Accedi per seguire   
Seguaci 0
lorenzetto23

Pc Instabile,ho Usato Combofix Ma Vorrei Un Parere Dai Più Esperti

21 messaggi in questa discussione

Ciao a tutti,è ormai un mesetto che il mio notebook Vaio Vpcec2m1e mi crea non pochi problemi,sia all'accensione(tempi di caricamento molto lunghi per rendersi operativo)sia durante l'uso(le pagine si aprono lente,anche ora mentre scrivo qui sul forum mi si blocca temporaneamente la scrittura,quando passo da una finestra all'altra ci sono dei momenti di blocco totale),leggendo qua e là sul forum,ho pensato di fare un'analisi con Combofix di cui vi allego il log,ora visto e considerato che il problema non mi sembra migliorato,vorrei chiedere se ho fatto tutto bene(ho disattivato antivirus,e connessione internet)e se quelle chiavi che ha messo in quarantena sono eliminabili oppure no. A me non sembra aver ricevuto grande beneficio per ora(ho anche riavviato,perché prima del riavvio se cliccavo sulle icone di Chrome o Esplora risorse mi diceva che la chiave era stata spostata/eliminata,dopo il riavvio però sembra tutto tornato ok).

C'è qualcuno che sa confermarmi innanzitutto se posso procedere con la disinstallazione di combofix(viste le chiavi che lui considera infette),e consigliarmi come procedere eventualmente in maniera più efficace?

Grazie molte a presto,Lorenzo

P.s. Ho creato un punto di ripristino dopo aver fatto l'analisi con Combofix

log combofix.txt

Modificato da lorenzetto23

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto

Non hai sbagliato nulla a parte il fatto di aver eseguito Combofix senza essere istruito a farlo.

Da questo momento non azzardare azioni di nessun genere, salvo se istruito a farlo da me, Ok!! Andiamo.

Scaricare ed eseguire DDS

Ho bisogno di vedere alcune informazioni riguardo la vostra macchina. Si prega di eseguire quanto segue:

  • Scaricare DDS by sUBs da uno dei seguenti links. Salvalo sul tuo desktop.

    [*]Doppio click sull'icona di DDS , per eseguirlo.

    [*]Verra' visualizzato a schermo un piccolo box, con all'interno tutte le spiegazioni circa il tool in esecuzione. Non e' necessario nessun intervento, la scansione è in esecuzione

    [*]Al termine si aprira' un blocco note con i risultati della scansione.

    [*]Seguire le istruzioni che compaiono per la pubblicazione dei risultati, quindi fare clic su Ok.

    [*]Si prega di salvare entrambi i file di log sul desktop e allegare secondo le istruzioni.

ATTENZIONE: Potrebbe essere necessario disabilitare temporaneamente tutte le protezioni, come AV e Firewall se la scansione non dovesse riuscire

Dopo il download del tool, disconnettersi da internet e disabilitare antivirus e firewall .

Eseguire la scansione.

Abilitare AV e FW e riconnettersi ad internet.

Informazioni sulla temporanea disabilitazione del AV si possono trovare QUI'

Dopo

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega il file compresso nella tua prossima risposta .

Attenzione, non allegare i log, a parte MBR.dat ma copia incolla il contenuto di ognuno di essi

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Grazie Mr 4011 della risposta e dell'assistenza,fatto tutto come richiesto ti allego di seguito i log di dds

attach;

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 15/07/2010 14:11:36

System Uptime: 14/02/2013 11:49:53 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | N/A | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 202,358 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

G: is CDROM ()

I: is CDROM ()

J: is CDROM ()

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {5c69eefe-3c1e-44ef-8501-f475f902fca7}

Description: USB Protection Device

Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0000

Manufacturer: SIA Syncrosoft

Name: USB Protection Device

PNP Device ID: ROOT\SYNCROSOFT_PROTECTION_DEVICE\0000

Service: SynasUSB

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS

Adobe Reader 9.5.2 - Italiano

Alice MOBILE_MT503HSA

Alps Pointing-device for VAIO

AmpegSVX

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 3

ASIO4ALL

ATI Catalyst Install Manager

µTorrent

aTube Catcher

Audacity 2.0

Batman: Arkham Asylum

Bonjour

CamStudio

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Creative ALchemy Universal

D3DX10

Defraggler

EAX™ Unified (SHELL)

eMule

Evernote

F1 2010

FIFA 12 © EA version 1

FINAL FANTASY VIII

FM Screen Capture Codec (Remove Only)

Focusrite Scarlett Plug-in Suite 1.1

Focusrite USB 2.0 Audio Driver 2.1

Gestione alimentazione VAIO

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Grand Theft Auto IV

Impostazioni di Programma di monitoraggio contenuto VAIO

Impostazioni funzioni originali VAIO

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

iTunes

Java Auto Updater

Java™ 6 Update 16 (64-bit)

Java™ 6 Update 20

Java™ 6 Update 37

Junk Mail filter update

Kaspersky Anti-Virus 2010

L.A. Noire

Live 8.0.1

ManyCam 2.6.1 (remove only)

