mickele

C:\windows\pixart\pac207\monitor.exece

36 messaggi in questa discussione

ciao a tutti, ho trovato la voce in oggetto tra i processi in avvio automativo e , siccome non mi piace tanto volevo sapere di cosa si tratta e se malevole mi serviva una mano per farla fuori

ovviamnete un controllino generale è sempre gradito

ciao e grazie

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mickele,

ti suggerisco di caricare il file su Virustotal e vedere che risultati ti da'.

Se più di 4 "fonti" lo dichiarano infetto, io farei un giro di controllo con MalwareBytes Anti Malware o SuperAntiSpyware.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

ciao Pike, grazie della risposta.

su virustotal 0/35, dovrebbe trattarsi di qualcosa che ha a che fare con una vecchia webcam trust

in ogni caso allego log hijack (dimenticato di allegare prima) per un controllo generale in quanto ogni tanto mi si apre qualche fastidiosa finestra pubblicitaria

hijackthis.log

Modificato da mickele

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Conosco poco Win7 ma questa voce mi pare un po' sospetta:

C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe

Se hai modo controlla anche questo file su VirusTotal.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

eh si in effetti ssadp.exe su virustotal viene segnalato malevole da 10/47 qui ci sono i risultati come ci comportiamo?

mi sto attrezzando per OTL

Modificato da mickele

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

allegato log OTL (l'ho dovuto zippare in quanto le dimensioni originali non mi consentivano di allegarlo)

OTL.rar

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
eh si in effetti ssadp.exe su virustotal viene segnalato malevole da 10/47 qui ci sono i risultati come ci comportiamo?

Viene classificato come PUP o Adware, cioè un programma "non gradevole", ma non per questo malevolo.

Io gli farei prendere la via del cestino, ma in ogni caso è un "fastidio", non un pericolo.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mikele

Per favore, non allegare i log, fai copia incolla del loro contenuto

Inoltre, non vedo Extras.txt, allegalo nella tua prossima risposta

Avvia OTL.exe .

  • Copia e incolla il testo scritto all'interno del box quote in analisi personalizzate/correzioni .

:otl
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - prefs.js..browser.search.defaultenginename: "ChatZumSearch"
FF - prefs.js..browser.search.order.1: "ChatZumSearch"
FF - user.js - File not found
[2012/01/29 19:20:32 | 000,001,867 | ---- | M] () -- C:\Users\mikele\AppData\Roaming\mozilla\firefox\profiles\azwabnvp.default\searchplugins\findeer.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-4217405360-2350075151-1383066028-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
ipconfig /flushdns /c

:Commands
[EMPTYFLASH]
[RESETHOST]
[CREATERESTOREPOINT]
[REBOOT]

  • Quindi fare clic su Fix Run situato nella parte superiore.
  • Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.
    Postare il log che viene rilasciato [/List]
    Dopo
    Scarica AdwCleaner by Xplode sul tuo desktop
    Chiudere tutti i programmi e le pagine internet aperte.
    Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.
    Fare clic su Elimina.
    Confermare ogni volta con Ok.
    Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.
    Si prega di inviare il contenuto di tale file di log nela risposta successiva.
    È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..
    thisisujrt.gif Scarica Junkware Removal Tool sul desktop.
    • Arrestare il software di protezione ora per evitare potenziali conflitti
    • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
    • Lo strumento si apre e avvia la scansione del sistema.
    • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
    • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
    • Post i contenuti di JRT.txt nel messaggio successivo

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

1) credo, non conoscendo bene OTL di aver eseguito la prima parte di quanto suggeritomi da Mr4011; i dubbi mi sono sorti in quanto ho notato che ci sono delle impostazioni da settare e per quanto riguarda il box dove incollare il testo indicatomi per eseguire il ronfix (allego immagine per valutare le impostazioni da me scelte ed il box dove ho inserito il testo)

Inoltre dopo il runfix ed il riavvio di del computer OTL non mi ha rilasciato nessun Log e quindi ho provveduto ad effettuare una nuova scansione.

2) le operazioni le ho svolte sull’account di mio figlio, anch’esso con i diritti di amministratore, in quanto da questo account si riceve un messaggio che Avira Desktop è disattivato ma andando nel centro operativo non mi permette di attivarlo, anche se dalle icone dei programmi in esecuzione mi dice che è attivato (anche in questo caso allego un immagine per chiarire meglio il problema)

3) L’incriminato, mio figlio, mi ha riferito di avere erroneamente installato chatzum e di aver provveduto a disinstallare, non saprei dire in che termini e con quali risultati.

Procedo con la seconda parte delle scansioni e se ho sbagliato per quanto riguarda OTL sono pronto a rifare tutto dietro suggerimenti

vi ringrazio per la vostra pazienza e capacità a risolvere i miei problemi

i log li inserisco nelle prossime risposte in quanto , forse perchè troppo lunghi, se li incollo qui non mi fa inviare la risposta

post-5027-0-52503600-1368882082_thumb.jp

post-5027-0-73917900-1368882091_thumb.jp

Modificato da mickele

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

log extras

OTL Extras logfile created on: 18/05/2013 14:14:07 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARCO\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

7,98 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,80% Memory free

15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 310,22 Gb Total Space | 192,33 Gb Free Space | 62,00% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 108,36 Gb Free Space | 73,98% Space Free | Partition Type: NTFS

Drive E: | 7,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive K: | 91,31 Gb Total Space | 77,68 Gb Free Space | 85,08% Space Free | Partition Type: NTFS

Drive L: | 91,31 Gb Total Space | 88,55 Gb Free Space | 96,98% Space Free | Partition Type: NTFS

Drive M: | 91,31 Gb Total Space | 45,98 Gb Free Space | 50,36% Space Free | Partition Type: NTFS

Drive N: | 91,31 Gb Total Space | 89,59 Gb Free Space | 98,12% Space Free | Partition Type: NTFS

Drive O: | 91,47 Gb Total Space | 90,44 Gb Free Space | 98,87% Space Free | Partition Type: NTFS

Computer Name: MIKELE-PC | User Name: MARCO | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0292CE96-F24A-4984-9E62-66C00507550A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{173DE981-E56E-49D1-A24B-E01FB64A43F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{1A723D7B-3C68-4C67-B48B-D6CF54A63998}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{223F44CD-1937-4AF9-83B5-9B4F61618BEB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{2A1CF153-E04C-4856-B913-D56D4C90759E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{30195CB0-A6C3-476B-A9FF-9C00DD475E1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{409947D2-4121-4375-B7EF-0964AD0A32C9}" = rport=137 | protocol=17 | dir=out | app=system |

