• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

emanuele

Helper Trainee
  • Content count

    123
  • Joined

  • Last visited

About emanuele

  • Rank
    Advanced Member
  • Birthday 11/14/1967

Contact Methods

  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    ITALY
  1. Hi Android 8888 Thank you very much for your help again! It seems that there aren't any further problems with my pc. I will make my best to keep it updated and to convince our administration to change operating system Have a nice week end Emanuele
  2. Hi Android 8888 Thank you very much for your fast help I know that I must change operating system but, due to the fact that this is my working pc even, my administration don't look good to a change that involve a cash disbursements: changing system means update the working programs to the new version by calling the technicians to do it. Anyway, I will try to convince them. Hereby I post the requested logs Thank you very much for your help again Emanuele Fix result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016 Ran by Mepra (13-09-2016 18:15:58) Run:2 Running from C:\Documents and Settings\Mepra\Desktop Loaded Profiles: Mepra & (Available Profiles: Mepra) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: EmptyTemp: Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {A89DE1B6-67D4-4653-8192-7F820ED57EF5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A89DE1B6-67D4-4653-8192-7F820ED57EF5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default FF Extension: (Search and New Tab by Yahoo) - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\n4mnktlh.default-1457954192062\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-08-29] CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Extension: (Yahoo Web) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-01-28] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-12] C:\Documents and Settings\Mepra\Impostazioni locali\Temp\avgnt.exe AlternateDataStreams: C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5C321E34 [125] End ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully. "HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}" => key removed successfully. HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => key not found. "HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A89DE1B6-67D4-4653-8192-7F820ED57EF5}" => key removed successfully. HKCR\CLSID\{A89DE1B6-67D4-4653-8192-7F820ED57EF5} => key not found. HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}" => key removed successfully. HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => key not found. "HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A89DE1B6-67D4-4653-8192-7F820ED57EF5}" => key removed successfully. HKCR\CLSID\{A89DE1B6-67D4-4653-8192-7F820ED57EF5} => key not found. C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\n4mnktlh.default-1457954192062\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi => moved successfully Chrome HomePage => removed successfully. Chrome DefaultSearchURL => removed successfully. Chrome DefaultSuggestURL => removed successfully. C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh => moved successfully C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Documents and Settings\Mepra\Impostazioni locali\Temp\avgnt.exe => moved successfully C:\Documents and Settings\All Users\Dati applicazioni\TEMP => ":5C321E34" ADS removed successfully.. =========== EmptyTemp: ========== BITS transfer queue => 9759 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 67519 B Java, Flash, Steam htmlcache => 20070428 B Windows/system/dllcache/drivers => 15394560 B Edge => 0 B Chrome => 28094897 B Firefox => 378920566 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default User => 66228 B All Users => 0 B systemprofile => 89233 B LocalService => 692 B NetworkService => 1111651 B Mepra => 763401964 B RecycleBin => 0 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:20:18 ==== # AdwCleaner v6.010 - Logfile created 13/09/2016 at 18:39:29 # Updated on 12/08/2016 by ToolsLib # Database : 2016-09-13.1 [server] # Operating System : Microsoft Windows XP Service Pack 3 (X86) # Username : Mepra - EMANUELE # Running from : C:\Documents and Settings\Mepra\Documenti\Downloads\adwcleaner_6.010.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Documents and Settings\All Users\Dati applicazioni\AVG Security Toolbar [-] Folder deleted: C:\Programmi\Yahoo!\yset [-] Folder deleted: C:\extensions ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\ComPlusMetaDataServices.ServicesMetaDataDispenser [-] Key deleted: HKLM\SOFTWARE\Classes\ComPlusMetaDataServices.ServicesMetaDataDispenser.1 [-] Key deleted: HKLM\SOFTWARE\Classes\ComPlusMetaDataServices.ServicesMetaDataReg [-] Key deleted: HKLM\SOFTWARE\Classes\ComPlusMetaDataServices.ServicesMetaDataReg.1 [-] Key deleted: HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\ForumerIT [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-682003330-1957994488-839522115-1003\Software\Alexa Internet [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-682003330-1957994488-839522115-1003\Software\SweetIM [#] Key deleted on reboot: HKCU\Software\ForumerIT [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! SearchSet [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30 [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C2].txt - [2308 Bytes] - [13/09/2016 18:39:29] C:\AdwCleaner\AdwCleaner[C4].txt - [4611 Bytes] - [10/12/2015 16:36:30] C:\AdwCleaner\AdwCleaner[R0].txt - [14518 Bytes] - [26/09/2014 17:52:06] C:\AdwCleaner\AdwCleaner[R1].txt - [2465 Bytes] - [24/11/2014 11:45:10] C:\AdwCleaner\AdwCleaner[R2].txt - [7802 Bytes] - [25/06/2015 18:36:13] C:\AdwCleaner\AdwCleaner[s0].txt - [14823 Bytes] - [26/09/2014 17:56:53] C:\AdwCleaner\AdwCleaner[s1].txt - [2558 Bytes] - [24/11/2014 11:47:53] C:\AdwCleaner\AdwCleaner[s2].txt - [8265 Bytes] - [25/06/2015 18:37:44] C:\AdwCleaner\AdwCleaner[s4].txt - [4341 Bytes] - [10/12/2015 16:34:34] C:\AdwCleaner\AdwCleaner[s5].txt - [3256 Bytes] - [13/09/2016 18:31:03] C:\AdwCleaner\AdwCleaner[s6].txt - [3202 Bytes] - [13/09/2016 18:35:35] C:\AdwCleaner\AdwCleaner[s7].txt - [3275 Bytes] - [13/09/2016 18:37:54] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3186 Bytes] ########## Result of Security Analysis by Rocket Grannie (x86) Updated: 5th August 2016 Running from:C:\Documents and Settings\Mepra\Desktop (08:15:56 - 09/12/2016) ***---------------------------------------------------------*** Microsoft Windows XP Professional X86 Service Pack 3 *WARNING* Windows XP is no longer supported Internet Explorer 8 Default Browser: C:\Programmi\Mozilla Firefox\firefox.exe ***-----------------Anti-Virus - Firewall-------------------*** Avira Antivirus Disabled - up to Date! Windows Firewall is Enabled! Searching for any other Firewall *No other Firewall Installed* ***----------------AntiSpyware - Miscellaneous---------------*** Adobe Flash Player Plugin (version 18.0.0.95) is *out of Date* Java (version 8.101.13) is *out of Date* Adobe Reader XI (version 11.0.0.17) Google Chrome -- An older version than (53) is installed. Malwarebytes Anti-Malware (version 2.2.1.1043) Microsoft Silverlight (version 5.1) Mozilla Firefox (version 48) Google Chrome (version 49.0.2623.112) is *out of Date* ***----------------Analysis Complete-------------------------*** ESET didn't find any threat The computer seems to be less slow than before
  3. I'd like to join the book camp nad be able to understand anti-malware techniques
  4. Good morning everybodies Once again I'm here to ask your help on my pc. The last days it run very slowly and sometimes, it stopped doing things for 2 or 3 seconds. I post the logs herewith PS = I'm not able to run Security Analysis by Rocket Grannie and to post the own log Malwarebytes Anti-Malware www.malwarebytes.org Data scansione: 09/09/2016 Ora scansione: 17.55.26 File di log: MBAM.txt Amministratore: Sì Versione: 2.2.1.1043 Database malware: v2016.09.09.06 Database rootkit: v2016.08.15.01 Licenza: Gratuito Protezione da malware: Disattivata Protezione da siti web nocivi: Disattivata Auto-protezione: Disattivata SO: Windows XP Service Pack 3 CPU: x86 File system: NTFS Utente: Mepra Tipo di scansione: Ricerca elementi nocivi Risultati: Completata Elementi analizzati: 369510 Tempo impiegato: 1 ore, 55 min, 14 sec Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Euristiche: Attivata PUP: Attivata PUM: Attivata Processi: 0 (Nessun elemento nocivo rilevato) Moduli: 0 (Nessun elemento nocivo rilevato) Chiavi di registro: 0 (Nessun elemento nocivo rilevato) Valori di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Cartelle: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settori fisici: 0 (Nessun elemento nocivo rilevato) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016 Ran by Mepra (administrator) on EMANUELE (10-09-2016 10:07:31) Running from C:\Documents and Settings\Mepra\Desktop Loaded Profiles: Mepra & (Available Profiles: Mepra) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programmi\Bonjour\mDNSResponder.exe (Sanford, L.P.) C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe (IBM) C:\Lotus\Notes\nsd.exe (Google Inc.) C:\Programmi\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe (IBM Corp) C:\Lotus\Notes\SUService.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (IBM Corp) C:\Lotus\Notes\ntmulti.exe (Nero AG) C:\Programmi\Nero\Nero BackItUp\NBService.exe (Panasonic) C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe () C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe (Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Panasonic Communications Co., Ltd.) C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe (Wondershare) C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (brother) C:\Programmi\Brownie\BrStsWnd.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avgnt.exe (Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Programmi\File comuni\Java\Java Update\jusched.exe (© 2015 Microsoft Corporation) C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation) C:\Programmi\Messenger\msmsgs.exe (Sun Microsystems, Inc.) C:\Documents and Settings\Mepra\Mercurio\jre\launch4j-tmp\Mercurio.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avshadow.exe (brother) C:\Programmi\Brownie\brpjp04a.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Inc.) C:\Programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe (RealNetworks, Inc.) C:\Programmi\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Google Inc.) C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Programmi\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Programmi\Google\Update\GoogleUpdate.exe (Farbar) C:\Documents and Settings\Mepra\Desktop\FRST(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] => C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [Panasonic Device Monitor Wakeup] => C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe [421888 2008-06-17] (Panasonic Communications Co., Ltd.) HKLM\...\Run: [APSDaemon] => C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [Client Access Service] => C:\Programmi\IBM\Client Access\cwbsvstr.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Help Update] => C:\Programmi\IBM\Client Access\cwbinhlp.exe [24626 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Check Version] => C:\Programmi\IBM\Client Access\cwbckver.exe [49152 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Express Welcome] => C:\Programmi\IBM\Client Access\cwbwlwiz.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [TkBellExe] => C:\Programmi\Real\RealPlayer\update\realsched.exe [295512 2013-08-29] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [brStsWnd] => C:\Programmi\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother) HKLM\...\Run: [Dropbox] => C:\Programmi\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.) HKLM\...