Media Gallery

Mesh Runtime

Messenger Companion

MetalGearSolid2 Substance

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

Microsoft .NET Framework 4 Client Profile ITA Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft MPEG-4 VKI Video Codec V1/V2/V3

Microsoft Office 2010

Microsoft Office a portata di clic 2010

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office Starter 2010 - Italiano

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Compact 3.5 SP1 x64 English

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Xbox 360 Accessories 1.2

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MusicStation

Native Instruments Controller Editor

Native Instruments Guitar Rig 4

Native Instruments Service Center

NBA 2K13

neroxml

NVIDIA PhysX

OpenAL

OpenOffice.org 3.2

Pacchetto driver Windows - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883)

PartyPoker.it

PC Sync

PCSX2 - Playstation 2 Emulator

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

PokerStars.it

Prince of Persia T2T

Quick Web Access

Raccolta foto di Windows Live

Rapture3D 2.4.4 Game

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Remote Keyboard

Resident Evil 5

Rockstar Games Social Club

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Setting Utility Series

Setup_msm_VCMS_x64

Setup_msm_VOFS_x64

Setup_VEP_x64_Contain_SSDB

Skype Click to Call

Skype™ 6.1

Sonnox Oxford R3 Dynamics Native VST v1.3.1

Sonnox Oxford R3 Dynamics PowerCore VST v1.3.1

Steinberg Cubase 5

Supporto trasferimento VAIO

Syncrosoft License Control

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Utility Configurazione iPhone

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Tastiera remota

VAIO Care

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Intelligent Network Service Manager

VAIO Content Metadata Manager Settings

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data

VAIO Entertainment Platform

VAIO Event Service

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Marketing Tools

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Movie Story Template Data

VAIO Personalization Manager

VAIO Premium Partners

VAIO screensaver

VAIO Smart Network

VAIO Update

VAIO Update Merge Module x64

VAIO Wallpaper Contents

VC80CRTRedist - 8.0.50727.6195

Visualizzatore di Microsoft PowerPoint

VLC media player 1.1.11

VU5x64

VU5x86

Wajam

WIDCOMM Bluetooth Software

Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR gestione archivi

.

==== End Of File ===========================

dds;

.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Lorenzo at 12:45:11 on 2013-02-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3950.255 [GMT 1:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Windows\SysWOW64\SupportAppXL\onda_mon.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32 askhost.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32 askeng.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\eMule\emule.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Users\Lorenzo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32 askeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

mSearch Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Guida per l'accesso a Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Lorenzo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VOIXIO~1.LNK - C:\Program Files (x86)\Voixio Communicator\Voixio Communicator.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Playlist - C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314

IE: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\14E64627F69646140543532393 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\14E64627F69646140543532393A7 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\B6163656E6B61613 : DHCPNameServer = 10.0.0.138

TCP: Interfaces\{B88FF334-7DE4-4327-8B9E-97508A7EB68E} : DHCPNameServer = 213.230.155.10 213.230.130.222

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-20 55856]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-8 202752]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-19 13336]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]

R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;C:\Windows\System32\SupportAppXL\onda_mon.exe --> C:\Windows\System32\SupportAppXL\onda_mon.exe [?]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-5-19 93696]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-5-19 75776]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-29 259192]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-20 104960]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-15 2320920]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-10-6 845312]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-20 19968]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-19 56344]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-19 11392]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-20 571248]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-11-29 44736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-19 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-5-19 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-19 35104]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-2-15 99384]

S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2011-12-1 57688]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-5 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-19 151936]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-19 244736]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\Windows\System32\drivers\ONDAusbmdm6k.sys [2011-9-4 150656]

S3 ONDAusbnet;ONDA USB-NDIS miniport;C:\Windows\System32\drivers\ONDAusbnet.sys [2011-9-4 167424]

S3 ONDAusbnmea;ONDA NMEA Port;C:\Windows\System32\drivers\ONDAusbnmea.sys [2011-9-4 150656]

S3 ONDAusbser6k;ONDA Diagnostic Port;C:\Windows\System32\drivers\ONDAusbser6k.sys [2011-9-4 150656]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-2-15 203320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-1 59392]

S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-8-18 21200]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-15 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-02-13 12:40:25 -------- d-----w- C:\$RECYCLE.BIN

2013-02-13 12:15:23 98816 ----a-w- C:\Windows\sed.exe

2013-02-13 12:15:23 256000 ----a-w- C:\Windows\PEV.exe

2013-02-13 12:15:23 208896 ----a-w- C:\Windows\MBR.exe

2013-02-13 12:14:54 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 12:14:53 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 11:55:30 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 11:55:29 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 11:55:29 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 11:55:23 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 11:55:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 11:55:20 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 11:55:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 11:55:20 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 11:55:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 11:55:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 11:55:17 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 11:55:17 1913192 ----a-w- C:\Windows\System32\drivers cpip.sys

2013-02-12 11:46:56 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E44C5C06-9BF3-4518-9C08-643312394865}\mpengine.dll