"{476ACE07-BF13-424F-8A5A-5D94C02C4280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{650D553E-8814-47C4-A5AC-A61C5BD57EA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{66E68EC9-D570-48B2-8D43-1B521908BD6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7075FBD9-AE08-419A-B3CF-70EF6655BE79}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{70904798-CA37-4C0F-9D60-975C9F8EA58F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76349377-2643-4D2F-8644-244020AA26B5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{78E79B85-7FC5-40F7-9E85-33CC1436916E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{840721D3-9B0F-4748-A8AD-49998422607C}" = rport=139 | protocol=6 | dir=out | app=system |

"{852F5B1B-2C20-4DEB-B3A9-D787CE0B5B9A}" = rport=445 | protocol=6 | dir=out | app=system |

"{8CA74438-3C44-4595-BE71-04CC23BCCBEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8CED3D67-4D84-43E4-A30E-C255000F3FD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{95D9EBAC-7648-4905-B434-AB922569D5A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A3166A91-BE9F-4A7B-8234-3B4C056854D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B94946AB-218C-4BE0-9114-9DF3F9832358}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B98BD4F7-5D67-40D9-BE39-DC9182E041E4}" = lport=137 | protocol=17 | dir=in | app=system |

"{C3783FC7-14E6-4780-A736-F26301892B78}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C3A69AB6-7262-44CF-960B-40868C8A9A9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CCF62F43-4FE3-4EDD-864B-9D3243BF2A37}" = lport=139 | protocol=6 | dir=in | app=system |

"{D2773BF4-F139-4E11-B631-D1764CC342B1}" = lport=445 | protocol=6 | dir=in | app=system |

"{D2B8BF25-E644-4063-AD3F-3916AFCD7884}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E48796DD-6664-4283-807F-8141A56BAD97}" = rport=138 | protocol=17 | dir=out | app=system |

"{E8A2BE96-80AA-4C7E-A21C-C1E86546860A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{E9FB078C-F47A-452B-92CE-EEC1B7478549}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC6B3B14-A472-4EE4-A3B1-3C1479F711E8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{ECF79014-5E5D-4B3C-B6B6-53BD35F8DB7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FEF5A5CF-3E90-4CD9-AE5C-32D9495CD506}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04768EF0-527C-4EF1-83A1-9F08091938BF}" = protocol=6 | dir=in | app=m:\giochi\stronghold legend\strongholdlegends.exe |

"{09CDB85E-4DB6-4FCB-8376-A711D8EA551B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{113E41E8-AF01-42D1-A175-EA12170238B2}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |

"{13CEC8EF-2E0C-4276-9FA9-B7CC44FFD7C5}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |

"{15F09166-B56D-4633-93DF-5777F012F4B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{1CC728BD-6A73-4E83-B24C-A4EA5F553436}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{1FC74FD5-9FFD-45BD-93B5-0B57F02665E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{219D0BE1-8171-4252-B2FF-15E995F52E48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{21A4A744-77E7-4813-A749-CC87AB6B3E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |

"{25FDB211-2E1E-442A-A19B-2C738F8FDF62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |

"{273A2A83-30CA-4F9D-844C-194672F3D154}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |

"{2B67C03A-7124-4685-961A-F828A8961B96}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |

"{32E811D6-F4DB-4152-B912-31AFF6DFE865}" = protocol=6 | dir=in | app=m:\giochi\dead space 3\dead space 3\deadspace3.exe |

"{35592675-16A7-470A-B291-710C9E696EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{360A1C83-F297-4C26-B676-FA0643B03510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{395DC3EC-112E-43D2-9587-5EABF181E30E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |

"{3A4DCBD1-6045-4BEB-B5BF-BE1A2F6C07CE}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |

"{3B986DBA-0988-4B6C-9F30-289B62A0C362}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |

"{3D5EAF3B-8343-4528-9A86-DC314E10481F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{401435B0-0BF4-49E7-920A-0462E8ECBC11}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{43C01A82-F28A-4484-B59E-FEAE4BC67574}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{43FBE863-AECE-47ED-9B40-C006045D6A13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4BE8F41E-34D2-487D-B97D-78F9A15566C1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{57E1C041-FB90-4F4F-9900-9305976876F7}" = protocol=17 | dir=in | app=m:\giochi\signore anelli\game.dat |

"{5FD87196-3BC5-4A6A-A738-3A149C899C53}" = protocol=58 | dir=in | app=system |

"{61C4E8EC-D121-4761-A2E3-0A29EF5D5A2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{64ECB100-9730-48C1-A661-D11CC94564EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{67744324-0D0A-40A6-93C5-D31EA72C4252}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |

"{6817DC59-6F1C-4C2E-827D-663D1EE763FB}" = dir=in | app=c:\users\marco\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{688BD0D7-21C2-436D-9F81-B2B1FA3ACD22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |

"{6D5DE9D8-626C-4BC5-A524-0485CF44D6C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{73D09DEA-87FA-4CAD-8AE6-B961523FADEF}" = dir=in | app=c:\users\mikele\appdata\local\microsoft\skydrive\skydrive.exe |

"{74198FBD-4A80-45CA-B2F5-C2031C927B4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{784F174E-B3CA-446D-A467-97509CA5184C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{78D5A53A-19E3-44DC-A057-BFF8774F55A3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |

"{8661EA54-560B-4412-99A0-6F1C16ACE053}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{8AC772E6-29E5-47F8-BE8B-981F5726D2C9}" = protocol=6 | dir=out | app=system |

"{8CB5DE32-8A2A-406E-8E25-DEF393CEB9BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8F014F2F-668B-4EF6-A06F-537084C75442}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |

"{901D6D9F-AC0E-4861-832A-DD2C1E18B3B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{91D019E9-2451-4D78-BF1C-74C34E5290B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{9B90CDA0-1062-49E0-99BA-303E4A3A46B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |

"{9BF61E97-9DBF-48BD-9F1E-F09FDF0C1295}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{9D4DE953-D23F-4592-9BA6-EF63A496D93E}" = protocol=17 | dir=in | app=d:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |

"{A2DF777A-A3B4-45E2-8BDF-D210EF1713BA}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |

"{A7E8A647-A5CE-49B4-B9F7-35B70CDEA091}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |

"{B05A61A7-6651-496A-ACE6-0F379E9534C6}" = protocol=6 | dir=in | app=m:\giochi\signore anelli\game.dat |

"{BAEB9F68-1DF5-490B-8E13-7CA1055D0E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |

"{BF09C601-07AE-40FA-AC6B-4AAA7BD431B6}" = protocol=6 | dir=in | app=d:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |

"{BF6DFB5D-BDC2-44AC-BF0C-1FD3061D57FA}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |

"{C574CB7B-3F54-4370-9C12-171FC34EA6BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C73627CC-AF9A-4270-94BF-3367F4000345}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C8F1F3BB-1109-4FA8-95DF-F40CD29FE012}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |

"{CB49EB6B-5626-4D3B-BF88-DF89359017F1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{CE8410D5-4C15-4277-B6F3-CAE2F2E89BED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D0DEA5BC-6545-4FC5-AF1C-C6CD348DDD6B}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |

"{DE04E1CC-1AEA-440E-9898-311FB8F0D072}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E0B1773B-A718-4E9E-BB5E-B3F9C099A983}" = protocol=17 | dir=in | app=m:\giochi\dead space 3\dead space 3\deadspace3.exe |

"{E33C8013-1936-4378-8959-207204FF646E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |

"{F23D19E4-7601-4155-8752-A4907C1321C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{F3B80C68-93D2-4173-94F6-389F48CB33C4}" = protocol=17 | dir=in | app=m:\giochi\stronghold legend\strongholdlegends.exe |

"{F6050C95-F5FA-4709-877F-2D78AF92AEC1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{0A82B6AA-F08E-4CD5-B047-56F6FDECBF58}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"TCP Query User{170794A0-AE6C-45BE-AAF4-778BD7792B45}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{391FCE7E-6033-46D5-AE8B-548977F2E7E4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{3E59D91B-696D-46F1-AB69-3E9E2C0C3C26}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{57D667C5-724F-4695-8313-54F705CD5D4D}M:\giochi\alice madness\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=m:\giochi\alice madness\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |

"TCP Query User{5F02946A-86E6-423D-8658-96744D1A4F69}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |

"TCP Query User{6E732FB2-3839-448D-8F4A-8E15F30DEE13}C:\program files (x86)\duke nukem - manhattan project\prism3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duke nukem - manhattan project\prism3d.exe |

"TCP Query User{756A505B-3D49-4702-910C-93FE1E5AB701}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |

"TCP Query User{8013DFF7-38DA-4541-911C-6501158D575B}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"TCP Query User{8B68BDC2-894F-4198-B0FF-2EEDE6F726FF}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |

"TCP Query User{C8BDECE4-3ACD-49B6-9C05-AC846B9816C0}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"TCP Query User{CDF2297F-960F-480B-9E14-215ECC534C7C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"TCP Query User{E006DFF0-9754-4571-9A7C-C66B870DBDBE}C:\program files (x86)\voicemaster\voicemaster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voicemaster\voicemaster.exe |

"TCP Query User{EA86B439-31A1-4E5B-8732-8C74CA74B4F8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"TCP Query User{EBFA4565-32D4-4B51-AE53-69E2FEF7D7A9}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |

"UDP Query User{01980C60-0EC4-4F75-9142-8691235D3F9F}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |

"UDP Query User{09AE483A-AA67-4174-9BD7-0E1EDF800869}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |

"UDP Query User{15A2224D-6D71-439B-9CE9-2B26F9B43EDD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{4BAFA4C3-D11C-47A7-9F50-B5F4D5163EAF}C:\program files (x86)\voicemaster\voicemaster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voicemaster\voicemaster.exe |

"UDP Query User{58175E14-44BF-40A6-934C-D519FB4B879C}M:\giochi\alice madness\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=m:\giochi\alice madness\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |

"UDP Query User{708A9328-1C22-4956-9086-44588A15BA7A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{8C0C383F-7203-4F28-97DA-39055B3AE0F8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"UDP Query User{930A26C1-638B-4BD9-9C40-6D84308E7121}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

"UDP Query User{A8B56FA8-79A0-43EC-A006-5352D7880AD5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{B88BFFAA-2F92-400B-93FB-FD99640641EA}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

"UDP Query User{C2FF390B-859E-4DC0-8F2D-D1F2D7891D18}C:\program files (x86)\duke nukem - manhattan project\prism3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duke nukem - manhattan project\prism3d.exe |

"UDP Query User{CCE740CE-E1E7-406D-8AC8-CB40BC94CC73}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{DAB1024F-40D8-4F2A-B1DB-6C21C83AD2F3}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"UDP Query User{EC297494-7617-48C5-9F20-435442ADDB76}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |

"UDP Query User{F80C6E33-1906-498C-A68A-8C7F0FA824E2}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers

"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 266.84

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 266.84

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

"VoiceMaster_is1" = VoiceMaster 2.0.0.83

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager

"{2ACE4349-FEF2-44DA-BE12-325D44F32FA8}_is1" = PowerOffer 3.0

"{2DC469DE-10BD-4032-AEB0-6E5D5B8225FD}_is1" = Emoticoons 1.0

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3E70F8B2-2ADE-4F83-8AD8-BDB602985E98}_is1" = Vlc versione 1.1.8

"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = La Battaglia per la Terra di Mezzo™

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project

"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI

"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack

"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto

"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{eaae683d-4274-4537-875b-36cd7b95d402}" = Nero 9 Essentials

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F9657EF6-C156-4CE9-A0A2-562CD3E94842}" = Beach Life

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Àíòîëîãèÿ LUXOR + ZUMA_is1" = Àíòîëîãèÿ LUXOR + ZUMA

"Alice: Madness Returns_is1" = Alice: Madness Returns

"aTube Catcher" = aTube Catcher

"Avidemux 2.5" = Avidemux 2.5 (32-bit)

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Combat Arms EU" = Combat Arms EU

"DAEMON Tools Lite" = DAEMON Tools Lite

"DebugMode Wax 2.0" = DebugMode Wax 2.0

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"eMule" = eMule

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Fraps" = Fraps (remove only)