\Run: [avgnt] => C:\Programmi\Avira\Antivirus\avgnt.exe [831576 2016-08-29] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Nero BackItUp] => C:\Programmi\Nero\Nero BackItUp\BackItUp.exe [1126904 2015-08-13] (Nero AG) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Programmi\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [sDTray] => C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [sunJavaUpdateSched] => "C:\Programmi\File comuni\Java\Java Update\jusched.exe" Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [bingSvc] => C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [FileHippo.com] => C:\Programmi\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [MSMSGS] => C:\Programmi\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Programmi\File comuni\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [Mercurio Live] => C:\Documents and Settings\Mepra\Mercurio\Mercurio.exe [31744 2013-06-25] (Zucchetti S.p.A.) HKU\S-1-5-21-682003330-1957994488-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bingSvc] => C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FileHippo.com] => C:\Programmi\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Programmi\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Programmi\File comuni\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Mercurio Live] => C:\Documents and Settings\Mepra\Mercurio\Mercurio.exe [31744 2013-06-25] (Zucchetti S.p.A.) HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation) ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk [2016-09-05] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Av.bat [2012-07-25] () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a AS-LOGIN.lnk [2012-09-20] ShortcutTarget: Collegamento a AS-LOGIN.lnk -> C:\AS-LOGIN.bat () BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\Programmi\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{B29C1FD5-8878-4C91-ADC7-6FF324C56C01}: [NameServer] 62.97.32.21,62.97.33.21 Internet Explorer: ================== HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {A89DE1B6-67D4-4653-8192-7F820ED57EF5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A89DE1B6-67D4-4653-8192-7F820ED57EF5} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Supporto di collegamento per Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programmi\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348151756703 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash5/cabs/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\n4mnktlh.default-1457954192062 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_95.dll [2015-04-27] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] () FF Plugin: @dymo.com/DymoLabelFramework -> C:\Programmi\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Programmi\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Programmi\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Programmi\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-29] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Programmi\File comuni\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems) FF Extension: (Bitdefender QuickScan) - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\n4mnktlh.default-1457954192062\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-04-27] FF Extension: (Search and New Tab by Yahoo) - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\n4mnktlh.default-1457954192062\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-08-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-20] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: (RealDownloader) - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-29] [not signed] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF ExtraCheck: C:\Programmi\mozilla firefox\defaults\pref\itms.js [2015-09-09] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12] CHR Extension: (Google Docs) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28] CHR Extension: (Google Drive) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28] CHR Extension: (YouTube) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28] CHR Extension: (Google Search) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28] CHR Extension: (Bing) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-01-28] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-28] CHR Extension: (RealDownloader) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-12-12] CHR Extension: (Yahoo Web) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-01-28] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-12] CHR Extension: (Gmail) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: chrome.exe - Chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-11-30] (Adobe Systems) [File not signed] S2 AntiVirMailService; C:\Programmi\Avira\Antivirus\avmailc.exe [970632 2016-08-29] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Programmi\Avira\Antivirus\sched.exe [470600 2016-08-29] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programmi\Avira\Antivirus\avguard.exe [470600 2016-08-29] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Programmi\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-08-29] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60720 2015-09-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG) R2 Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S3 Cwbrxd; C:\WINDOWS\CWBRXD.EXE [53248 2001-05-08] (IBM Corporation) [File not signed] S2 dbupdate; C:\Programmi\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-28] (Dropbox, Inc.) S3 dbupdatem; C:\Programmi\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-28] (Dropbox, Inc.) R2 DymoPnpService; C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-09-20] (Macrovision Europe Ltd.) [File not signed] S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-12-12] (Google Inc.) S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-12-12] (Google Inc.) R2 IBM Notes Diagnostics; C:\lotus\notes\nsd.exe [5164136 2013-10-15] (IBM) S3 IDriverT; C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S3 iPod Service; C:\Programmi\iPod\bin\iPodService.exe [540944 2015-09-12] (Apple Inc.) R2 LMS; C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation) R2 LNSUSvc; C:\lotus\notes\SUService.exe [1654376 2013-10-15] (IBM Corp) S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [172488 2016-09-07] (Mozilla Foundation) R2 MSSQL$SQLEXPRESS; c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Multi-user Cleanup Service; C:\lotus\notes\ntmulti.exe [38504 2013-10-15] (IBM Corp) R2 NeroBackItUpBackgroundService; C:\Programmi\Nero\Nero BackItUp\NBService.exe [279544 2015-08-13] (Nero AG) S3 odserv; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation) S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) R2 Panasonic Trap Monitor Service; C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SDScannerService; C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SQLBrowser; c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944 2010-12-10] (Microsoft Corporation) R2 SQLWriter; c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation) S3 SwitchBoard; C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UNS; C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation) S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usbxp.sys [24832 2004-04-30] (Advanced Card Systems Ltd) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-11-20] (Avira Operations GmbH & Co. KG) R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2177024 2011-11-21] (Intel Corporation) [File not signed] R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) [File not signed] R3 SNXPCARD; C:\WINDOWS\System32\DRIVERS\snxpcard.sys [59272 2009-12-03] (Manufactor) R3 SNXPSERX; C:\WINDOWS\System32\DRIVERS\snxpserx.sys [60808 2009-12-03] (Manufactor) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 10:07 - 2016-09-10 10:07 - 00032481 _____ C:\Documents and Settings\Mepra\Desktop\FRST.txt 2016-09-10 09:41 - 2016-09-10 09:41 - 01747968 _____ (Farbar) C:\Documents and Settings\Mepra\Desktop\FRST(1).exe 2016-09-09 17:52 - 2016-09-09 17:53 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-09 17:50 - 2016-09-09 17:50 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-09 17:50 - 2016-09-09 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware 2016-09-09 17:50 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-09 17:50 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-09 17:49 - 2016-09-09 17:50 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware 2016-09-07 17:12 - 2016-09-07 17:12 - 00000000 ____D C:\Programmi\Mozilla Firefox 2016-09-05 14:10 - 2016-08-29 08:28 - 00452461 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160905-141006.backup 2016-09-03 03:39 - 2016-09-03 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Dropbox 2016-08-29 08:28 - 2016-08-08 08:17 - 00452413 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160829-082813.backup ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 10:07 - 2015-12-10 16:43 - 00000000 ____D C:\FRST 2016-09-10 10:07 - 2012-09-20 11:37 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Temp 2016-09-10 10:03 - 2015-03-28 10:11 - 00002299 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader XI.lnk 2016-09-10 09:36 - 2015-10-28 19:31 - 00001086 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-09-10 09:30 - 2013-01-17 13:29 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS 2016-09-10 09:13 - 2013-02-01 11:47 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-10 09:01 - 2012-11-30 15:57 - 00002299 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Acrobat 7.0 Professional.lnk 2016-09-10 02:01 - 2012-09-20 18:18 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe 2016-09-10 02:00 - 2012-09-21 10:10 - 00000332 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EMANUELE-Mepra.job 2016-09-09 22:20 - 2012-09-20 11:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni 2016-09-09 22:15 - 2015-12-12 10:43 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-09 19:15 - 2015-12-12 10:43 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-09 18:36 - 2015-10-28 19:31 - 00001082 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-09-09 17:50 - 2012-09-20 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi 2016-09-09 17:49 - 2012-09-20 12:02 - 00000000 ____D C:\Programmi 2016-09-09 17:27 - 2012-09-20 11:37 - 00000000 __RHD C:\Documents and Settings\Mepra\Dati applicazioni 2016-09-09 15:47 - 2008-04-14 13:00 - 00000579 _____ C:\WINDOWS\win.ini 2016-09-09 14:06 - 2012-09-20 11:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Risorse di rete 2016-09-09 11:09 - 2012-09-21 17:19 - 00000420 _____ C:\WINDOWS\BRWMARK.INI 2016-09-09 10:13 - 2015-05-30 10:13 - 00032332 _____ C:\WINDOWS\SchedLgU.Txt 2016-09-09 09:02 - 2012-09-20 11:37 - 00000000 ____D C:\Documents and Settings\Mepra 2016-09-09 08:56 - 2012-09-20 11:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti 2016-09-09 08:54 - 2016-01-04 17:24 - 00203776 _____ C:\Documents and Settings\Mepra\Documenti\Mensa ARISTON 2016.xls 2016-09-08 16:00 - 2015-01-09 15:07 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\FERIE E PERMESSI 2016-09-08 15:41 - 2015-04-11 09:06 - 00000000 ____D C:\Apri 2016-09-08 15:00 - 2014-03-24 09:17 - 00000216 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job 2016-09-07 16:38 - 2012-12-27 10:50 - 00000318 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2016-09-07 00:30 - 2016-06-23 14:47 - 00000608 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2016-09-06 14:47 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Privacy 2016-09-06 13:55 - 2012-11-29 15:17 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2016-09-06 11:48 - 2014-11-20 17:01 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service 2016-09-06 11:17 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Pagamenti 2016-09-05 15:19 - 2012-11-22 16:30 - 00000000 ____D C:\BACKUP 2016-09-05 14:09 - 2012-09-20 12:02 - 01382434 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-05 14:09 - 2008-04-14 13:00 - 00597920 _____ C:\WINDOWS\system32\perfh010.dat 2016-09-05 14:09 - 2008-04-14 13:00 - 00121290 _____ C:\WINDOWS\system32\perfc010.dat 2016-09-05 14:08 - 2015-10-28 19:31 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Dropbox 2016-09-05 14:07 - 2016-03-21 09:10 - 00000270 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2016-09-05 14:07 - 2015-10-28 15:49 - 00000315 _____ C:\WINDOWS\Brownie.ini 2016-09-05 14:07 - 2012-12-13 13:11 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2016-09-05 14:06 - 2013-06-25 09:40 - 00000000 ____D C:\Documents and Settings\Mepra\Mercurio 2016-09-05 14:05 - 2016-06-23 14:47 - 00000636 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2016-09-05 14:05 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2016-09-05 