2013-02-11 23:24:17 -------- d-----w- C:\Program Files (x86)\PokerStars.IT

2013-02-11 18:08:58 -------- d--h--w- C:\Windows\SysWow64\CyberInstallerUninstallerSystem

2013-02-11 18:07:18 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL

2013-02-11 18:07:18 53248 ----a-w- C:\Windows\SysWow64\zlib.dll

2013-02-11 18:07:17 440352 ----a-w- C:\Windows\SysWow64\MSHFLXGD.OCX

2013-02-11 18:07:17 260880 ----a-w- C:\Windows\SysWow64\MSFLXGRD.OCX

2013-02-11 18:07:17 212240 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX

2013-02-11 18:07:16 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx

2013-02-11 18:07:16 1071088 ----a-w- C:\Windows\SysWow64\mscomctl.OCX

2013-02-11 18:05:17 -------- d-----w- C:\Users\Lorenzo\AppData\Roaming\CyberInstaller Studio 2008

2013-02-11 13:39:13 59904 ----a-w- C:\Windows\SysWow64\wbemdisp.tlb

2013-02-09 11:57:14 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1603C575-DE0E-4DC1-AC4B-24F18AA993C3}

2013-02-09 11:57:12 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{460E7E9D-9010-4CD6-BE5B-0ED8FC2B4E95}

2013-02-09 11:57:10 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A99423B3-61B7-4057-B0EE-29FEDCF4E625}

2013-02-09 11:52:21 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9DDD206B-EEB3-4930-8633-0BCF0E12489F}

2013-02-09 11:52:21 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{289C471C-B3CA-4D45-B9F6-C7ABF6FFD997}

2013-02-09 11:52:21 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{00F3AECA-6FA1-4456-82B8-CD2B190E63C5}

2013-02-09 11:52:17 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B91D4286-466C-494D-A8C4-A6C4DA97613B}

2013-02-09 11:52:17 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B3C8205A-B022-43A4-AE57-5DE9C9BCF7E5}

2013-02-09 11:52:17 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{91B61A70-7BDB-40FD-B613-B8A61CD2249C}

2013-02-09 11:52:13 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A46B1C0B-0D86-4BC8-979A-66B931270C9C}

2013-02-09 11:52:13 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7EB8A378-EDE8-41C3-B41E-CA2BA4B4DD9B}

2013-02-09 11:52:13 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{03D4F668-E1CA-4527-921D-D7B269679B89}

2013-02-08 18:06:54 45056 ----a-w- C:\Windows\SysWow64\Synsopos.exe

2013-02-08 18:06:50 401462 ----a-w- C:\Windows\SysWow64 emp.000

2013-02-08 18:06:45 147456 ----a-w- C:\Windows\SysWow64\SynsoLChk.dll

2013-02-08 18:06:44 757760 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2013-02-08 18:06:44 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2013-02-02 13:42:22 -------- d-----w- C:\Users\Lorenzo\AppData\Local\{85FB48D5-6742-478D-BF82-791892C65C50}

2013-01-30 11:55:12 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

.

==================== Find3M ====================

.

2013-02-09 18:50:49 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-09 18:50:48 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-21 01:01:12 0 ----a-w- C:\Windows\SysWow64\sho793D.tmp

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-05 15:00:32 0 ----a-w- C:\Windows\SysWow64\sho530B.tmp

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32 askhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-18 01:22:57 0 ----a-w- C:\Windows\SysWow64\sho5F9.tmp

.

============= FINISH: 12:45:50,86 ===============

E' tutto...penso! Grazie e a presto!

aswMBR.rar

Modificato da lorenzetto23

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto

E' tutto...penso! Grazie e a presto!

:blink1: Non lo so, fai tu.

Prova a dare un'occhiata ai due log e dimmi se noti qualche stranezza.

Io direi di si.

Hai postato due Attach.txt, ne bastava uno e il DDS.txt?

Inoltre non vedo aswMBR log.

Rileggi le istruzioni che ti ho dato e posta i log correttamente, in modo che io possa analizzarli.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il mio computer va sempre peggio! C'è nessuno che possa aiutarmi!?

Purtroppo io mi aspettavo una nuova risposta da te, l'edit non viene segnalato come nuova risposta, quindi io non sapevo che avevi postato i log giusti.

Fammi controllare i log e poi ritorno da te

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao lorenzetto

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

Dopo

Scarica Combofix da uno di questi due link:

Link 1

Link 2

* IMPORTANTE- Salva ComboFix.exe sul tuo Desktop

====================================================

Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni (in Inglese) disponibili a questo link : Come disabilitare i programmi di sicurezza

====================================================

Doppio click su combofix.exe & seguire le istruzioni

Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mr,grazie della risposta intanto,ti volevo chiedere solo una cosa prima di procedere,io come ti ho detto avevo fatto la scansione con combofix,ma l'ho tenuto installato con la sua relativa cartella di quarantena,quando vado a fare la procedura da te proposta come faccio?disinstallo il vecchio e la relativa cartella o rischio qualcosa e quindi mi rimetto tutte le chiavi in quarantena al loro posto?(se dovessi procedere in tal senso mi potresti spiegare come fare a farlo per piacere?)