"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.6.706

"Free Screen To Video_is1" = Free Screen To Video V 1.2

"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.15.706

"GameSpy Arcade" = GameSpy Arcade

"Hotkey Utility" = Hotkey Utility

"Identity Card" = Identity Card

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project

"LogMeIn Hamachi" = LogMeIn Hamachi

"Metronome 4.0" = Metronome 4.0

"Mozilla Firefox 20.0.1 (x86 it)" = Mozilla Firefox 20.0.1 (x86 it)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MyTomTom" = MyTomTom 3.2.0.802

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Packard Bell InfoCentre" = Packard Bell InfoCentre

"Packard Bell Registration" = Packard Bell Registration

"Packard Bell Screensaver" = Packard Bell ScreenSaver

"Packard Bell Software Suite SE" = Packard Bell Software Suite SE

"Packard Bell Welcome Center" = Welcome Center

"Plants vs. Zombies" = Plants vs. Zombies

"Postal 2" = Postal 2

"Registrazione utente Canon MP620 series" = Registrazione utente Canon MP620 series

"Shadows on the Vatican Atto I - Avarizia_is1" = Shadows on the Vatican Atto I - Avarizia

"Songr" = Songr

"Steam App 202970" = Call of Duty: Black Ops II

"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer

"Steam App 212910" = Call of Duty: Black Ops II - Zombies

"Steam App 34120" = Aliens vs Predator Dedicated Server

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Tunngle beta_is1" = Tunngle beta

"TurboPOI_is1" = TurboPOI 1.3

"uTorrent" = µTorrent

"VoiceMaster_is1" = VoiceMaster 1.0.0.61

"WildTangent packardbell Master Uninstall" = Packard Bell Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WT088216" = Agatha Christie - Death on the Nile

"WT088226" = Bejeweled 2 Deluxe

"WT088228" = Build-a-lot 2

"WT088235" = Chuzzle Deluxe

"WT088238" = Diner Dash 2 Restaurant Rescue

"WT088260" = Farm Frenzy

"WT088268" = Insaniquarium Deluxe

"WT088269" = Jewel Quest Solitaire 2

"WT088283" = Plants vs. Zombies

"WT088292" = Zuma Deluxe

"WT088416" = FATE

"WT088420" = Final Drive Nitro

"WT088448" = John Deere Drive Green

"WT088452" = Penguins!

"WT088456" = Polar Bowler

"WT088460" = Polar Golfer

"WT088508" = Virtual Villagers 4 - The Tree of Life

"WT088531" = Zuma's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FunnyGames - happy_wheels" = FunnyGames - Happy Wheels

"SOE-DC Universe Online Live PSG" = DC Universe Online Live

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 01/10/2012 10:25:09 | Computer Name = mikele-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: Engine.exe, versione:

0.0.0.0, timestamp: 0x5062bbf0 Nome del modulo che ha generato l'errore: cshell.dll,

versione: 0.0.0.0, timestamp: 0x5062bd03 Codice eccezione: 0xc0000005 Offset errore

0x00409be3 ID processo che ha generato l'errore: 0x106c Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cd9fe03b3a9ee7 Percorso dell'applicazione che ha generato

l'errore: C:\Nexon\Combat Arms EU\Engine.exe Percorso del modulo che ha generato

l'errore: C:\Nexon\Combat Arms EU\Game\cshell.dll ID segnalazione: cd319175-0bd3-11e2-b599-f80f4115b131

Error - 01/10/2012 15:42:45 | Computer Name = mikele-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: Engine.exe, versione:

0.0.0.0, timestamp: 0x5062bbf0 Nome del modulo che ha generato l'errore: ortp.dll_unloaded,

versione: 0.0.0.0, timestamp: 0x4b9e71df Codice eccezione: 0xc0000005 Offset errore

0x0893f4a0 ID processo che ha generato l'errore: 0x1780 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cda00cbac6e15d Percorso dell'applicazione che ha generato

l'errore: C:\Nexon\Combat Arms EU\Engine.exe Percorso del modulo che ha generato

l'errore: ortp.dll ID segnalazione: 2b75331b-0c00-11e2-8512-f80f4115b131

Error - 03/10/2012 07:06:54 | Computer Name = mikele-PC | Source = Application Hang | ID = 1002

Description = Il programma yct.exe versione 2.9.0.1328 non interagisce più con Windows

ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema,

verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID

processo: 1178 Ora di avvio: 01cda15719db4465 Ora di chiusura: 10 Percorso applicazione:

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe ID segnalazione: 653f8888-0d4a-11e2-b5ba-f80f4115b131

Error - 06/10/2012 16:08:22 | Computer Name = mikele-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: Engine.exe, versione:

0.0.0.0, timestamp: 0x5062bbf0 Nome del modulo che ha generato l'errore: nmconew.dll_unloaded,

versione: 0.0.0.0, timestamp: 0x4f8d2c04 Codice eccezione: 0xc0000005 Offset errore

0x208489bd ID processo che ha generato l'errore: 0x1dc0 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cda3fd4f0934ad Percorso dell'applicazione che ha generato

l'errore: C:\Nexon\Combat Arms EU\Engine.exe Percorso del modulo che ha generato

l'errore: nmconew.dll ID segnalazione: 93fea8bc-0ff1-11e2-88e8-f80f4115b131

Error - 07/10/2012 09:39:36 | Computer Name = mikele-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: nvvsvc.exe, versione:

8.17.12.6684, timestamp: 0x4d40bed8 Nome del modulo che ha generato l'errore: NVSVC64.DLL,

versione: 8.17.12.6684, timestamp: 0x4d40bc98 Codice eccezione: 0xc0000005 Offset

errore 0x000000000005aa7c ID processo che ha generato l'errore: 0x5a4 Ora di avvio

dell'applicazione che ha generato l'errore: 0x01cda490ec04beb4 Percorso dell'applicazione

che ha generato l'errore: C:\Windows\system32\nvvsvc.exe Percorso del modulo che

ha generato l'errore: C:\Windows\system32\NVSVC64.DLL ID segnalazione: 6ead31dc-1084-11e2-b636-f80f4115b131

Error - 09/10/2012 09:34:01 | Computer Name = mikele-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: MovieMaker.exe, versione:

16.4.3503.728, timestamp: 0x5013b355 Nome del modulo che ha generato l'errore: msmpeg2vdec.dll,

versione: 6.1.7140.0, timestamp: 0x4a5bdaaa Codice eccezione: 0xc0000005 Offset errore

0x0017325f ID processo che ha generato l'errore: 0x101c Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cda622bb878c2a Percorso dell'applicazione che ha generato

l'errore: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe Percorso

del modulo che ha generato l'errore: C:\Windows\SysWOW64\msmpeg2vdec.dll ID segnalazione:

fbcafe68-1215-11e2-b408-f80f4115b131

Error - 19/10/2012 16:55:43 | Computer Name = mikele-PC | Source = Application Hang | ID = 1002

Description = Il programma firefox.exe versione 15.0.1.4631 non interagisce più

con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni

sul problema, verificare la cronologia del problema in Centro operativo nel Pannello

di controllo. ID processo: c34 Ora di avvio: 01cdae29839cb44e Ora di chiusura: 51 Percorso

applicazione: C:\Program Files (x86)\Mozilla Firefox\firefox.exe ID segnalazione:

5294131b-1a2f-11e2-8974-f80f4115b131

Error - 20/10/2012 15:12:28 | Computer Name = mikele-PC | Source = Google Update | ID = 20

Description =

Error - 24/10/2012 05:44:40 | Computer Name = mikele-PC | Source = Application Hang | ID = 1002

Description = Il programma Stp891C_TMP.tmp versione 51.1052.0.0 non interagisce

più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni

sul problema, verificare la cronologia del problema in Centro operativo nel Pannello

di controllo. ID processo: 8a0 Ora di avvio: 01cdb1cbee8a3c74 Ora di chiusura: 1 Percorso

applicazione: C:\Users\GIULIANO\AppData\Local\Temp\is-O8QM4.tmp\Stp891C_TMP.tmp

ID

segnalazione:

Error - 24/10/2012 09:28:18 | Computer Name = mikele-PC | Source = Application Hang | ID = 1002

Description = Il programma firefox.exe versione 15.0.1.4631 non interagisce più

con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni

sul problema, verificare la cronologia del problema in Centro operativo nel Pannello

di controllo. ID processo: 1788 Ora di avvio: 01cdb1eaa2a36c7c Ora di chiusura: 32

Percorso

applicazione: C:\Program Files (x86)\Mozilla Firefox\firefox.exe ID segnalazione:

877ea603-1dde-11e2-8ea1-f80f4115b131

[ System Events ]

Error - 18/05/2013 07:11:31 | Computer Name = mikele-PC | Source = DCOM | ID = 10016

Description =

Error - 18/05/2013 07:41:13 | Computer Name = mikele-PC | Source = Application Popup | ID = 1060

Description = Caricamento del driver \??\C:\Windows\SysWow64\drivers\pclepci.sys

bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore

del software per richiedere una versione compatibile del driver.

Error - 18/05/2013 07:42:04 | Computer Name = mikele-PC | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: PCLEPCI

SASDIFSV

SASKUTIL

Error - 18/05/2013 07:42:36 | Computer Name = mikele-PC | Source = DCOM | ID = 10016

Description =

Error - 18/05/2013 07:49:13 | Computer Name = mikele-PC | Source = Application Popup | ID = 1060

Description = Caricamento del driver \??\C:\Windows\SysWow64\drivers\pclepci.sys

bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore

del software per richiedere una versione compatibile del driver.

Error - 18/05/2013 07:50:02 | Computer Name = mikele-PC | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: PCLEPCI

SASDIFSV

SASKUTIL

Error - 18/05/2013 07:50:36 | Computer Name = mikele-PC | Source = DCOM | ID = 10016

Description =

Error - 18/05/2013 08:05:26 | Computer Name = mikele-PC | Source = Application Popup | ID = 1060

Description = Caricamento del driver \??\C:\Windows\SysWow64\drivers\pclepci.sys

bloccato a causa di incompatibilità con il sistema in uso. Rivolgersi al fornitore

del software per richiedere una versione compatibile del driver.

Error - 18/05/2013 08:06:17 | Computer Name = mikele-PC | Source = Service Control Manager | ID = 7026

Description = All'avvio non è stato possibile caricare i seguenti driver: PCLEPCI

SASDIFSV

SASKUTIL

Error - 18/05/2013 08:06:49 | Computer Name = mikele-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

mi scuso in anticipo ma se incollo il log OTL non mi consente l'invio del messaggio in quanto troppo lungo

lo allego

OTLnuovo.rar

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

log adwcleaner (mi sembra di capire che Marco è quello che è meno attento alle installazioni dei software da softonic)

# AdwCleaner v2.301 - Logfile creato il 18/05/2013 alle 15:16:58

# Aggiornamento 16/05/2013 by Xplode

# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)

# Utente : MARCO - MIKELE-PC

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Users\MARCO\Desktop\adwcleaner.exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Cartella Eliminato : C:\ProgramData\Ask

Cartella Eliminato : C:\Users\GIULIANO\AppData\LocalLow\AskToolbar

Cartella Eliminato : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\extensions\staged

Cartella Eliminato : C:\Users\MARCO\AppData\Local\PackageAware

File Eliminato : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\searchplugins\Askcom.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP

Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong

Chiave Eliminata : HKCU\Software\AppDataLow\Software\searchqutoolbar

Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar

Chiave Eliminata : HKCU\Software\ChatZum Toolbar

Chiave Eliminata : HKCU\Software\Headlight

Chiave Eliminata : HKCU\Software\IM

Chiave Eliminata : HKCU\Software\ImInstaller

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Chiave Eliminata : HKCU\Software\Softonic

Chiave Eliminata : HKCU\Software\Somoto

Chiave Eliminata : HKLM\Software\ChatZum Toolbar

Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASAPI32

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASMANCS

Chiave Eliminata : HKLM\Software\PIP

Chiave Eliminata : HKLM\Software\SoftwareUpdater

Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Chiave Eliminata : HKLM\SOFTWARE\Software

***** [browser Internet] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registro Pulito.

-\\ Mozilla Firefox v20.0.1 (it)

File : C:\Users\mikele\AppData\Roaming\Mozilla\Firefox\Profiles\azwabnvp.default\prefs.js

Eliminata : user_pref("browser.search.defaultenginename", "ChatZumSearch");