14:04 - 2014-03-24 09:17 - 00000222 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job 2016-09-05 14:04 - 2012-12-27 10:50 - 00000292 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2016-09-05 14:04 - 2012-09-20 11:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-03 12:20 - 2012-10-10 09:43 - 00668614 ____C C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat 2016-09-03 12:20 - 2012-09-20 11:37 - 00000194 ___SH C:\Documents and Settings\Mepra\ntuser.ini 2016-09-03 10:26 - 2012-09-20 17:43 - 00056832 _____ C:\Documents and Settings\Mepra\Documenti\Prospetto malattie e maternità.xls 2016-09-03 03:39 - 2015-10-28 19:31 - 00000000 ____D C:\Programmi\Dropbox 2016-09-02 17:33 - 2012-09-20 17:38 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\COLF 2016-09-02 14:18 - 2012-09-20 17:40 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\eBook personali 2016-09-02 10:54 - 2012-09-20 17:43 - 00129536 ____C C:\Documents and Settings\Mepra\Documenti\Forza Lavoro Aziendale.xls 2016-09-01 16:34 - 2013-09-04 14:15 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Lavoro interinale 2016-09-01 08:25 - 2016-06-23 14:47 - 00000438 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2016-08-31 17:02 - 2012-09-21 11:41 - 00000387 _____ C:\WINDOWS\barcode.INI 2016-08-31 16:19 - 2012-09-21 11:31 - 00013030 _____ C:\PDOXUSRS.NET 2016-08-31 09:32 - 2014-10-06 11:07 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Tirocinio 2016-08-30 11:33 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Part-Time 2016-08-30 10:43 - 2012-09-20 18:34 - 00000000 ____D C:\Documents and Settings\Mepra\zucchetti_prof 2016-08-29 22:41 - 2012-09-20 17:40 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti\Dropbox 2016-08-29 20:34 - 2016-05-11 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira 2016-08-29 20:32 - 2015-06-11 12:42 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys 2016-08-29 09:00 - 2012-09-20 16:40 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help 2016-08-11 12:31 - 2012-09-20 11:34 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni 2016-08-11 08:56 - 2013-09-18 15:30 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\vlc ==================== Files in the root of some directories ======= 2014-11-27 17:16 - 2012-09-20 17:52 - 0008039 _____ () C:\Programmi\Cmdgong.prm 2014-10-01 11:31 - 2014-10-01 12:21 - 0055571 __RSH () C:\Programmi\DLS8Uninstall.log 2012-12-13 11:41 - 2015-03-03 17:52 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe BMP Format CS5 Prefs 2013-05-20 15:19 - 2013-05-20 15:19 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe GIF Format CS5 Prefs 2013-06-18 10:23 - 2016-07-22 10:05 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe PNG Format CS5 Prefs 2015-06-26 14:18 - 2015-09-22 10:04 - 0000022 _____ () C:\Documents and Settings\Mepra\Dati applicazioni\APRI 2014-07-11 11:46 - 2014-07-29 11:33 - 0000132 _____ () C:\Documents and Settings\Mepra\Dati applicazioni\Preferenze filtro Adobe Esporta tracciati CS5 2014-11-26 11:20 - 2014-11-26 13:18 - 0001456 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe Salva per Web e dispositivi 12.0 Prefs 2015-12-21 18:35 - 2015-12-21 18:35 - 0000664 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\d3d9caps.tmp 2013-11-19 11:31 - 2013-12-27 17:02 - 0005952 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\dat6_.xml 2012-09-21 10:29 - 2013-02-01 18:30 - 0011264 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-31 10:21 - 2013-07-31 10:21 - 0000332 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\poetsch.bat 2013-08-07 14:51 - 2013-08-07 14:51 - 0000782 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\recently-used.xbel 2014-03-29 13:19 - 2014-03-29 13:19 - 0000041 __SHC () C:\Documents and Settings\All Users\Dati applicazioni\.zreglib 2016-03-16 15:37 - 2016-03-16 15:37 - 0094485 _____ () C:\Documents and Settings\All Users\Dati applicazioni\1458135414.bdinstall.bin 2015-05-30 10:08 - 2015-05-30 10:08 - 0004128 _____ () C:\Documents and Settings\All Users\Dati applicazioni\bqeojehc.wbx 2012-10-06 10:53 - 2012-10-06 10:53 - 0000103 ____C () C:\Documents and Settings\All Users\Dati applicazioni\Microsoft.SqlServer.Compact.351.32.bc 2013-11-19 11:31 - 2013-12-27 17:02 - 0005952 ____C () C:\Documents and Settings\All Users\Dati applicazioni\productcode.xml 2012-11-24 12:44 - 2012-11-24 12:44 - 0001747 ____C () C:\Documents and Settings\All Users\Dati applicazioni\QTSBandwidthCache Some files in TEMP: ==================== C:\Documents and Settings\Mepra\Impostazioni locali\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016 Ran by Mepra (10-09-2016 10:08:25) Running from C:\Documents and Settings\Mepra\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2012-09-20 09:30:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-682003330-1957994488-839522115-500 - Administrator - Enabled) ASPNET (S-1-5-21-682003330-1957994488-839522115-1007 - Limited - Enabled) Guest (S-1-5-21-682003330-1957994488-839522115-501 - Limited - Disabled) HelpAssistant (S-1-5-21-682003330-1957994488-839522115-1000 - Limited - Disabled) Mepra (S-1-5-21-682003330-1957994488-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mepra SUPPORT_388945a0 (S-1-5-21-682003330-1957994488-839522115-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional) (Version: 7.1.0 - Adobe Systems) Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.95 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.95 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version: - Microsoft Corporation) Aggiornamento della protezione per Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2808735) (HKLM\...\KB2808735) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden Bit4Id - miniLector (HKLM\...\Bit4Id - miniLector) (Version: 3.1 - Bit4id) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother HL-5340D (HKLM\...\{9DA6C426-887D-4D01-A9F9-6CF0CC60F6E6}) (Version: 1.00 - Brother) CIGO dt (HKLM\...\{FD257CD8-B183-4DC1-B5DB-C35FD01F7316}) (Version: 1.0.121 - INPS) CompanionLink (HKLM\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.) Core FTP LE (HKLM\...\CoreFTP) (Version: - ) CUD 2014 (HKLM\...\CUD 2014) (Version: - ) Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.) Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated) Fast File Renamer 2.0 (HKLM\...\FastFileRenamer2) (Version: - ) FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - ) GPRES2 (HKLM\...\{A7C4E3B8-F27D-44A9-97AD-D827F84011BE}) (Version: 9.20.0 - Zucchetti) IBM AS/400 Client Access Express per Windows (HKLM\...\ClientAccessExpress) (Version: - ) IBM AS/400 Client Access Express per Windows SI11806 (HKLM\...\ClientAccessExpressSP) (Version: - ) IBM Notes 9.0.1 (Basic) it (HKLM\...\{5A7EAC73-5284-402C-BD4F-D12FC5DC605B}) (Version: 9.01.13312 - IBM) INPS uniEMens individuale (HKLM\...\{9D7D5D62-13CA-4CB8-AC18-5C81272F969A}) (Version: 3.6.1 - INPS) IRISPallOptimizer 3 (HKLM\...\{9D7E79FA-1D90-460C-8BE2-CE4A356AFB08}) (Version: 3.0.0.0 - IRIS) iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.) Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) LibreOffice 5.0 Help Pack (Italian) (HKLM\...\{80F3E10B-405F-4056-83D3-1DC9FD61DD51}) (Version: 5.0.0.5 - The Document Foundation) LibreOffice 5.0.0.5 (HKLM\...\{48806D1D-C8D3-4235-8893-D5A03BAFC307}) (Version: 5.0.0.5 - The Document Foundation) Live Upgrade (HKLM\...\Live Upgrade) (Version: - ) Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ITA (HKLM\...\{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Modello 730 2014 (HKLM\...\Modello 730 2014) (Version: - ) Modello 770 Semplificato 2014 (HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Modello 770 Semplificato 2014) (Version: - Agenzia delle Entrate) Modello 770 Semplificato 2014 (HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Modello 770 Semplificato 2014) (Version: - Agenzia delle Entrate) Modello 770 Semplificato 2015 (HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Modello 770 Semplificato 2015) (Version: - Agenzia delle Entrate) Modello 770 Semplificato 2015 (HKU\S-1-5-21-682003330-1957994488-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Modello 770 Semplificato 2015) (Version: - Agenzia delle Entrate) Mozilla Firefox 49.0 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0 (x86 en-US)) (Version: 49.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.0.6092 - Mozilla) Nero BackItUp (HKLM\...\{40F2F005-FA4C-4BEA-83A6-BFD969467594}) (Version: 15.63.1.92 - Nero AG) NinjaTrader 7 (HKLM\...\{79D6E936-FD0C-4213-9A2B-3955CE618101}) (Version: 7.0.1031 - NinjaTrader) Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: - ) QuarkXPress (HKLM\...\{CE949716-2A5A-40F2-BA31-54CE71B37FE5}) (Version: 9.1.0.0 - Quark Inc.) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Supporto applicazioni Apple (32 bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Programmi\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>
  5. Hi nasdaq God bless you for your precious help Have a nice day Merry Christmas and Happy New Year
  6. Hi nasdaq I've done all you suggested me, but, whatever program I use (mail, graphic, writing...), files are still unsorted. Herewith attached i post the content of the fixlog.txt file and wait for your reply Emanuele67 Fix result of Farbar Recovery Scan Tool (x86) Version:09-12-2015 Ran by Mepra (2015-12-12 08:52:09) Run:1 Running from C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS Loaded Profiles: Mepra (Available Profiles: Mepra) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION Handler: WSWSVCUchrome - No CLSID Value - FF Extension: No Name - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\profiles\extensions\extensions [2015-06-23] [not signed] CHR HKLM\...\Chrome\Extension: [bollbfeakabenkobaocgakdibphdnanj] - <no Path\update_url> S2 uzsvc; C:\Programmi\UltraZip\uzsvc.exe [526528 2015-12-10] () S2 uzupd; C:\Programmi\UltraZip\uzupd.exe [72384 2015-12-10] () AlternateDataStreams: C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5C321E34 C:\Programmi\UltraZip End ***************** Restore point was successfully created. Processes closed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully. "HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully. C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\profiles\extensions\extensions => moved successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\bollbfeakabenkobaocgakdibphdnanj" => key removed successfully. uzsvc => service removed successfully. uzupd => service removed successfully. C:\Documents and Settings\All Users\Dati applicazioni\TEMP => ":5C321E34" ADS removed successfully.. C:\Programmi\UltraZip => moved successfully EmptyTemp: => 1.6 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 08:57:32 ====