Grazie a presto

Modificato da lorenzetto23

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Scusami lorenzo ho fatto un po di confusione.

Fai semplicemente doppio click per eseguire combofix, ma ricorda prima di eseguirlo di disattivare i programmi di sicurezza

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mr,ti allego il log di combofix,ho riscontrato un problema però...quando vado a riattivare windows defender,e clicco sull'icona mi dice"E' stata tentata un'operazione non consentita su una chiave di registro di sistema segnata per l'eliminazione".

Come faccio a riattivare Windows defender?

Grazie a presto!

log combo.txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il primo tentativo che posso suggerire è un sano riavvio del PC, tentando di verificare se Windows Defender ritorna in linea come dovrebbe.

Il secondo tentativo (che però vorrei che venisse approvato da parte di Mr 4011, visto che è lui che sta gestendo il malware removing) è applicare questo FixIt se dopo il riavvio con Windows Defender hai degli errori.

Nello specifico

Codice di errore 0x800106ba: impossibile inizializzare l'applicazione
o
Codice di errore 0x800106ba: la licenza del sistema è scaduta. La richiesta di accesso viene negata.

Mi raccomando: attendi il benestare di Mr 4011 per applicare il FixIt. Ma verifica anche che gli errori siano gli stessi che ti vengono riportati qui sopra.

Altrimenti, non eseguire il fixit!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto,

Nel tuo post, manca il log di AdwCleaner, Eseguilo come spiegato in post 8.

Poi segui questi passi:

Con il mouse, trascina l'icona di Combofix nel cestino, poi fai tasto destro> svuota cestino

Scarica Combofix da uno di questi due link:

Link 1

Link 2

* IMPORTANTE- Salva ComboFix.exe sul tuo Desktop

====================================================

Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni (in Inglese) disponibili a questo link : Come disabilitare i programmi di sicurezza

====================================================

Doppio click su combofix.exe & seguire le istruzioni

Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mr,

Allora,log di Adw Cleaner;

# AdwCleaner v2.112 - Logfile creato il 21/02/2013 alle 14:50:26

# Aggiornamento 10/02/2013 by Xplode

# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)

# Utente : Lorenzo - OLIVER

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\Lorenzo\Downloads\AdwCleaner.exe

# Opzioni [Elimina]

***** [servizi] *****

Fermato & Eliminato : WajamUpdater

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\Conduit

Cartella Eliminato : C:\Program Files (x86)\Wajam

Cartella Eliminato : C:\ProgramData\Partner

Cartella Eliminato : C:\Users\Lorenzo\AppData\Local\Conduit

Cartella Eliminato : C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Cartella Eliminato : C:\Users\Lorenzo\AppData\Local\OpenCandy

Cartella Eliminato : C:\Users\Lorenzo\AppData\Local\Wajam

Cartella Eliminato : C:\Users\Lorenzo\AppData\LocalLow\Conduit

Cartella Eliminato : C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registro] *****

Chiave Eliminata : HKCU\Software\1ClickDownload

Chiave Eliminata : HKCU\Software\APN PIP

Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Chiave Eliminata : HKCU\Software\cacaoweb

Chiave Eliminata : HKCU\Software\Conduit

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKCU\Software\Softonic

Chiave Eliminata : HKCU\Software\Wajam

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2801948

Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2851640

Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Chiave Eliminata : HKLM\SOFTWARE\Classes\wajam.WajamBHO

Chiave Eliminata : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1

Chiave Eliminata : HKLM\SOFTWARE\Classes\wajam.WajamDownloader

Chiave Eliminata : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1

Chiave Eliminata : HKLM\Software\Conduit

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Chiave Eliminata : HKLM\Software\PIP

Chiave Eliminata : HKLM\Software\Wajam

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam

Chiave Eliminata : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [browser Internet] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registro Pulito.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[s1].txt - [4989 octets] - [21/02/2013 14:50:26]

########## EOF - C:\AdwCleaner[s1].txt - [5049 octets] ##########

e log di combofix eseguito dopo Adw Cleaner ;

ComboFix 13-02-22.01 - Lorenzo 22/02/2013 15:23:54.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3950.444 [GMT 1:00]

Eseguito da: c:\users\Lorenzo\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-22 al 2013-02-22 )))))))))))))))))))))))))))))))))))

.

.

2013-02-22 14:38 . 2013-02-22 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-22 11:04 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CB05A54-07C3-444A-AC9D-3CF6478DC236}\mpengine.dll

2013-02-19 19:09 . 2013-02-19 19:09 0 ----a-w- c:\windows\SysWow64\sho95F9.tmp

2013-02-19 09:49 . 2013-02-21 14:28 -------- d-----w- c:\users\Lorenzo\AppData\Local\CrashDumps

2013-02-17 02:03 . 2013-02-17 02:03 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\TechSmith

2013-02-17 02:02 . 2013-02-17 02:02 -------- d-----w- c:\users\Lorenzo\AppData\Local\TechSmith

2013-02-17 01:57 . 2013-02-17 01:57 -------- d-----w- c:\program files (x86)\QuickTime