Eliminata : user_pref("browser.search.order.1", "ChatZumSearch");

Eliminata : user_pref("id_chatzum_softonic_installed_version", "1.0.20");

File : C:\Users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\prefs.js

Eliminata : user_pref("browser.search.defaultengine", "Ask.com");

Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", "");

Eliminata : user_pref("id_chatzum_softonic.firstlaunch", "0");

Eliminata : user_pref("id_chatzum_softonic.guid", "%7B065CD27F-3EC7-FD08-48CA-ADE5F4FA6685%7D");

Eliminata : user_pref("id_chatzum_softonic.hiddenvisual", 0);

Eliminata : user_pref("id_chatzum_softonic.popupblockedcnt", "6");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar10", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar2", "%12%1A%1B%17%16%1A%14%11%11%10");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar3", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar4", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar5", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar6", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar7", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar8", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.SVar9", "%13");

Eliminata : user_pref("id_chatzum_softonic.variables.Var1", "62");

Eliminata : user_pref("id_chatzum_softonic.variables.Var10", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var2", "1984597223");

Eliminata : user_pref("id_chatzum_softonic.variables.Var3", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var4", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var5", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var6", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var7", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var8", "0");

Eliminata : user_pref("id_chatzum_softonic.variables.Var9", "0");

Eliminata : user_pref("id_chatzum_softonic_installed_version", "1.0.20");

File : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\prefs.js

Eliminata : user_pref("browser.search.defaultengine", "Ask.com");

Eliminata : user_pref("browser.search.defaultenginename", "ChatZumSearch");

Eliminata : user_pref("browser.search.order.1", "ChatZumSearch");

Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\y0e00uvg.default\prefs.js

[OK] File Pulito.

*************************

AdwCleaner[s1].txt - [5922 octets] - [18/05/2013 15:16:58]

########## EOF - C:\AdwCleaner[s1].txt - [5982 octets] ##########

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

ultimo log : JRT (attendo istruzioni)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by MARCO on 18/05/2013 at 15:29:26,19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-4217405360-2350075151-1383066028-1001\software\web assistant"