  7. Hi nasdaq Thank you very much for your help Effectively, when I open the Document Library or any other folder, i see the files sorted by name (or date, if I choice that), but when I use one of my programs, the files seem to be unsorted. Herewith attached I post the log files and attache the FRST file Looking to hear from you soon, i thank you again for the reply # AdwCleaner v5.024 - Creato file registro eventi 10/12/2015 in 15:36:30 # Aggiornato 07/12/2015 da Xplode # Database : 2015-12-07.3 [server] # Sistema operativo : Microsoft Windows XP Service Pack 3 (x86) # Nome utente : Mepra - EMANUELE # In esecuzione da : C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS\adwcleaner_5.024.exe # Opzione : Pulizia # Supporto : http://toolslib.net/forum ***** [ Servizi ] ***** ***** [ Cartelle ] ***** [x] Cartella Non Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\AVG Security Toolbar [-] Cartella Eliminato : C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn ***** [ File ] ***** [-] File Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat [-] File Eliminato : C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage [-] File Eliminato : C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Collegamenti ] ***** ***** [ Attività pianificate ] ***** ***** [ Registry ] ***** [-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools [-] Valore Eliminata : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage] [-] Chiave Eliminata : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro [-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} [-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}] [-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] [-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] [-] Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}] [-] Chiave Eliminata : HKLM\SOFTWARE\Description [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC [-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 [-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 [-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 ***** [ Browser web ] ***** ************************* :: Chiavi "Tracing" eliminatas :: Impostazioni Winsock azzerate ************************* C:\AdwCleaner[R1].txt - [27349 byte] - [07/08/2013 11:20:51] C:\AdwCleaner[s1].txt - [27770 byte] - [07/08/2013 11:21:17] ########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [4533 byte] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-12-2015 Ran by Mepra (administrator) on EMANUELE (10-12-2015 15:43:33) Running from C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS Loaded Profiles: Mepra (Available Profiles: Mepra) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Italiano (Italia) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programmi\Bonjour\mDNSResponder.exe (Sanford, L.P.) C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe (IBM) C:\Lotus\Notes\nsd.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe (IBM Corp) C:\Lotus\Notes\SUService.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (IBM Corp) C:\Lotus\Notes\ntmulti.exe (Panasonic) C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe () C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Programmi\UltraZip\uzsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Panasonic Communications Co., Ltd.) C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe (RealNetworks, Inc.) C:\Programmi\Real\RealPlayer\Update\realsched.exe (Wondershare) C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (brother) C:\Programmi\Brownie\BrStsWnd.exe (Dropbox, Inc.) C:\Programmi\Dropbox\Client\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avgnt.exe (© 2015 Microsoft Corporation) C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe () C:\Programmi\FileHippo.com\FileHippo.AppManager.exe (Microsoft Corporation) C:\Programmi\Messenger\msmsgs.exe (Sun Microsystems, Inc.) C:\Documents and Settings\Mepra\Mercurio\jre\launch4j-tmp\Mercurio.exe (Adobe Systems Incorporated) C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Sun Microsystems, Inc.) C:\Programmi\Mercurio\jre\bin\javaw.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avshadow.exe (brother) C:\Programmi\Brownie\brpjp04a.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] => C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [Panasonic Device Monitor Wakeup] => C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe [421888 2008-06-17] (Panasonic Communications Co., Ltd.) HKLM\...\Run: [APSDaemon] => C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [Client Access Service] => C:\Programmi\IBM\Client Access\cwbsvstr.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Help Update] => C:\Programmi\IBM\Client Access\cwbinhlp.exe [24626 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Check Version] => C:\Programmi\IBM\Client Access\cwbckver.exe [49152 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Express Welcome] => C:\Programmi\IBM\Client Access\cwbwlwiz.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [TkBellExe] => C:\Programmi\Real\RealPlayer\update\realsched.exe [295512 2013-08-29] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [brStsWnd] => C:\Programmi\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother) HKLM\...\Run: [Dropbox] => C:\Programmi\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.) HKLM\...\Run: [avgnt] => C:\Programmi\Avira\Antivirus\avgnt.exe [803200 2015-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [bingSvc] => C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [FileHippo.com] => C:\Programmi\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [MSMSGS] => C:\Programmi\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [GoogleChromeAutoLaunch_E3E3926E562F2461F4035F057142309C] => C:\Programmi\Google\Chrome\Application\chrome.exe [742216 2015-12-01] (Google Inc.) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [Mercurio Live] => C:\Documents and Settings\Mepra\Mercurio\Mercurio.exe [31744 2013-06-25] (Zucchetti S.p.A.) HKU\S-1-5-21-682003330-1957994488-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation) ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Programmi\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk [2015-12-10] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Av.bat [2012-07-25] () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a AS-LOGIN.lnk [2012-09-20] ShortcutTarget: Collegamento a AS-LOGIN.lnk -> C:\AS-LOGIN.bat () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Mercurio.lnk [2013-06-25] ShortcutTarget: Mercurio.lnk -> C:\Programmi\Mercurio\Mercurio.exe (Zucchetti S.p.A.) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 04 C:\Programmi\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\..\Interfaces\{B29C1FD5-8878-4C91-ADC7-6FF324C56C01}: [NameServer] 62.97.32.21,62.97.33.21 Internet Explorer: ================== HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/ HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: Supporto di collegamento per Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.8.0_45\bin\ssv.dll [2015-06-12] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programmi\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-12] (Oracle Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348151756703 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash5/cabs/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: WSWSVCUchrome - No CLSID Value - StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\hbg4xkjp.default-1446289387593 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_95.dll [2015-04-27] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] () FF Plugin: @dymo.com/DymoLabelFramework -> C:\Programmi\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Programmi\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Programmi\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-12] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Programmi\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-29] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Programmi\File comuni\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems) FF Extension: No Name - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\profiles\extensions\extensions [2015-06-23] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-20] [not signed] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-29] [not signed] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF ExtraCheck: C:\Programmi\mozilla firefox\defaults\pref\itms.js [2015-09-09] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29] CHR Extension: (YouTube) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07] CHR Extension: (Google Search) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Dropbox for Gmail) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-10-29] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (RealDownloader) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-06] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01] CHR Extension: (Gmail) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07] CHR HKLM\...\Chrome\Extension: [bollbfeakabenkobaocgakdibphdnanj] - <no Path\update_url> CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: chrome.exe - Chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-11-30] (Adobe Systems) [File not signed] S2 AntiVirMailService; C:\Programmi\Avira\Antivirus\avmailc.exe [930944 2015-11-20] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Programmi\Avira\Antivirus\sched.exe [466408 2015-11-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programmi\Avira\Antivirus\avguard.exe [466408 2015-11-20] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Programmi\Avira\Antivirus\AVWEBGRD.EXE [1222952 2015-11-20] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60720 2015-09-02] (Apple Inc.) R2 Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S3 Cwbrxd; C:\WINDOWS\CWBRXD.EXE [53248 2001-05-08] (IBM Corporation) [File not signed] S2 dbupdate; C:\Programmi\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-28] (Dropbox, Inc.) S3 dbupdatem; C:\Programmi\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-28] (Dropbox, Inc.) R2 DymoPnpService; C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-09-20] (Macrovision Europe Ltd.) [File not signed] S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) R2 IBM Notes Diagnostics; C:\lotus\notes\nsd.exe [5164136 2013-10-15] (IBM) S3 IDriverT; C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 iPod Service; C:\Programmi\iPod\bin\iPodService.exe [540944 2015-09-12] (Apple Inc.) R2 LMS; C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation) R2 LNSUSvc; C:\lotus\notes\SUService.exe [1654376 2013-10-15] (IBM Corp) S2 MBAMService; C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [147624 2015-12-07] (Mozilla Foundation) R2 MSSQL$SQLEXPRESS; c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Multi-user Cleanup Service; C:\lotus\notes\ntmulti.exe [38504 2013-10-15] (IBM Corp) S3 odserv; C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation) S3 ose; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) R2 Panasonic Trap Monitor Service; C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SQLBrowser; c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944 2010-12-10] (Microsoft Corporation) R2 SQLWriter; c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation) S3 SwitchBoard; C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UNS; C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation) S2 uzsvc; C:\Programmi\UltraZip\uzsvc.exe [526528 2015-12-10] () S2 uzupd; C:\Programmi\UltraZip\uzupd.exe [72384 2015-12-10] () S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usbxp.sys [24832 2004-04-30] (Advanced Card Systems Ltd) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [106968 2015-11-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136272 2015-11-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-11-20] (Avira Operations GmbH & Co. KG) R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2177024 2011-11-21] (Intel Corporation) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) [File not signed] R3 SNXPCARD; C:\WINDOWS\System32\DRIVERS\snxpcard.sys [59272 2009-12-03] (Manufactor) R3 SNXPSERX; C:\WINDOWS\System32\DRIVERS\snxpserx.sys [60808 2009-12-03] (Manufactor) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-11-20] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-10 15:43 - 2015-12-10 15:43 - 00000000 ____D C:\FRST 2015-12-10 15:37 - 2015-12-10 15:37 - 00284832 _____ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat 2015-12-09 18:25 - 2015-12-09 18:25 - 00001657 _____ C:\Documents and Settings\Mepra\Desktop\Free Antivirus Profile Scan local drives.LNK 2015-12-09 18:25 - 2015-12-09 18:25 - 00001655 _____ C:\Documents and Settings\Mepra\Desktop\Free Antivirus Profile Local Hard Disks.LNK 2015-12-07 17:28 - 2015-12-07 17:28 - 00015874 _____ C:\Documents and Settings\Mepra\Desktop\dds.txt 2015-12-07 17:28 - 2015-12-07 17:28 - 00014407 _____ C:\Documents and Settings\Mepra\Desktop\attach.txt 2015-12-07 17:26 - 2015-12-07 17:27 - 00004540 _____ C:\Documents and Settings\Mepra\Desktop\Rkill.txt 2015-12-07 17:26 - 2015-12-07 17:26 - 00001191 _____ C:\Documents and Settings\Mepra\Desktop\MBAM.txt 2015-12-07 16:20 - 2015-12-07 16:20 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-07 16:19 - 2015-12-07 16:19 - 00000749 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-07 16:19 - 2015-12-07 16:19 - 00000000 ____D C:\Programmi\Malwarebytes Anti-Malware 2015-12-07 16:19 - 2015-12-07 16:19 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware 2015-12-07 16:19 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-07 16:19 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-07 09:46 - 2015-12-07 09:47 - 00000000 ____D C:\Programmi\Mozilla Firefox 2015-12-04 09:35 - 2015-12-04 09:35 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Avira 