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\programdata\TechSmith

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\program files (x86)\TechSmith

2013-02-13 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 12:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 12:08 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll

2013-02-13 12:08 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-13 11:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 11:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 11:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 11:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 11:55 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 11:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 11:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 11:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 11:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 11:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 11:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 11:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-11 23:24 . 2013-02-11 23:25 -------- d-----w- c:\program files (x86)\PokerStars.IT

2013-02-11 18:08 . 2013-02-11 18:08 -------- d--h--w- c:\windows\SysWow64\CyberInstallerUninstallerSystem

2013-02-11 18:07 . 1998-06-17 22:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL

2013-02-11 18:07 . 1998-03-26 00:12 53248 ----a-w- c:\windows\SysWow64\zlib.dll

2013-02-11 18:07 . 2004-03-08 22:00 440352 ----a-w- c:\windows\SysWow64\MSHFLXGD.OCX

2013-02-11 18:07 . 2004-03-08 22:00 260880 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX

2013-02-11 18:07 . 2004-03-08 22:00 212240 ----a-w- c:\windows\SysWow64\RICHTX32.OCX

2013-02-11 18:07 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\mscomctl.OCX

2013-02-11 18:07 . 2004-03-08 22:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2013-02-11 18:07 . 2002-10-05 22:46 376832 ----a-w- c:\windows\SysWow64\actskin4.ocx

2013-02-11 18:05 . 2013-02-11 18:05 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\CyberInstaller Studio 2008

2013-02-11 13:39 . 2004-08-05 12:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1603C575-DE0E-4DC1-AC4B-24F18AA993C3}

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{460E7E9D-9010-4CD6-BE5B-0ED8FC2B4E95}

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A99423B3-61B7-4057-B0EE-29FEDCF4E625}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9DDD206B-EEB3-4930-8633-0BCF0E12489F}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{289C471C-B3CA-4D45-B9F6-C7ABF6FFD997}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{00F3AECA-6FA1-4456-82B8-CD2B190E63C5}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B91D4286-466C-494D-A8C4-A6C4DA97613B}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B3C8205A-B022-43A4-AE57-5DE9C9BCF7E5}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{91B61A70-7BDB-40FD-B613-B8A61CD2249C}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A46B1C0B-0D86-4BC8-979A-66B931270C9C}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7EB8A378-EDE8-41C3-B41E-CA2BA4B4DD9B}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{03D4F668-E1CA-4527-921D-D7B269679B89}

2013-02-08 18:06 . 2006-01-29 11:48 45056 ----a-w- c:\windows\SysWow64\Synsopos.exe

2013-02-08 18:06 . 2006-01-29 11:48 401462 ----a-w- c:\windows\SysWow64\temp.000

2013-02-08 18:06 . 2006-01-29 11:48 147456 ----a-w- c:\windows\SysWow64\SynsoLChk.dll

2013-02-08 18:06 . 2013-02-08 18:09 -------- d-----w- c:\program files (x86)\Syncrosoft

2013-02-08 18:06 . 2007-02-23 12:57 757760 ----a-w- c:\windows\SysWow64\SYNSOACC.dll

2013-01-30 11:55 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL

2013-01-28 15:36 . 2013-01-28 15:36 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-13 13:32 . 2010-07-15 14:02 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-09 18:50 . 2012-09-07 20:31 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-09 18:50 . 2011-09-17 21:08 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-17 00:28 . 2010-09-07 20:35 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-04 04:43 . 2013-02-13 11:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-21 01:01 . 2012-12-21 01:01 0 ----a-w- c:\windows\SysWow64\sho793D.tmp

2012-12-16 17:11 . 2012-12-22 01:47 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 01:47 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 01:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 01:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 11:50 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 11:50 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 11:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 11:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 11:50 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 11:50 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 11:50 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 11:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 11:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 11:50 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 11:50 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 11:50 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 11:50 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 11:50 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 11:50 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 11:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 11:50 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 11:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 11:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 11:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 11:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 11:50 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 11:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 11:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 11:50 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 11:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-05 15:00 . 2012-12-05 15:00 0 ----a-w- c:\windows\SysWow64\sho530B.tmp

2012-11-30 05:45 . 2013-01-09 11:49 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 11:49 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 11:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 11:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 11:49 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 11:49 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 11:49 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 39408]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2012-01-13 340520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Voixio Communicator.lnk - c:\program files (x86)\Voixio Communicator\Voixio Communicator.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-24 113664]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-12-01 20:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [x]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]

R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-07-07 57688]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-09-16 150656]

R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2008-09-16 167424]

R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-09-16 150656]

R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-09-16 150656]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]

R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-08-18 21200]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-05 834544]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 18:50]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 09:18]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 09:18]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888985583-17482544-4123605646-1001Core.job

- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 14:12]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888985583-17482544-4123605646-1001UA.job

- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 14:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-20 171520]

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

uInternet Settings,ProxyOverride = *.local

IE: Add to Playlist - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314

IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

AddRemove-FINAL FANTASY VIII - c:\windows\IsUn0410.exe

AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}\Traktor Setup PC.exe

AddRemove-{F4E3B11A-863A-4ACE-8259-91C562EFEC25}_is1 - h:\resident evil 5\Uninstall\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\SecuROM\License information*]