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\MARCO\appdata\locallow\datamngr"

~~~ FireFox

Emptied folder: C:\Users\MARCO\AppData\Roaming\mozilla\firefox\profiles\rslv1v7e.default\minidumps [216 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/05/2013 at 15:31:18,67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Modificato da mickele

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mickele

Vai in C:\OTL\moved files cerca il log generato dal fix e postalo, dovrebbe essere il penultimo.

Poi esegui il seguente tool

  • Scarica RogueKiller e salvalo sul desktop
  • Chiudi tutti gli altri programmi
  • Avvia RogueKiller.exe
  • Attendere mentre la Prescansione termina
  • Click su Scan
    RGKRScan.png
  • Attendere la fine della scansione
  • Un report sarà creato sul desktop.
  • Click su Delete
    RGKRDelete.png
  • Successivamente cliccare su ShortcutsFix
    RGKRShortcutsFix.png
  • Un'altro log sarà creato sul desktop.

Posta tutti gli RKreport.txt posizionati sul tuo desktop.

Ripeto non allegare i log copia e incolla il contenuto di essi, se troppo lunghi puoi fare più post.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

========== OTL ==========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "ChatZumSearch" removed from browser.search.defaultenginename

Prefs.js: "ChatZumSearch" removed from browser.search.order.1

C:\Users\mikele\AppData\Roaming\mozilla\firefox\profiles\azwabnvp.default\searchplugins\findeer.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.

Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.

Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.

Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.

Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979 not found.

ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Configurazione IP di Windows

Cache del resolver DNS svuotata.

C:\Users\MARCO\Desktop\cmd.bat deleted successfully.

C:\Users\MARCO\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: CRISTINA

->Flash cache emptied: 492 bytes

User: Default

User: Default User

User: GIULIANO

->Flash cache emptied: 586 bytes

User: MARCO

->Flash cache emptied: 1087 bytes

User: mikele

->Flash cache emptied: 650 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[RESETHOST]> in the current context!

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05182013_140421

log1 roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : MARCO [Admin rights]

Mode : Scan -- Date : 05/18/2013 19:56:17

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> Trovato

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> Trovato

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> Trovato

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> Trovato

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Trovato

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++

--- User ---

[MBR] 26bf45d746bc8c91541ae5752d79534e

[bSP] 9776fdbff546bcfbb65f599bc564e9ce : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo

2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37955584 | Size: 317667 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05182013_02d1956.txt >>

RKreport[1]_S_05182013_02d1956.txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

log 2 roguekiller edit: mannaggia, mi sono dimenticato firefox aperto mentre facevo le scansioni di roguerkiller, devo rifarle e ripostare i log?

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : MARCO [Admin rights]

Mode : Remove -- Date : 05/18/2013 20:00:26

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Cancellato

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Cancellato

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Cancellato

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Sostituito (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Sostituito (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++

--- User ---

[MBR] 26bf45d746bc8c91541ae5752d79534e

[bSP] 9776fdbff546bcfbb65f599bc564e9ce : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo

2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37955584 | Size: 317667 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_D_05182013_02d2000.txt >>

RKreport[1]_D_05182013_02d2000.txt

log 3 roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : MARCO [Admin rights]

Mode : Shortcuts HJfix -- Date : 05/18/2013 20:02:55

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 24 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 51 / Fail 0

My documents: Success 1 / Fail 1

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 0 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 619 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume5 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume9 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

[F:] \Device\CdRom1 -- 0x5 --> Skipped

[K:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[L:] \Device\HarddiskVolume6 -- 0x3 --> Restored

[M:] \Device\HarddiskVolume7 -- 0x3 --> Restored

[N:] \Device\HarddiskVolume8 -- 0x3 --> Restored

[O:] \Device\HarddiskVolume4 -- 0x3 --> Restored

[P:] \Device\HarddiskVolume10 -- 0x2 --> Restored

[Q:] \Device\HarddiskVolume11 -- 0x2 --> Restored

[R:] \Device\HarddiskVolume12 -- 0x2 --> Restored

[s:] \Device\HarddiskVolume13 -- 0x2 --> Restored

[T:] \Device\HarddiskVolume14 -- 0x2 --> Restored

Finished : << RKreport[1]_SC_05182013_02d2002.txt >>

RKreport[1]_SC_05182013_02d2002.txt

Modificato da mickele

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mikele

Ri Avvia OTL.exe .

  • Copia e incolla il testo scritto all'interno del box quote in analisi personalizzate/correzioni .


:Files
ipconfig /flushdns /c

:Commands
[EMPTYFLASH]
[RESETHOST]
[CREATERESTOREPOINT]
[REBOOT]

    [*] Quindi fare clic su Fix Run situato nella parte superiore.

    [*] Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.

    Postare il log che viene rilasciato [/List]

    Dopo

    Scarica Combofix da uno di questi due link:

    Link 1

    Link 2

    * IMPORTANTE- Salva ComboFix.exe sul tuo Desktop

    ====================================================

    Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni (in Inglese) disponibili a questo link : Come disabilitare i programmi di sicurezza

    ====================================================

    Doppio click su combofix.exe & seguire le istruzioni

    Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ultimo OTL

========== FILES ==========

< ipconfig /flushdns /c >

Configurazione IP di Windows

Cache del resolver DNS svuotata.

C:\Users\MARCO\Desktop\cmd.bat deleted successfully.

C:\Users\MARCO\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: CRISTINA

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: GIULIANO

->Flash cache emptied: 0 bytes

User: MARCO

->Flash cache emptied: 650 bytes

User: mikele

->Flash cache emptied: 506 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[RESETHOST]> in the current context!

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05192013_104955

combofix (ho commesso un altro errore, ripetendo la scansione 2 volte mi sono perso il primo log dove aveva trovato e cancellato alcune cose)

ComboFix 13-05-18.03 - MARCO 19/05/2013 11:13:26.7.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6281 [GMT 2:00]

Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2013-04-19 al 2013-05-19 )))))))))))))))))))))))))))))))))))

.

.

2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\mikele\AppData\Local\temp

2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\GIULIANO\AppData\Local\temp

2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\CRISTINA\AppData\Local\temp

2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT

2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT

2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL

2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla

2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll

2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-04-30 14:32 . 2013-04-30 16:03 -------- d-----w- c:\users\MARCO\AppData\Local\ssupd

2013-04-30 14:32 . 2013-04-30 14:32 -------- d-----w- c:\users\MARCO\AppData\Local\ServiceManager

2013-04-30 14:32 . 2013-04-30 14:32 -------- d-----w- c:\users\MARCO\AppData\Local\sshelper

2013-04-30 12:54 . 2013-05-10 12:35 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater

2013-04-30 12:54 . 2013-04-30 12:54 -------- d-----w- c:\program files (x86)\MyPcCleaner

2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games

2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games

2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs

2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]

"SsroService"="c:\users\Public\Documents\Application\CurrentFile\ssadl.exe" [2013-01-24 217600]

.

c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LiveUpSC;LiveUpSC;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R2 SsroService;Ssro Service;c:\users\MARCO\AppData\Local\ServiceManager\ssro.exe [2013-01-24 31232]

R2 SsupdService;Ssupd Service;c:\users\MARCO\AppData\Local\ssupd\ssupd.exe [2013-01-24 156160]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152]

R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job

- c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job

- c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job

- c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job

- c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.it/

mSearchAssistant =

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF}: NameServer = 212.216.112.222,212.216.172.162

TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7}: NameServer = 212.216.112.222,212.216.172.162

FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.it

FF - prefs.js: network.proxy.type - 0

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1,

d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb,

ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca,

53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a,

0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50,

87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64,

5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81,

62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28,

e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92,

38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef,

6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46,

43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96,

84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-05-19 11:17:01

ComboFix-quarantined-files.txt 2013-05-19 09:17

ComboFix2.txt 2013-05-19 09:05

.

Pre-Run: 205.566.988.288 byte disponibili

Post-Run: 205.447.626.752 byte disponibili

.

- - End Of File - - 122864FE3F5791F28C3F2665F8FCDAB4

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mickele

Dovresti ri eseguire il fix, c'e' un comando che non ha lavorato

Ri Avvia OTL.exe .

  • Copia e incolla il testo scritto in analisi personalizzate/correzioni .

:commands