2015-12-04 09:34 - 2015-12-04 09:34 - 00001629 _____ C:\Documents and Settings\All Users\Desktop\Avira Antivirus.lnk 2015-12-04 09:34 - 2015-12-04 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira 2015-12-04 09:33 - 2015-11-20 15:35 - 00136272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-12-04 09:33 - 2015-11-20 15:35 - 00106968 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-12-04 09:33 - 2015-11-20 15:35 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-12-01 08:55 - 2015-12-01 08:55 - 00566517 _____ C:\Documents and Settings\Mepra\Desktop\saody(2).pdf 2015-11-30 08:54 - 2015-11-30 08:54 - 00011460 _____ C:\Documents and Settings\Mepra\Documenti\Ordine a Wing Three Aces.odt 2015-11-26 09:25 - 2015-11-26 09:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2015-11-25 11:02 - 2015-11-25 11:02 - 00069350 _____ C:\Documents and Settings\Mepra\Desktop\Estratto.pdf 2015-11-25 10:16 - 2015-11-25 10:17 - 00013179 _____ C:\Documents and Settings\Mepra\Documenti\Richiesta di anticipazione POSTEVITA.odt 2015-11-25 09:03 - 2015-11-25 09:03 - 00090842 _____ C:\Documents and Settings\Mepra\Desktop\Fattura nr VEBAR 15-2015 del 31-10-2015-1.pdf 2015-11-24 16:03 - 2015-11-24 16:03 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts 11 2015.txt 2015-11-24 14:21 - 2015-11-24 14:21 - 00000814 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe InDesign CS5.lnk 2015-11-24 14:18 - 2015-11-24 14:18 - 00000904 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Media Encoder CS5.lnk 2015-11-24 09:04 - 2015-11-24 09:04 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Sonic Solutions 2015-11-24 08:43 - 2015-12-04 18:36 - 00000000 ____D C:\Borgo Creativo 2015-11-24 08:41 - 2015-11-24 12:38 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\Adobe InDesign CS5 2015-11-20 09:04 - 2015-11-20 09:05 - 00000245 _____ C:\Documents and Settings\Mepra\Desktop\HRPortal.url 2015-11-19 12:08 - 2015-11-19 12:14 - 449262427 _____ C:\APRI_PRE_CNV.zip 2015-11-19 08:23 - 2015-11-19 08:23 - 00000000 ____D C:\Programmi\File comuni\DESIGNER 2015-11-19 03:05 - 2015-11-19 03:05 - 00000000 ____D C:\Documents and Settings\Default User\Impostazioni locali\Dati applicazioni\Microsoft Help 2015-11-18 09:30 - 2015-11-18 18:03 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2015-11-18 09:30 - 2015-11-18 09:30 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Office 2015-11-18 09:27 - 2015-11-19 08:24 - 00000000 ____D C:\Programmi\Microsoft Office 2015-11-18 09:27 - 2015-11-18 09:27 - 00000000 __RHD C:\MSOCache 2015-11-18 09:04 - 2015-11-18 09:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-11-17 18:44 - 2015-11-17 18:44 - 00000000 ____D C:\Programmi\MSECache 2015-11-17 08:42 - 2015-12-10 15:42 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\UltraZipTemp 2015-11-17 08:41 - 2015-11-24 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\UltraZip 2015-11-16 18:14 - 2015-11-16 18:16 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Opera Software 2015-11-16 18:14 - 2015-11-16 18:16 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Opera Software 2015-11-16 18:11 - 2015-11-18 09:06 - 348111776 _____ (Microsoft Corporation) C:\Documents and Settings\Mepra\Downloads\microsoft-powerpoint-2010 [1].exe 2015-11-16 18:10 - 2015-11-16 18:10 - 00000218 _____ C:\WINDOWS\Tasks\Opera N Sunday.job 2015-11-16 18:10 - 2015-11-16 18:10 - 00000218 _____ C:\WINDOWS\Tasks\Opera N Saturday.job 2015-11-16 18:10 - 2015-11-16 18:10 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Shortcut 2015-11-16 18:08 - 2015-11-16 18:16 - 00000000 ____D C:\Programmi\Opera 2015-11-16 18:07 - 2015-12-10 15:44 - 00000000 ____D C:\Programmi\UltraZip 2015-11-13 15:31 - 2015-11-13 17:06 - 00025088 _____ C:\Documents and Settings\Mepra\Documenti\Calendario 2016.xls 2015-11-12 17:38 - 2015-11-12 17:38 - 00000000 ____D C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\AVG 2015-11-12 17:27 - 2015-11-12 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVG Security Toolbar 2015-11-12 17:14 - 2015-12-04 09:38 - 00000000 ____D C:\Programmi\AVG 2015-11-12 17:10 - 2015-12-04 09:29 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\AvgSetupLog 2015-11-12 17:10 - 2015-11-12 17:10 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Avg2015 2015-11-10 01:39 - 2015-11-10 01:39 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-10 15:45 - 2013-01-17 12:29 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS 2015-12-10 15:44 - 2012-09-20 10:37 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Temp 2015-12-10 15:43 - 2012-09-20 10:56 - 00000000 ____D C:\WINDOWS 2015-12-10 15:42 - 2012-12-13 12:11 - 00000270 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-12-10 15:41 - 2015-10-28 18:31 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Dropbox 2015-12-10 15:41 - 2015-10-28 14:49 - 00000315 _____ C:\WINDOWS\Brownie.ini 2015-12-10 15:41 - 2012-12-13 12:11 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-12-10 15:41 - 2012-09-20 16:40 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti\Dropbox 2015-12-10 15:41 - 2008-04-14 12:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-12-10 15:40 - 2013-06-25 08:40 - 00000000 ____D C:\Documents and Settings\Mepra\Mercurio 2015-12-10 15:40 - 2012-09-20 10:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni 2015-12-10 15:39 - 2015-10-28 18:31 - 00001082 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-10 15:39 - 2014-03-24 08:17 - 00000222 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job 2015-12-10 15:39 - 2013-11-06 11:47 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-10 15:39 - 2012-12-27 09:50 - 00000292 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-12-10 15:38 - 2012-09-20 10:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-10 15:37 - 2015-05-30 09:13 - 00032478 _____ C:\WINDOWS\SchedLgU.Txt 2015-12-10 15:37 - 2012-09-20 10:37 - 00000194 ___SH C:\Documents and Settings\Mepra\ntuser.ini 2015-12-10 15:37 - 2012-09-20 10:37 - 00000000 ____D C:\Documents and Settings\Mepra 2015-12-10 15:37 - 2012-09-20 10:34 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni 2015-12-10 15:36 - 2015-10-28 18:31 - 00001086 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-10 15:36 - 2014-09-26 16:52 - 00000000 ____D C:\AdwCleaner 2015-12-10 15:36 - 2012-09-20 11:02 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni 2015-12-10 15:36 - 2012-09-20 10:26 - 00000000 ____D C:\WINDOWS\Registration 2015-12-10 15:32 - 2015-04-11 08:06 - 00000000 ____D C:\Apri 2015-12-10 15:32 - 2012-09-20 10:37 - 00000000 __RHD C:\Documents and Settings\Mepra\Dati applicazioni 2015-12-10 15:27 - 2008-04-14 12:00 - 00000579 _____ C:\WINDOWS\win.ini 2015-12-10 15:16 - 2013-11-06 11:47 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-10 15:13 - 2013-02-01 10:47 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-10 13:26 - 2012-11-30 14:57 - 00002299 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Acrobat 7.0 Professional.lnk 2015-12-10 12:24 - 2015-01-07 11:15 - 00211968 _____ C:\Documents and Settings\Mepra\Documenti\Mensa ARISTON 2015.xls 2015-12-10 12:24 - 2012-09-20 10:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti 2015-12-10 12:05 - 2012-09-20 17:34 - 00000000 ____D C:\Documents and Settings\Mepra\zucchetti_prof 2015-12-10 08:57 - 2015-03-04 18:05 - 00002321 _____ C:\Documents and Settings\All Users\Desktop\NinjaTrader 7.lnk 2015-12-10 02:00 - 2012-09-21 09:10 - 00000332 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EMANUELE-Mepra.job 2015-12-10 02:00 - 2012-09-20 17:18 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe 2015-12-09 21:28 - 2013-01-02 18:44 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2015-12-09 16:12 - 2015-01-09 14:07 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\FERIE E PERMESSI 2015-12-09 09:45 - 2012-09-20 10:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Risorse di rete 2015-12-09 03:08 - 2012-09-20 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help 2015-12-09 03:05 - 2013-08-28 16:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-09 03:00 - 2012-09-20 14:06 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-08 15:00 - 2014-03-24 08:17 - 00000216 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job 2015-12-08 13:55 - 2012-11-29 14:17 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-12-07 16:19 - 2012-09-20 11:02 - 00000000 ____D C:\Programmi 2015-12-07 16:19 - 2012-09-20 11:02 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi 2015-12-07 16:05 - 2012-11-22 15:30 - 00000000 ____D C:\BACKUP 2015-12-07 09:47 - 2014-11-20 16:01 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service 2015-12-07 09:01 - 2012-12-27 09:50 - 00000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-12-05 10:14 - 2012-09-20 16:43 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Visite mediche 2015-12-04 14:30 - 2012-09-20 17:14 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Adobe 2015-12-04 11:09 - 2012-09-20 16:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Pagamenti 2015-12-04 09:38 - 2014-07-15 10:20 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\AVG 2015-12-04 09:38 - 2014-04-28 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVG 2015-12-04 09:38 - 2013-08-01 07:31 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\MFAData 2015-12-04 09:33 - 2015-06-15 09:45 - 00000000 ____D C:\Programmi\Avira 2015-12-04 09:33 - 2012-12-28 18:02 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Avira 2015-12-04 09:32 - 2012-09-20 11:02 - 00000000 ____D C:\Programmi\File comuni 2015-12-04 09:29 - 2012-09-20 10:56 - 00000000 ___HD C:\WINDOWS\inf 2015-12-03 17:45 - 2012-09-21 16:19 - 00000420 _____ C:\WINDOWS\BRWMARK.INI 2015-12-03 16:07 - 2012-09-20 16:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Privacy 2015-12-03 12:52 - 2012-09-20 16:43 - 00056320 _____ C:\Documents and Settings\Mepra\Documenti\Prospetto malattie e maternità.xls 2015-12-02 18:14 - 2012-09-20 16:40 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\FONDAPI 2015-12-02 16:38 - 2012-12-27 09:50 - 00000318 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-12-02 15:44 - 2013-07-25 09:12 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Angelo Meanti 2015-12-02 12:40 - 2013-09-18 14:30 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\vlc 2015-12-02 02:13 - 2013-11-06 11:48 - 00001781 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Chrome.lnk 2015-11-30 08:14 - 2015-05-04 07:25 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\I miei download FileHippo 2015-11-25 16:46 - 2012-09-26 07:49 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\DeepBurner 2015-11-25 10:11 - 2012-09-20 16:40 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Etichette di indirizzi 2015-11-24 16:46 - 2012-09-20 11:01 - 04123976 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-24 15:00 - 2012-09-20 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe 2015-11-24 15:00 - 2012-09-20 15:38 - 00132984 ____C C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2015-11-24 14:17 - 2012-09-20 17:09 - 00000000 ____D C:\Programmi\Adobe 2015-11-24 14:16 - 2012-09-20 17:08 - 00000000 ____D C:\Programmi\File comuni\Adobe 2015-11-24 10:04 - 2015-05-20 10:33 - 00002409 _____ C:\Documents and Settings\All Users\Desktop\INPS uniEMens Integrato.lnk 2015-11-24 09:20 - 2012-11-09 14:50 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\CoreFTP 2015-11-24 08:09 - 2012-09-20 14:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975560$ 2015-11-23 15:14 - 2013-09-04 13:15 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Lavoro interinale 2015-11-20 15:36 - 2015-06-11 11:42 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys 2015-11-20 09:04 - 2012-09-20 10:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Preferiti 2015-11-19 17:56 - 2015-10-26 10:49 - 00000000 ____D C:\Foto Mepra 2015-11-19 10:31 - 2012-09-21 10:31 - 00013030 _____ C:\PDOXUSRS.NET 2015-11-19 08:35 - 2014-04-15 07:25 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Curriculum online 2015-11-19 03:05 - 2012-09-20 11:02 - 00000000 ____D C:\Programmi\File comuni\Microsoft Shared 2015-11-18 09:27 - 2013-05-04 08:38 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-18 09:25 - 2014-11-20 16:01 - 00000702 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk 2015-11-18 09:25 - 2014-11-20 16:01 - 00000696 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2015-11-18 09:25 - 2012-09-20 10:38 - 00000783 _____ C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Internet Explorer.lnk 2015-11-18 08:46 - 2014-12-16 17:40 - 00000000 ____D C:\Programmi\7-Zip 2015-11-18 08:45 - 2013-01-29 16:59 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt 2015-11-17 09:36 - 2014-02-25 11:56 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\Collegamenti desktop inutilizzati 2015-11-17 08:48 - 2014-07-15 10:22 - 00000000 ____D C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\AVG 2015-11-17 08:40 - 2012-09-20 14:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$ 2015-11-16 17:06 - 2012-09-20 16:43 - 00116736 ____C C:\Documents and Settings\Mepra\Documenti\Forza Lavoro Aziendale.xls 2015-11-14 11:50 - 2012-11-15 18:23 - 00000000 ____D C:\EasyUpld 2015-11-14 10:41 - 2012-09-20 16:43 - 00007168 ____C C:\Documents and Settings\Mepra\Documenti\Elenco iscritti FIOM.xls 2015-11-14 09:49 - 2012-09-21 10:41 - 00000387 _____ C:\WINDOWS\barcode.INI 2015-11-13 17:34 - 2014-06-18 09:47 - 00020480 _____ C:\Documents and Settings\Mepra\Desktop\Comandati.xls 2015-11-13 16:37 - 2012-09-20 10:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Menu Avvio 2015-11-13 08:49 - 2015-02-09 08:30 - 00000638 _____ C:\Documents and Settings\Mepra\Desktop\Core FTP LE.lnk 2015-11-13 08:49 - 2012-11-09 14:50 - 00000000 ____D C:\Programmi\CoreFTP 2015-11-13 08:39 - 2014-08-27 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Package Cache 2015-11-13 08:29 - 2013-08-06 08:11 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\QuickScan 2015-11-13 08:28 - 2015-03-26 10:51 - 00000000 ____D C:\Documents and Settings\Mepra\.thumbnails 2015-11-13 08:28 - 2013-09-16 07:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java 2015-11-12 19:03 - 2012-09-20 16:37 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\ANTIVIRUS 2015-11-12 17:38 - 2012-09-20 10:30 - 00000000 ___HD C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni 2015-11-12 17:19 - 2014-04-28 07:33 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\AVG 2015-11-11 11:46 - 2012-09-20 10:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti\Immagini 2015-11-10 01:39 - 2015-10-28 18:31 - 00000000 ____D C:\Programmi\Dropbox ==================== Files in the root of some directories ======= 2014-11-27 16:16 - 2012-09-20 16:52 - 0008039 _____ () C:\Programmi\Cmdgong.prm 2014-10-01 10:31 - 2014-10-01 11:21 - 0055571 __RSH () C:\Programmi\DLS8Uninstall.log 2012-12-13 10:41 - 2015-03-03 16:52 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe BMP Format CS5 Prefs 2013-05-20 14:19 - 2013-05-20 14:19 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe GIF Format CS5 Prefs 2013-06-18 09:23 - 2013-06-18 09:23 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe PNG Format CS5 Prefs 2015-06-26 13:18 - 2015-09-22 09:04 - 0000022 _____ () C:\Documents and Settings\Mepra\Dati applicazioni\APRI 2014-07-11 10:46 - 2014-07-29 10:33 - 0000132 _____ () C:\Documents and Settings\Mepra\Dati applicazioni\Preferenze filtro Adobe Esporta tracciati CS5 2014-11-26 10:20 - 2014-11-26 12:18 - 0001456 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe Salva per Web e dispositivi 12.0 Prefs 2013-11-19 10:31 - 2013-12-27 16:02 - 0005952 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\dat6_.xml 2012-09-21 09:29 - 2013-02-01 17:30 - 0011264 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-31 09:21 - 2013-07-31 09:21 - 0000332 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\poetsch.bat 2013-08-07 13:51 - 2013-08-07 13:51 - 0000782 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\recently-used.xbel Some files in TEMP: ==================== C:\Documents and Settings\Mepra\Impostazioni locali\Temp\avgnt.exe C:\Documents and Settings\Mepra\Impostazioni locali\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpejkilz.dll C:\Documents and Settings\Mepra\Impostazioni locali\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition.txt
  8. Hi everybodies I'm writing this post because, when I open my programs, folders and files are not classified per name or date and I don't know why Here are the logs Malwarebytes Anti-Malware www.malwarebytes.org Data scansione: 07/12/2015 Ora scansione: 16.25.25 File di log: MBAM.txt Amministratore: Sì Versione: 2.2.0.1024 Database malware: v2015.12.07.03 Database rootkit: v2015.11.26.01 Licenza: Gratuito Protezione da malware: Disattivata Protezione da siti web nocivi: Disattivata Auto-protezione: Disattivata SO: Windows XP Service Pack 3 CPU: x86 File system: NTFS Utente: Mepra Tipo di scansione: Ricerca elementi nocivi Risultati: Completata Elementi analizzati: 387261 Tempo impiegato: 57 min, 32 sec Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Euristiche: Attivata PUP: Attivata PUM: Attivata Processi: 0 (Nessun elemento nocivo rilevato) Moduli: 0 (Nessun elemento nocivo rilevato) Chiavi di registro: 0 (Nessun elemento nocivo rilevato) Valori di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Cartelle: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settori fisici: 0 (Nessun elemento nocivo rilevato) (end) . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 20/09/2012 11.30.03 System Uptime: 07/12/2015 8.57.54 (9 hours ago) . Motherboard: Foxconn | | 2ABF Processor: Processore Intel Pentium III Xeon | CPU 1 | 1591/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 450 GiB total, 274,07 GiB free. D: is Removable E: is CDROM () F: is FIXED (NTFS) - 16 GiB total, 1,949 GiB free. J: is FIXED (FAT32) - 466 GiB total, 11,661 GiB free. Y: is NetworkDisk (NTFS) - 1861 GiB total, 1301,284 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 15.12 Adobe Acrobat 7.1.0 Professional Adobe AIR Adobe Flash Player 18 ActiveX Adobe Flash Player 18 NPAPI Adobe InDesign CS5 Adobe Reader XI (11.0.10) Adobe Reader XI (11.0.11) - Italiano Adobe Shockwave Player 12.2 Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2809289) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2817183) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909210) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2925418) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2936068) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2964358) Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) Aggiornamento della protezione per Windows Media Player (KB2834904-v2) Aggiornamento della protezione per Windows Media Player (KB2834904) Aggiornamento della protezione per Windows XP (KB2778344) Aggiornamento della protezione per Windows XP (KB2780091) Aggiornamento della protezione per Windows XP (KB2799494) Aggiornamento della protezione per Windows XP (KB2802968) Aggiornamento della protezione per Windows XP (KB2807986) Aggiornamento della protezione per Windows XP (KB2808735) Aggiornamento della protezione per Windows XP (KB2813170) Aggiornamento della protezione per Windows XP (KB2813345) Aggiornamento della protezione per Windows XP (KB2820197) Aggiornamento della protezione per Windows XP (KB2820917) Aggiornamento della protezione per Windows XP (KB2829361) Aggiornamento della protezione per Windows XP (KB2834886) Aggiornamento della protezione per Windows XP (KB2839229) Aggiornamento della protezione per Windows XP (KB2845187) Aggiornamento della protezione per Windows XP (KB2847311) Aggiornamento della protezione per Windows XP (KB2849470) Aggiornamento della protezione per Windows XP (KB2850851) Aggiornamento della protezione per Windows XP (KB2850869) Aggiornamento della protezione per Windows XP (KB2859537) Aggiornamento della protezione per Windows XP (KB2862152) Aggiornamento della protezione per Windows XP (KB2862330) Aggiornamento della protezione per Windows XP (KB2862335) Aggiornamento della protezione per Windows XP (KB2864063) Aggiornamento della protezione per Windows XP (KB2868626) Aggiornamento della protezione per Windows XP (KB2876217) Aggiornamento della protezione per Windows XP (KB2876315) Aggiornamento della protezione per Windows XP (KB2876331) Aggiornamento della protezione per Windows XP (KB2883150) Aggiornamento della protezione per Windows XP (KB2892075) Aggiornamento della protezione per Windows XP (KB2893294) Aggiornamento della protezione per Windows XP (KB2893984) Aggiornamento della protezione per Windows XP (KB2898715) Aggiornamento della protezione per Windows XP (KB2900986) Aggiornamento della protezione per Windows XP (KB2914368) Aggiornamento della protezione per Windows XP (KB2916036) Aggiornamento della protezione per Windows XP (KB2922229) Aggiornamento della protezione per Windows XP (KB2929961) Aggiornamento della protezione per Windows XP (KB2930275) Aggiornamento per Windows Internet Explorer 8 (KB2598845) Aggiornamento per Windows Internet Explorer 8 (KB2632503) Aggiornamento per Windows XP (KB2492386) Aggiornamento per Windows XP (KB2808679) Aggiornamento per Windows XP (KB2863058) Aggiornamento per Windows XP (KB2904266) Aggiornamento per Windows XP (KB2934207) Apple Mobile Device Support Apple Software Update Avira Antivirus Bit4Id - miniLector Bonjour Brother HL-5340D CIGO dt CompanionLink Core FTP LE CRS Kit 1.0 CUD 2014 DRIVER ACR38U x64 Dropbox Dropbox Update Helper DYMO Label v.8 Extended Asian Language font pack for Adobe Reader XI Fast File Renamer 2.0 File Repair FileHippo App Manager Free AVI Video Converter version 5.0.59.525 Google Chrome Google Update Helper GoToMeeting 5.5.0.1132 GPL Ghostscript 8.71 GPRES2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IBM AS/400 Client Access Express per Windows IBM AS/400 Client Access Express per Windows SI11806 IBM Notes 9.0.1 (Basic) it INPS uniEMens integrato iTunes Java 8 Update 45 Java Auto Updater LibreOffice 5.0 Help Pack (Italian) LibreOffice 5.0.0.5 Live Upgrade Malwarebytes Anti-Malware versione 2.2.0.1024 Mercurio Internet Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Italian) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Italian) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Italian) 2007 Microsoft Office InfoPath MUI (Italian) 2007 Microsoft Office OneNote MUI (Italian) 2007 Microsoft Office Outlook MUI (Italian) 2007 Microsoft Office PowerPoint MUI (Italian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (Italian) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Italian) 2007 Microsoft Office Shared MUI (Italian) 2007 Microsoft Office Word MUI (Italian) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (Italian) 12 Microsoft SQL Server Compact 3.5 SP2 ITA Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Modello 730 2014 Modello 770 Semplificato 2014 Modello 770 Semplificato 2015 Mozilla Firefox 43.0 (x86 en-US) Mozilla Maintenance Service NinjaTrader 7 PDF Settings CS5 QuickTime 7 RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition SpywareBlaster 5.2 Supporto applicazioni Apple (32 bit) swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Visual Studio 2012 x86 Redistributables VLC media player Windows Internet Explorer 8 . ==== End Of File =========================== Results of screen317's Security Check version 1.013 --- 11/28/15 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.2 Java 8 Update 45 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.95 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (43.0) Google Chrome (48.0.2564.10) Google Chrome (48.0.2564.22) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.45.2 Run by Mepra at 17:28:10 on 2015-12-07 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1953.905 [GMT 1:00] . AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programmi\Avira\Antivirus\sched.exe C:\Programmi\Avira\Antivirus\avguard.exe C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe C:\WINDOWS\Explorer.EXE C:\lotus\notes\nsd.exe C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\lotus\notes\SUService.exe c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\lotus\notes\ntmulti.exe C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe C:\Programmi\Real\RealPlayer\update\realsched.exe C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Programmi\Brownie\BrstsWnd.exe C:\Programmi\Dropbox\Client\Dropbox.exe C:\Programmi\Avira\Antivirus\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\BingSvc\BingSvc.exe C:\Programmi\FileHippo.com\FileHippo.AppManager.exe C:\Programmi\Messenger\msmsgs.exe C:\Documents and Settings\Mepra\Mercurio\jre\launch4j-tmp\Mercurio.exe C:\Programmi\Mercurio\jre\bin\javaw.exe C:\Programmi\Avira\Antivirus\avshadow.exe C:\Programmi\Brownie\brpjp04a.