"datasecu"=hex:49,21,a0,31,49,6a,86,e6,1b,21,8f,71,31,ae,53,30,11,af,b2,d2,f0,

90,67,a6,78,4e,37,f7,dc,59,ed,c3,c5,95,8c,09,95,64,0f,ef,85,12,3e,6f,14,b0,\

"rkeysecu"=hex:53,77,a7,34,63,c2,96,32,43,d4,84,36,0e,30,7c,6c

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-02-22 15:43:45

ComboFix-quarantined-files.txt 2013-02-22 14:43

ComboFix2.txt 2013-02-20 15:37

ComboFix3.txt 2013-02-20 15:18

ComboFix4.txt 2013-02-13 12:48

.

Pre-Run: 214.786.170.880 byte disponibili

Post-Run: 214.479.065.088 byte disponibili

.

- - End Of File - - 5ABFE13DF3BCD6732E782E8DACCA89AB

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

 
File::
c:\windows\SysWow64\sho95F9.tmp
c:\windows\SysWow64\sho793D.tmp
c:\windows\SysWow64\sho530B.tmp

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

=================================================

Scarica TFC sul tuo desktop

  • Chiudere tutte le finestre aperte.
  • Doppio click su TFC per eseguire il programma
  • TFC chiuderà tutti i programmi aperti per poter eseguirsi,
  • Click Start per iniziare il processo.
  • Consentire a TFC di essere eseguito senza interruzioni.
  • Il programma non dovrebbe impiegare troppo tempo per finire il suo lavoro
  • Una volta terminato, il PC si dovrebbe riavviare automaticamente
  • In caso contrario, riavviare manualmente per completare il processo di pulizia

==================================================

ESET on-line scan

Eseguire una scansione con ESET Online Scanner

Nota: Sarà necessario utilizzare Internet Explorer per questa scansione .

  • Selezionare la casella accanto a Yes, I accept the Terms of Use.
  • Cliccare su Start
  • Quando richiesto consentire il controllo ActiveX per installare
  • Cliccare su Start
  • Assicurarsi che le opzioni Rimuovi minacce trovate e Scansione delle applicazioni indesiderate siano selezionate
  • Cliccare su Scan
    Attendere il termine della scansione
  • Usa Notepad per aprire il file di log situato in C:\Program Files\EsetOnlineScanner\log.txt
  • Copia/Incolla il log nella tua risposta successiva

==============================================

Si prega di scaricare . Malwarebytes 'Anti-Malware sul desktop

  • Doppio - click su mbam - setup .exe e seguire le istruzioni per installare il programma .
  • Alla fine dell'installazione, di default, un segno di spunta è posizionato accanto a Aggiorna Malwarebytes 'Anti -Malware e Avvia Malwarebytes ' Anti - Malware , quindi cliccare Fine .
  • Se un viene trovato un aggiornamento , verrà scaricato e installato .
  • Una volta che il programma e' stato caricato , selezionare Eseguire scansione rapida , poi cliccare Scan .
  • Quando la scansione è completa , cliccare OK , poi Mostra Risultati per visualizzare i risultati .
  • Siate sicuri che tutto sia selezionato , quindi cliccare Remove Selected .
  • Quando completato il tutto , si aprirà un log in blocco note .
  • I log possono essere trovati qui :
    C : \ Documents e Settings \ nome utente \ Dati Applicazioni \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \ log [data] txt .
    O in
    C: \ Programmi \ Malwarebytes ' Anti - Malware \ Logs \ log - data . txt
  • Posta il log nella tua prossima risposta

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mr,a fare la scansione con Eset ci ho messo parecchio,

Log di Combofix;

ComboFix 13-02-22.01 - Lorenzo 22/02/2013 19:08:29.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3950.2738 [GMT 1:00]

Eseguito da: c:\users\Lorenzo\Desktop\ComboFix.exe

Opzioni usate :: c:\users\Lorenzo\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\sho530B.tmp"

"c:\windows\SysWow64\sho793D.tmp"

"c:\windows\SysWow64\sho95F9.tmp"

.

.

((((((((((((((((((((((((( Files Creati Da 2013-01-22 al 2013-02-22 )))))))))))))))))))))))))))))))))))

.

.

2013-02-22 18:21 . 2013-02-22 18:21 -------- d-----w- c:\users\Default\AppData\Local emp

2013-02-22 11:04 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CB05A54-07C3-444A-AC9D-3CF6478DC236}\mpengine.dll

2013-02-19 19:09 . 2013-02-19 19:09 0 ----a-w- c:\windows\SysWow64\sho95F9.tmp

2013-02-19 09:49 . 2013-02-21 14:28 -------- d-----w- c:\users\Lorenzo\AppData\Local\CrashDumps

2013-02-17 02:03 . 2013-02-17 02:03 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\TechSmith

2013-02-17 02:02 . 2013-02-17 02:02 -------- d-----w- c:\users\Lorenzo\AppData\Local\TechSmith

2013-02-17 01:57 . 2013-02-17 01:57 -------- d-----w- c:\program files (x86)\QuickTime

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\programdata\TechSmith

2013-02-17 01:56 . 2013-02-17 01:56 -------- d-----w- c:\program files (x86)\TechSmith

2013-02-13 12:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 12:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 12:08 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll

2013-02-13 12:08 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-13 11:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 11:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 11:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 11:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 11:55 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 11:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 11:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 11:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 11:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 11:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 11:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers cpip.sys

2013-02-13 11:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-11 23:24 . 2013-02-11 23:25 -------- d-----w- c:\program files (x86)\PokerStars.IT

2013-02-11 18:08 . 2013-02-11 18:08 -------- d--h--w- c:\windows\SysWow64\CyberInstallerUninstallerSystem

2013-02-11 18:07 . 1998-06-17 22:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL

2013-02-11 18:07 . 1998-03-26 00:12 53248 ----a-w- c:\windows\SysWow64\zlib.dll

2013-02-11 18:07 . 2004-03-08 22:00 440352 ----a-w- c:\windows\SysWow64\MSHFLXGD.OCX

2013-02-11 18:07 . 2004-03-08 22:00 260880 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX

2013-02-11 18:07 . 2004-03-08 22:00 212240 ----a-w- c:\windows\SysWow64\RICHTX32.OCX

2013-02-11 18:07 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\mscomctl.OCX

2013-02-11 18:07 . 2004-03-08 22:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2013-02-11 18:07 . 2002-10-05 22:46 376832 ----a-w- c:\windows\SysWow64\actskin4.ocx

2013-02-11 18:05 . 2013-02-11 18:05 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\CyberInstaller Studio 2008

2013-02-11 13:39 . 2004-08-05 12:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1603C575-DE0E-4DC1-AC4B-24F18AA993C3}

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{460E7E9D-9010-4CD6-BE5B-0ED8FC2B4E95}

2013-02-09 11:57 . 2013-02-09 11:57 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A99423B3-61B7-4057-B0EE-29FEDCF4E625}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9DDD206B-EEB3-4930-8633-0BCF0E12489F}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{289C471C-B3CA-4D45-B9F6-C7ABF6FFD997}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{00F3AECA-6FA1-4456-82B8-CD2B190E63C5}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B91D4286-466C-494D-A8C4-A6C4DA97613B}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B3C8205A-B022-43A4-AE57-5DE9C9BCF7E5}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{91B61A70-7BDB-40FD-B613-B8A61CD2249C}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A46B1C0B-0D86-4BC8-979A-66B931270C9C}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7EB8A378-EDE8-41C3-B41E-CA2BA4B4DD9B}

2013-02-09 11:52 . 2013-02-09 11:52 -------- d-----w- c:\windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{03D4F668-E1CA-4527-921D-D7B269679B89}

2013-02-08 18:06 . 2006-01-29 11:48 45056 ----a-w- c:\windows\SysWow64\Synsopos.exe

2013-02-08 18:06 . 2006-01-29 11:48 401462 ----a-w- c:\windows\SysWow64 emp.000

2013-02-08 18:06 . 2006-01-29 11:48 147456 ----a-w- c:\windows\SysWow64\SynsoLChk.dll

2013-02-08 18:06 . 2013-02-08 18:09 -------- d-----w- c:\program files (x86)\Syncrosoft

2013-02-08 18:06 . 2007-02-23 12:57 757760 ----a-w- c:\windows\SysWow64\SYNSOACC.dll

2013-01-30 11:55 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL

2013-01-28 15:36 . 2013-01-28 15:36 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-13 13:32 . 2010-07-15 14:02 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-09 18:50 . 2012-09-07 20:31 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-09 18:50 . 2011-09-17 21:08 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-17 00:28 . 2010-09-07 20:35 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-04 04:43 . 2013-02-13 11:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-21 01:01 . 2012-12-21 01:01 0 ----a-w- c:\windows\SysWow64\sho793D.tmp

2012-12-16 17:11 . 2012-12-22 01:47 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 01:47 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 01:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 01:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-09 11:50 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 11:50 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 11:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 11:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 11:50 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 11:50 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 11:50 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 11:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 11:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 11:50 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 11:50 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 11:50 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 11:50 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 11:50 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 11:50 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 11:50 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 11:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 11:50 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 11:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 11:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 11:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 11:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 11:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 11:50 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 11:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 11:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 11:50 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 11:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-12-05 15:00 . 2012-12-05 15:00 0 ----a-w- c:\windows\SysWow64\sho530B.tmp

2012-11-30 05:45 . 2013-01-09 11:49 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 11:49 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 11:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 11:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 11:49 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 11:49 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-09 11:49 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 11:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 11:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 39408]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2012-01-13 340520]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Voixio Communicator.lnk - c:\program files (x86)\Voixio Communicator\Voixio Communicator.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-24 113664]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-12-01 20:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [x]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]

R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-07-07 57688]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-09-16 150656]

R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2008-09-16 167424]

R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-09-16 150656]

R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-09-16 150656]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]