[resethost]

  • Quindi fare clic su Fix Run situato nella parte superiore.
  • Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.
    Postare il log che viene rilasciato

Poi

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

 
ClearJavaCache::

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

OTL (credo che non abbia riconosciuto il comando)

========== COMMANDS ==========

Error: Unable to interpret <[resethost]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05192013_124710

Combofix

ComboFix 13-05-18.03 - MARCO 19/05/2013 12:49:16.9.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6393 [GMT 2:00]

Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe

Opzioni usate :: c:\users\MARCO\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2013-04-19 al 2013-05-19 )))))))))))))))))))))))))))))))))))

.

.

2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\mikele\AppData\Local\temp

2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\GIULIANO\AppData\Local\temp

2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\CRISTINA\AppData\Local\temp

2013-05-19 10:31 . 2013-05-19 10:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\offreg.dll

2013-05-19 10:30 . 2013-05-19 10:30 -------- d-----w- C:\!KillBox

2013-05-19 10:23 . 2013-05-19 10:23 -------- d-----w- c:\users\mikele\AppData\Roaming\DVDVideoSoft

2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT

2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT

2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL

2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla

2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll

2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-04-30 14:32 . 2013-05-19 10:02 -------- d-----w- c:\users\MARCO\AppData\Local\ServiceManager

2013-04-30 14:32 . 2013-04-30 16:03 -------- d-----w- c:\users\MARCO\AppData\Local\ssupd

2013-04-30 12:54 . 2013-05-10 12:35 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater

2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games

2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games

2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs

2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]

.

c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LiveUpSC;LiveUpSC;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R2 SsupdService;Ssupd Service;c:\users\MARCO\AppData\Local\ssupd\ssupd.exe [2013-01-24 156160]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152]

R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job

- c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31]

.

2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job

- c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31]

.

2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job

- c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40]

.

2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job

- c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.it/

mSearchAssistant =

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.it

FF - prefs.js: network.proxy.type - 0

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1,

d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb,

ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca,

53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a,

0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50,

87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64,

5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81,

62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28,

e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92,

38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef,

6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46,

43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\Windows\\SysWow64\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96,

84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2013-05-19 12:53:49

ComboFix-quarantined-files.txt 2013-05-19 10:53

ComboFix2.txt 2013-05-19 09:26

ComboFix3.txt 2013-05-19 09:17

ComboFix4.txt 2013-05-19 09:05

.

Pre-Run: 210.135.367.680 byte disponibili

Post-Run: 209.672.843.264 byte disponibili

.

- - End Of File - - 0EB85C8C2558BACA24ACFB05BD3D7088

ne approfitto per ringraziarti per la pazienza e per il tempo che mi stai dedicando :hi:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao

Ri Avvia OTL.exe .

  • Copia e incolla il testo scritto in analisi personalizzate/correzioni .

:otl

PRC - C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe (ssadp)

SRV - (SsupdService) -- C:\Users\MARCO\AppData\Local\ssupd\ssupd.exe (SsupdService)

SRV - (SsroService) -- C:\Users\MARCO\AppData\Local\ServiceManager\ssro.exe (SsroService)

O4 - HKLM..\Run: [ssroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe (ssadl)

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15377 more lines...

:commands

[resethost]

  • Quindi fare clic su Fix Run situato nella parte superiore.
  • Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.
    Postare il log che viene rilasciato

Dopo

Si prega di scaricare . Malwarebytes 'Anti-Malware sul desktop

  • Doppio - click su mbam - setup .exe e seguire le istruzioni per installare il programma .
  • Alla fine dell'installazione, di default, un segno di spunta è posizionato accanto a Aggiorna Malwarebytes 'Anti -Malware e Avvia Malwarebytes ' Anti - Malware , quindi cliccare Fine .
  • Se un viene trovato un aggiornamento , verrà scaricato e installato .
  • Una volta che il programma e' stato caricato , selezionare Eseguire scansione rapida , poi cliccare Scan .
  • Quando la scansione è completa , cliccare OK , poi Mostra Risultati per visualizzare i risultati .
  • Siate sicuri che tutto sia selezionato , quindi cliccare Remove Selected .
  • Quando completato il tutto , si aprirà un log in blocco note .
  • I log possono essere trovati qui :
    C : \ Documents e Settings \ nome utente \ Dati Applicazioni \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \ log [data] txt .
    O in
    C: \ Programmi \ Malwarebytes ' Anti - Malware \ Logs \ log - data . txt
  • Posta il log nella tua prossima risposta

Dopo

ESET on-line scan

Eseguire una scansione con ESET Online Scanner

Nota: Sarà necessario utilizzare Internet Explorer per questa scansione .

  • Selezionare la casella accanto a Yes, I accept the Terms of Use.
  • Cliccare su Start
  • Quando richiesto consentire il controllo ActiveX per installare
  • Cliccare su Start
  • Assicurarsi che le opzioni Rimuovi minacce trovate e Scansione delle applicazioni indesiderate siano selezionate
  • Cliccare su Scan
    Attendere il termine della scansione
  • Usa Notepad per aprire il file di log situato in C:\Program Files\EsetOnlineScanner\log.txt
  • Copia/Incolla il log nella tua risposta successiva

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

OTL

========== OTL ==========

No active process named ssadp.exe was found!

Error: No service named SsupdService was found to stop!

Service\Driver key SsupdService not found.

File C:\Users\MARCO\AppData\Local\ssupd\ssupd.exe not found.

Error: No service named SsroService was found to stop!

Service\Driver key SsroService not found.

File C:\Users\MARCO\AppData\Local\ServiceManager\ssro.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SsroService not found.

File C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe not found.

127.0.0.1 localhost removed from HOSTS file successfully

========== COMMANDS ==========

Error: Unable to interpret <[resethost]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05192013_191340

MBAM

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versione database: v2013.05.19.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

MARCO :: MIKELE-PC [amministratore]

19/05/2013 19:25:52

mbam-log-2013-05-19 (19-25-52).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 290167

Tempo impiegato: 2 minuti, 15 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 2

C:\Users\GIULIANO\Downloads\wirelesskeyview.zip (PUP.WirelessKeyView) -> Spostato in quarantena ed eliminato con successo.

C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Spostato in quarantena ed eliminato con successo.

(fine)

ESET

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

di ESET ho copiat anche quando indicato nel report " list of found threats" ed ho allegato un immagine della schermata finale dove si evince di aver trovato 23 file

C:\Users\All Users\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\ProgramData\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Users\GIULIANO\Downloads\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\install_uTorrent_(2)(1).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\install_uTorrent_(2).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_atube-catcher.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_surgeon-simulator-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_utorrent.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\Stronghold_Crusader_HD__MULTI5___PC___TiNYiSO_.exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined

C:\Users\GIULIANO\Downloads\Unsecure v1.2.rar a variant of Win32/HackTool.Unsecure.A application deleted - quarantined

C:\Users\MARCO\Desktop\download giochi\SoftonicDownloader_per_plants-vs-zombies.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\MARCO\Desktop\download giochi\SoftonicDownloader_per_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\MARCO\Desktop\varie\programmi\aTube_Catcher-2.9.1327.exe multiple threats cleaned by deleting - quarantined

C:\Users\MARCO\Downloads\SoftonicDownloader_per_hijackthis.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\mikele\Desktop\MANUTENZIONE PC\TOOL DI RIMOZIONE DEL VIRUS PHOTOALBUM\MSNFix.zip Win32/PrcView application deleted - quarantined

C:\Users\mikele\Desktop\MANUTENZIONE PC\TOOL DI RIMOZIONE DEL VIRUS PHOTOALBUM\MSNFix\MSNFix\incl\Process.exe Win32/PrcView application cleaned by deleting - quarantined

C:\Users\mikele\Desktop\nuova pulizia\avira_free_antivirus_it.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Users\mikele\Downloads\SoftonicDownloader_per_bookdb.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\mikele\Downloads\SoftonicDownloader_per_videospin.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\mikele\Downloads\Babylon.Pro.v9.0.1.r5.by.tano1221\Babylon Pro v9.0.1.r5\Babylon9_setup_full.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

C:\Windows\Installer\6c390.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

post-5027-0-81616100-1368990694_thumb.jp

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Il Comando corretto è [RESETHOSTS] , altrimenti dà errore.

P.S:non scaricare software o componenti da Softonic.

Modificato da tecnico24

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Mickele :)

Lapsus.

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

 
File::
C:\Users\All Users\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

Fammi sapere come va il tuo pc

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora