008-10-28 18:59 - 00000000 ____D C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google 2016-05-02 10:30 - 2008-10-25 02:30 - 00000000 ___RD C:\Programmi 2016-05-02 10:30 - 2008-10-25 02:29 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi 2016-05-02 10:29 - 2008-10-28 18:59 - 00000000 ____D C:\Programmi\Google 2016-05-02 10:29 - 2008-10-27 12:00 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Mozilla 2016-05-02 10:16 - 2015-12-01 19:43 - 00000194 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2016-05-02 10:15 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Impostazioni locali\Temp 2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Programmi\Avira 2016-05-02 10:14 - 2015-03-20 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Avira 2016-05-02 10:14 - 2008-10-25 02:20 - 00000000 ____D C:\WINDOWS\PeerNet 2016-05-02 10:13 - 2013-10-15 19:34 - 00754504 _____ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat 2016-05-02 10:13 - 2008-10-25 00:50 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni 2016-05-02 09:57 - 2008-10-25 02:27 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni 2016-05-02 09:55 - 2008-10-25 02:30 - 01073550 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-02 09:55 - 2007-10-29 14:00 - 00479236 _____ C:\WINDOWS\system32\perfh010.dat 2016-05-02 09:55 - 2007-10-29 14:00 - 00079720 _____ C:\WINDOWS\system32\perfc010.dat 2016-05-02 09:50 - 2013-10-25 18:15 - 00000000 ____D C:\AdwCleaner 2016-05-02 09:47 - 2015-12-01 19:43 - 00000000 __RHD C:\Documents and Settings\Administrator\Dati applicazioni 2016-05-02 09:47 - 2015-03-20 19:28 - 00000000 ____D C:\Documents and Settings\Utente\Dati applicazioni\Avira 2016-05-02 09:47 - 2015-03-20 19:23 - 00000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Avira 2016-05-02 09:41 - 2015-12-01 19:43 - 00000000 ____D C:\Documents and Settings\Administrator 2016-05-01 19:32 - 2007-10-29 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl 2016-04-30 11:30 - 2009-07-16 10:28 - 00001667 _____ C:\WINDOWS\1way.ini 2016-04-29 09:47 - 2010-11-10 12:08 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PUC ALASSIO e ONERI 2016-04-28 11:41 - 2015-03-20 19:30 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2016-04-28 11:37 - 2008-10-25 00:44 - 00000000 ____D C:\WINDOWS\Registration 2016-04-28 11:27 - 2008-10-25 18:45 - 00002442 _____ C:\Documents and Settings\Utente\Desktop\Word .lnk 2016-04-28 08:16 - 2015-12-01 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\NoAdware 2016-04-27 18:39 - 2015-03-24 18:53 - 00000000 ____D C:\Programmi\NoAdware5.0 2016-04-27 17:31 - 2008-10-25 02:20 - 00000000 ___HD C:\WINDOWS\inf 2016-04-22 10:21 - 2015-04-30 09:01 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\SICUREZZA 2016-04-21 09:31 - 2008-10-29 17:34 - 00000069 _____ C:\WINDOWS\NeroDigital.ini 2016-04-19 18:00 - 2012-09-13 18:44 - 00000920 _____ C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat 2016-04-19 18:00 - 2008-10-25 00:50 - 00000000 __RHD C:\Documents and Settings\Utente\Dati applicazioni 2016-04-15 17:36 - 2014-11-19 10:06 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\CLIENTI 2016-04-15 08:48 - 2013-10-29 12:54 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Package Cache 2016-04-08 11:47 - 2014-09-24 16:04 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\LEGGI DETRAZIONE TARIFFARIO 2016-04-05 15:52 - 2014-09-11 12:24 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\PTCP 2016-04-05 08:31 - 2011-04-27 18:57 - 00000000 ____D C:\Documents and Settings\Utente\Desktop\FAUSTO ==================== Files in the root of some directories ======= 2009-11-17 19:07 - 2009-11-17 19:07 - 0021935 _____ () C:\Programmi\FirmaVerifica2.1_InstallLog.log 2014-11-28 12:28 - 2014-11-28 12:31 - 155536928 _____ () C:\Programmi\OOo_3.3.0_Win_x86_install-wJRE_it.exe 2012-09-13 18:44 - 2016-04-19 18:00 - 0000920 _____ () C:\Documents and Settings\Utente\Dati applicazioni\wklnhst.dat 2015-12-01 17:58 - 2015-12-01 18:35 - 0002219 ____H () C:\Documents and Settings\Utente\Dati applicazioni\xpy.ini 2008-11-03 10:51 - 2014-05-29 18:12 - 0024064 _____ () C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Impostazioni locali\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