R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2010-11-20 59392]

R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-08-18 21200]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-05 834544]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]

S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 18:50]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 09:18]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 09:18]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888985583-17482544-4123605646-1001Core.job

- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 14:12]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888985583-17482544-4123605646-1001UA.job

- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 14:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-20 171520]

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=google

uInternet Settings,ProxyOverride = *.local

IE: Add to Playlist - c:\program files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314

IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

AddRemove-FINAL FANTASY VIII - c:\windows\IsUn0410.exe

AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}\Traktor Setup PC.exe

AddRemove-{F4E3B11A-863A-4ACE-8259-91C562EFEC25}_is1 - h:\resident evil 5\Uninstall\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-888985583-17482544-4123605646-1001\Software\SecuROM\License information*]

"datasecu"=hex:49,21,a0,31,49,6a,86,e6,1b,21,8f,71,31,ae,53,30,11,af,b2,d2,f0,

90,67,a6,78,4e,37,f7,dc,59,ed,c3,c5,95,8c,09,95,64,0f,ef,85,12,3e,6f,14,b0,\

"rkeysecu"=hex:53,77,a7,34,63,c2,96,32,43,d4,84,36,0e,30,7c,6c

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-02-22 19:26:38

ComboFix-quarantined-files.txt 2013-02-22 18:26

ComboFix2.txt 2013-02-22 14:43

ComboFix3.txt 2013-02-20 15:37

ComboFix4.txt 2013-02-20 15:18

ComboFix5.txt 2013-02-22 18:06

.

Pre-Run: 214.312.587.264 byte disponibili

Post-Run: 214.228.545.536 byte disponibili

.

- - End Of File - - 052168A360B7F49455FDEC31A12FD3AA

Per quanto riguarda il log di Eset dopo la scansione(lunghissima)non ha trovato nessuna minaccia e l'unico log presente in quella cartella indicata riporta ciò;

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

(Ma non è stato creato dopo la scansione esisteva già!)

Il log di Malwarebytes invece è;

Malwarebytes Anti-Malware (Prova) 1.70.0.1100

www.malwarebytes.org

Versione database: v2013.02.23.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lorenzo :: OLIVER [amministratore]

Protezione: Attivata

23/02/2013 01:27:41

mbam-log-2013-02-23 (01-27-41).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 215790

Tempo impiegato: 4 minuti, 28 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

Sperando di aver fatto tutto bene ti saluto e ringrazio per il momento!

Modificato da lorenzetto23

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto,

hai fatto un buon lavoro

Ora fammi sapere come va il tuo pc e se ci sono altri problemi da rivedere :anna::ciao:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mr,allora il pc sembra andare meglio,fammelo usare una giornata e ti riscrivo domani per conferma,per il momento comunque sembra tutto liscio!

Grazie dell'assistenza :wink:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Mr,ergo...il pc non va per niente meglio all'inizio mi era sembrato più reattivo ma dopo appena 10 minuti di navigazione ha ricominciato a fare i capricci,si è prima bloccato sulla home di facebook/mentre scendevo con le notizie)poi aprendo altre pagine si è addirittura bloccato tutto per alcuni minuti,insomma continua ad avere minuti di blocco totale e specie quando si passa da una pagina all'altra di Chrome ad es. rimane bloccato sulla vecchia pagina e ci mette alcuni secondi per passare sull'altra... :cry4:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Lorenzetto

Io vedo che il tuo software java è di vecchia data . Quindi Start >>Pannello di Controllo >> Programmi e Funzionalita' >> disinstallare tutte le versioni di Java.

Ora scarica ed installa la nuova versione da quì http://java.com/en/download/index.jsp

-------------

Pulire Java Cache

Vedere questa pagina per ulteriori istruzioni su come pulire la cache di Java.

Portarsi in Pannello di Controllo e fare doppio click sull'icona di Java. (solitamente una tazza di caffè)

  • Sotto File temporanei di internet, cliccare sul tasto Impostazioni, quindi fare click su Elimina file
  • Ci sono tre opzioni nella finestra "Elimina file e Applicazioni" - Spuntarle tutte e 3

      File di trace e log
      Applicazioni e Applet inserite nella cache
      Applicazioni e Applet installate

  • Fare clic su OK nella finestra Elimina file temporanei
    Nota: Questo cancellerà TUTTE le applicazioni e le Applet dalla Cache.
  • Click OK per uscire dal pannello di controllo di Java.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao a tutti.

Volendo dire la mia , per me il rallentamento è dovuto ai numerosi servizi (che non utilizzi fra l'altro) che sono attivi nel sistema operativo stesso.

Fai start

nella casella di ricerca digita msconfig

aprilo

portati in servizi

spunta Nascondi servizi Microsoft

clicca Disabilita tutto

Applica->OK.

La situazione dovrebbe migliorare , ti anticipo che la lentezza e l'instabilita può dipendere anche dai tuoi componenti hardware

Non utilizzare Combofix come uno strumento qualsiasi come ti è stato detto , specie per risolvere "l'imputamento" del pc , anche perchè non fa miracoli.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0