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.it/ BHO: Supporto di collegamento per Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre1.8.0_45\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre1.8.0_45\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bingSvc] c:\documents and settings\mepra\impostazioni locali\dati applicazioni\microsoft\bingsvc\BingSvc.exe uRun: [FileHippo.com] "c:\programmi\filehippo.com\FileHippo.AppManager.exe" /background uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background uRun: [GoogleChromeAutoLaunch_E3E3926E562F2461F4035F057142309C] "c:\programmi\google\chrome\application\chrome.exe" --no-startup-window uRun: [Mercurio Live] c:\documents and settings\mepra\mercurio\Mercurio.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AdobeAAMUpdater-1.0] "c:\programmi\file comuni\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\programmi\file comuni\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Panasonic Device Monitor Wakeup] c:\programmi\panasonic\panasonic-dms\device monitor\DMWakeup.exe mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe" mRun: [Client Access Service] "c:\programmi\ibm\client access\cwbsvstr.exe" mRun: [Client Access Help Update] "c:\programmi\ibm\client access\cwbinhlp.exe" mRun: [Client Access Check Version] "c:\programmi\ibm\client access\cwbckver.exe" LOGIN mRun: [Client Access Express Welcome] "c:\programmi\ibm\client access\cwbwlwiz.exe" mRun: [TkBellExe] "c:\programmi\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe" mRun: [Wondershare Helper Compact.exe] c:\programmi\common files\wondershare\wondershare helper compact\WSHelper.exe mRun: [userFaultCheck] c:\windows\system32\dumprep 0 -u mRun: [brStsWnd] c:\programmi\brownie\BrstsWnd.exe Autorun mRun: [Dropbox] "c:\programmi\dropbox\client\Dropbox.exe" /systemstartup mRun: [avgnt] "c:\programmi\avira\antivirus\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\documents and settings\mepra\menu avvio\programmi\esecuzione automatica\Av.bat StartupFolder: c:\docume~1\mepra\menuav~1\progra~1\esecuz~1\colleg~1.lnk - c:\AS-LOGIN.bat StartupFolder: c:\docume~1\mepra\menuav~1\progra~1\esecuz~1\mercurio.lnk - c:\programmi\mercurio\Mercurio.exe StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Download All using 4shared Desktop - c:\programmi\4shared desktop\Desktop.32/D_ALL_LINK IE: &Download using 4shared Desktop - c:\programmi\4shared desktop\Desktop.32/D_ONE_LINK IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe LSP: c:\programmi\avira\antivirus\avsda.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348151699250 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348151756703 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash5/cabs/swflash.cab TCP: Interfaces\{B29C1FD5-8878-4C91-ADC7-6FF324C56C01} : NameServer = 62.97.32.21,62.97.33.21 Handler: WSWSVCUchrome - <Clsid value has no data> Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programmi\coreftp\pftpns.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programmi\google\chrome\application\48.0.2564.22\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mepra\dati applicazioni\mozilla\firefox\profiles\hbg4xkjp.default-1446289387593\ FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\programmi\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\programmi\dymo\dymo label software\framework\npDYMOLabelFramework.dll FF - plugin: c:\programmi\file comuni\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\programmi\file comuni\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\programmi\google\update\1.3.29.1\npGoogleUpdate3.dll FF - plugin: c:\programmi\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\programmi\java\jre1.8.0_45\bin\plugin2\npjp2.dll FF - plugin: c:\programmi\microsoft silverlight\5.1.40620.0\npctrlui.dll FF - plugin: c:\programmi\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1222172.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_95.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2015-12-4 37896] R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivirus\sched.exe [2015-12-4 466408] R2 AntiVirService;Avira Real-Time Protection;c:\programmi\avira\antivirus\avguard.exe [2015-12-4 466408] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2015-12-4 106968] R2 DymoPnpService;DYMO PnP Service;c:\programmi\dymo\dymo label software\DymoPnpService.exe [2014-3-20 33072] R2 IBM Notes Diagnostics;Diagnostica IBM Notes;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?] R2 LNSUSvc;Servizio IBM Notes Smart Upgrade ;c:\lotus\notes\SUService.exe [2013-10-15 1654376] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056] R2 UNS;Intel® Management and Security Application User Notification Service;c:\programmi\intel\intel® management engine components\uns\UNS.exe [2012-9-20 2656280] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-9-20 41088] R3 SNXPCARD;Multi-I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2012-9-20 59272] R3 SNXPSERX;Multi-I/O Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [2012-9-20 60808] S2 AntiVirMailService;Avira Mail Protection;c:\programmi\avira\antivirus\avmailc.exe [2015-12-4 930944] S2 AntiVirWebService;Avira Web Protection;c:\programmi\avira\antivirus\avwebgrd.exe [2015-12-4 1222952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 dbupdate;Servizio Aggiornamento Dropbox (dbupdate);c:\programmi\dropbox\update\DropboxUpdate.exe [2015-10-28 136048] S2 MBAMService;MBAMService;c:\programmi\malwarebytes anti-malware\mbamservice.exe [2015-12-7 1135416] S2 uzsvc;UltraZip Service;c:\programmi\ultrazip\uzsvc.exe [2015-11-16 526016] S2 uzupd;UltraZip Updater;c:\programmi\ultrazip\uzupd.exe [2015-11-16 72896] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [2013-9-16 24832] S3 dbupdatem;Servizio Aggiornamento Dropbox (dbupdatem);c:\programmi\dropbox\update\DropboxUpdate.exe [2015-10-28 136048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-12-7 23256] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-10-1 18944] S3 SwitchBoard;SwitchBoard;c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== Created Last 30 ================ . 2015-12-07 15:20:16 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-12-07 15:19:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-12-07 15:19:51 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-12-07 15:19:51 -------- d-----w- c:\programmi\Malwarebytes Anti-Malware 2015-12-04 08:35:08 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Avira 2015-12-04 08:33:50 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2015-12-04 08:33:50 106968 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-11-24 08:04:20 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Sonic Solutions 2015-11-24 07:43:10 -------- d-----w- C:\Borgo Creativo 2015-11-17 17:44:36 -------- d-----w- c:\programmi\MSECache 2015-11-17 07:42:17 -------- d-----w- c:\documents and settings\all users\dati applicazioni\UltraZipTemp 2015-11-17 07:41:51 -------- d-----w- c:\documents and settings\all users\dati applicazioni\UltraZip 2015-11-16 17:14:32 -------- d-----w- c:\documents and settings\mepra\impostazioni locali\dati applicazioni\Opera Software 2015-11-16 17:14:03 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Opera Software 2015-11-16 17:10:32 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Shortcut 2015-11-16 17:07:53 -------- d-----w- c:\programmi\UltraZip 2015-11-12 16:27:12 -------- d-----w- c:\documents and settings\all users\dati applicazioni\AVG Security Toolbar 2015-11-12 16:14:03 -------- d-----w- c:\programmi\AVG 2015-11-12 16:10:53 -------- d-----w- c:\documents and settings\mepra\impostazioni locali\dati applicazioni\AvgSetupLog 2015-11-12 16:10:18 -------- d-----w- c:\documents and settings\mepra\impostazioni locali\dati applicazioni\Avg2015 . ==================== Find3M ==================== . . ============= FINISH: 17.28.36,53 ===============
  9. Hi TheJoker Thank you very much again Yes, the problem seems to be resolved Emanuele
  10. Hi TheJoker and many, many thanks for your help I've done all you've suggested in your previous post and the system seems to work fine. Herewith attached I post the FRST last log God bless you for your help again! Emanuele Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015 Ran by Mepra at 2015-06-26 18:27:38 Run:2 Running from C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS Loaded Profiles: Mepra (Available Profiles: Mepra) Boot Mode: Normal ============================================== fixlist content: ***************** start ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {65D290DA-7796-44A7-B6DA-2F026F9A5741} URL = https://www.google.c...q={searchTerms} FF SearchPlugin: C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\searchplugins\avira-safesearch.xml [2015-06-25] FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\iobitascsurfingprotection@iobit.com [2015-06-23] FF Extension: Avira SafeSearch Plus - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\safesearchplus@avira.com [2015-06-15] CHR dev: Chrome dev build detected! <======= ATTENTION CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 eapihdrv; \??\C:\DOCUME~1\Mepra\IMPOST~1\Temp\ehdrv.sys [X] S1 SDHookDriver; \??\C:\Programmi\Spybot - Search & Destroy 2\SDHookDrv32.sys [X] S2 LiveUpdateSvc; C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit) C:\Documents and Settings\All Users\Dati applicazioni\IObit C:\Documents and Settings\Mepra\Dati applicazioni\IObit C:\Programmi\IObit end ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65D290DA-7796-44A7-B6DA-2F026F9A5741}" => key removed successfully. HKCR\CLSID\{65D290DA-7796-44A7-B6DA-2F026F9A5741} => key not found. C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\searchplugins\avira-safesearch.xml => moved successfully. C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\iobitascsurfingprotection@iobit.com => moved successfully. C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\safesearchplus@avira.com => moved successfully. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully. catchme => Service removed successfully. eapihdrv => Service not found. SDHookDriver => Service removed successfully. LiveUpdateSvc => Service removed successfully. C:\Documents and Settings\All Users\Dati applicazioni\IObit => moved successfully. C:\Documents and Settings\Mepra\Dati applicazioni\IObit => moved successfully. C:\Programmi\IObit => moved successfully. ==== End of Fixlog 18:27:39 ====
  11. 4th and last post - FRST Addition log Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015 Ran by Mepra at 2015-06-26 08:41:19 Running from C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-682003330-1957994488-839522115-500 - Administrator - Enabled) ASPNET (S-1-5-21-682003330-1957994488-839522115-1007 - Limited - Enabled) Guest (S-1-5-21-682003330-1957994488-839522115-501 - Limited - Disabled) HelpAssistant (S-1-5-21-682003330-1957994488-839522115-1000 - Limited - Disabled) Mepra (S-1-5-21-682003330-1957994488-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mepra SUPPORT_388945a0 (S-1-5-21-682003330-1957994488-839522115-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.05 beta (HKLM\...\7-Zip) (Version: - ) Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional) (Version: 7.1.0 - Adobe Systems) Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.95 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.95 - Adobe Systems Incorporated) Adobe InDesign CS5 (HKLM\...\{F9766AC1-1461-1033-B862-DF8FE1C033BE}) (Version: 7.0 - Adobe Systems Incorporated) Adobe InDesign CS6 (HKLM\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version: - Microsoft Corporation) Aggiornamento della protezione per Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version: - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2808735) (HKLM\...\KB2808735) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation) Aggiornamento della protezione per Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Aggiornamento per Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Any Video Converter 5.8.1 (HKLM\...\Any Video Converter) (Version: 5.8.1 - Anvsoft) A-PDF to Video 1.1 (HKLM\...\A-PDF to Video_is1) (Version: - A-PDF Solution) Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.) Avira (HKLM\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG) Bit4Id - miniLector (HKLM\...\Bit4Id - miniLector) (Version: 3.1 - Bit4id) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) CIGO dt (HKLM\...\{FD257CD8-B183-4DC1-B5DB-C35FD01F7316}) (Version: 1.0.121 - INPS) CompanionLink (HKLM\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.) Core FTP LE (HKLM\...\CoreFTP) (Version: - ) CRS Kit 1.0 (HKLM\...\CRS Kit_is1) (Version: - Lombardia Informatica S.p.a.) CUD 2014 (HKLM\...\CUD 2014) (Version: - ) DRIVER ACR38U x64 (HKLM\...\DRIVER ACR38U x64_is1) (Version: - Lombardia Informatica S.p.a.) DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) Fast File Renamer 2.0 (HKLM\...\FastFileRenamer2) (Version: - ) File Repair (HKLM\...\File Repair_is1) (Version: - File Repair) FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com) Free AVI Video Converter version 5.0.59.525 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2438.3 - Google Inc.) Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - ) GPRES2 (HKLM\...\{A7C4E3B8-F27D-44A9-97AD-D827F84011BE}) (Version: 9.20.0 - Zucchetti) IBM AS/400 Client Access Express per Windows (HKLM\...\ClientAccessExpress) (Version: - ) IBM AS/400 Client Access Express per Windows SI11806 (HKLM\...\ClientAccessExpressSP) (Version: - ) IBM Notes 9.0.1 (Basic) it (HKLM\...\{5A7EAC73-5284-402C-BD4F-D12FC5DC605B}) (Version: 9.01.13312 - IBM) INPS uniEMens integrato (HKLM\...\{A4E92012-7546-4282-903E-B9EB591BD134}) (Version: 3.4.0 - INPS) iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) LibreOfficeDev 5.0.0.0.beta1 (HKLM\...\{12ACC7FC-22F1-4C4D-83EA-D26793E1DC1D}) (Version: 5.0.0.0.beta1 - The Document Foundation) Live Upgrade (HKLM\...\Live Upgrade) (Version: - ) Malwarebytes Anti-Malware versione 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mercurio Internet (HKLM\...\Mercurio) (Version: 04.00.00 - Zucchetti s.p.a.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ITA (HKLM\...\{B23B8C0C-DEAE-4147-AFD4-A000A67CB98C}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - ) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Modello 730 2014 (HKLM\...\Modello 730 2014) (Version: - ) Modello 770 Semplificato 2014 (HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Modello 770 Semplificato 2014) (Version: - Agenzia delle Entrate) Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) Nero BackItUp (HKLM\...\{40F2F005-FA4C-4BEA-83A6-BFD969467594}) (Version: 15.61.2.2 - Nero AG) NinjaTrader 7 (HKLM\...\{588BC903-8F55-428E-82D3-21AA88289CF3}) (Version: 7.0.1027 - NinjaTrader) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Software postazione di lavoro di Regione Lombardia v1.1.02 (HKLM\...\Software postazione di lavoro di Regione Lombardia_is1) (Version: 1.1.02 - Lombardia Informatica S.p.A.) Supporto applicazioni Apple (32 bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Programmi\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-682003330-1957994488-839522115-1003_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 13:00 - 2014-09-30 15:20 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EMANUELE-Mepra.job => C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programmi\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programmi\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programmi\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job => C:\Programmi\RealNetworks\RealDownloader\recordingmanager.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job => C:\Programmi\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job => C:\Programmi\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job => C:\Programmi\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job => C:\Programmi\Real\RealUpgrade\realupgrade.exe ==================== Loaded Modules (Whitelisted) ============== 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll 2013-10-04 15:00 - 2001-05-08 05:10 - 00172032 _____ () C:\WINDOWS\system32\cwbrw.dll 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe 2015-05-25 15:02 - 2015-05-25 15:02 - 00607360 _____ () C:\Programmi\Nero\Nero BackItUp\sqlite3.dll 2015-06-04 17:45 - 2014-10-31 16:37 - 01498112 _____ () C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2015-06-04 17:45 - 2014-05-19 17:19 - 00137728 _____ () C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2015-06-01 19:28 - 2015-06-01 19:28 - 00061440 _____ () C:\Programmi\CCleaner\lang\lang-1040.dll 2015-05-12 12:47 - 2015-05-12 12:47 - 10574544 _____ () C:\Programmi\FileHippo.com\FileHippo.AppManager.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 11906 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-682003330-1957994488-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp DNS Servers: 62.97.32.21 - 62.97.33.21 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Programmi\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call DomainProfile\AuthorizedApplications: [C:\Programmi\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger DomainProfile\AuthorizedApplications: [C:\Programmi\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE] => Disabled:SAgent4 StandardProfile\AuthorizedApplications: [C:\Programmi\NinjaTrader 7\bin\NinjaTrader.exe] => Enabled:NinjaTrader application StandardProfile\AuthorizedApplications: [C:\Programmi\CompanionLink\CompanionLink.exe] => Enabled:CompanionLink StandardProfile\AuthorizedApplications: [C:\Programmi\Zucchetti\Gestione Presenze\RILEVDB\rilevdb_server.exe] => Enabled:rilevdb_server StandardProfile\AuthorizedApplications: [C:\Programmi\Mercurio\jre\bin\javaw.exe] => Enabled:Java Platform SE binary StandardProfile\AuthorizedApplications: [C:\Programmi\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Programmi\Bonjour\mDNSResponder.exe] => Enabled: Servizio Bonjour StandardProfile\AuthorizedApplications: [C:\Programmi\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Programmi\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp StandardProfile\AuthorizedApplications: [C:\Programmi\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Programmi\Mozilla Firefox) DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [8231:TCP] => Enabled:BiuHTTP ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2015 09:25:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Applicazione che ha provocato l'errore quarkxpress.exe, versione 9.3.0.0, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055, indirizzo errore 0x00010a19. Elaborazione evento specifico al supporto per [quarkxpress.exe!ws!] in corso Error: (06/20/2015 10:31:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Applicazione che ha provocato l'errore plugin-container.exe, versione 39.0.0.5644, modulo che ha provocato l'errore mozglue.dll, versione 39.0.0.5644, indirizzo errore 0x00007396. Elaborazione evento specifico al supporto per [plugin-container.exe!ws!] in corso Error: (06/20/2015 10:31:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Applicazione in stallo firefox.exe, versione 39.0.0.5644, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error: (06/20/2015 10:30:05 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Bucket 28778933 errato. Error: (06/20/2015 10:29:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Applicazione che ha provocato l'errore plugin-container.exe, versione 39.0.0.5644, modulo che ha provocato l'errore mozglue.dll, versione 39.0.0.5644, indirizzo errore 0x00007396. Elaborazione evento specifico al supporto per [plugin-container.exe!ws!] in corso Error: (06/20/2015 10:29:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Applicazione in stallo firefox.exe, versione 39.0.0.5644, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000. Error: (06/10/2015 11:00:29 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 ninjatrader.exe, P2 7.0.1000.27, P3 54ee2b57, P4 system.windows.forms, P5 2.0.0.0, P6 50c2a4a5, P7 1521, P8 17, P9 clr20r30, P10 clr20r31. Error: (06/08/2015 08:10:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: BackItUp.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException Stack: at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[]) at BackItUp.SingleInstanceManager.RunSingleInstance(System.String[]) at BackItUp.EntryPoint.Main(System.String[]) Error: (06/08/2015 08:10:44 AM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: ) Description: EventType clr20r3, P1 backitup.exe, P2 15.61.2.2, P3 5562c87c, P4 microsoft.visualbasic, P5 10.0.0.0, P6 4ba2183b, P7 78, P8 2b5, P9 clr20r30, P10 clr20r31. Error: (06/04/2015 04:42:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Applicazione che ha provocato l'errore pdftovideo.exe, versione 1.1.0.0, modulo che ha provocato l'errore kernel32.dll, versione 5.1.2600.6532, indirizzo errore 0x00012fd3. Elaborazione evento specifico al supporto per [pdftovideo.exe!ws!] in corso System errors: ============= Error: (06/25/2015 06:42:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: All'avvio non è stato possibile caricare i seguenti driver: SDHookDriver Error: (06/25/2015 06:42:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Avira Web Protection dipende dal servizio Avira Real-Time Protection che non è stato avviato per il seguente errore: %%1070 Error: (06/25/2015 06:42:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Il servizio Avira Mail Protection dipende dal servizio Avira Real-Time Protection che non è stato avviato per il seguente errore: %%1070 Error: (06/25/2015 06:42:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Servizio Avira Real-Time Protection bloccato in partenza. Error: (06/25/2015 06:40:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Avira Service Host. Error: (06/25/2015 06:37:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Windows Presentation Foundation Font Cache 4.0.0.0 è terminato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio. Error: (06/25/2015 06:37:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Interruzione imprevista del servizio Servizio iPod. Questo evento si è già verificato 1 volta(e). Error: (06/25/2015 06:37:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Windows Presentation Foundation Font Cache 4.0.0.0 è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio. Error: (06/25/2015 06:37:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Interruzione imprevista del servizio Servizio Gateway di livello applicazione. Questo evento si è già verificato 1 volta(e). Error: (06/25/2015 06:37:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Avira Service Host è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio. Microsoft Office: ========================= Error: (06/23/2015 09:25:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: quarkxpress.exe9.3.0.0ntdll.dll5.1.2600.605500010a19 Error: (06/20/2015 10:31:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe39.0.0.5644mozglue.dll39.0.0.564400007396 Error: (06/20/2015 10:31:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe39.0.0.5644hungapp0.0.0.000000000 Error: (06/20/2015 10:30:05 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: 28778933 Error: (06/20/2015 10:29:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe39.0.0.5644mozglue.dll39.0.0.564400007396 Error: (06/20/2015 10:29:40 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe39.0.0.5644hungapp0.0.0.000000000 Error: (06/10/2015 11:00:29 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: ) Description: clr20r3ninjatrader.exe7.0.1000.2754ee2b57system.windows.forms2.0.0.050c2a4a5152117system.invalidoperationexceptionNIL Error: (06/08/2015 08:10:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: BackItUp.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException Stack: at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[]) at BackItUp.SingleInstanceManager.RunSingleInstance(System.String[]) at BackItUp.EntryPoint.Main(System.String[]) Error: (06/08/2015 08:10:44 AM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: ) Description: clr20r3backitup.exe15.61.2.25562c87cmicrosoft.visualbasic10.0.0.04ba2183b782b534ssps20bdj3nj0wmit5kamzhvglfzccNIL Error: (06/04/2015 04:42:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: pdftovideo.exe1.1.0.0kernel32.dll5.1.2600.653200012fd3 ==================== Memory info =========================== Processor: Intel® Pentium® CPU G850 @ 2.90GHz Percentage of memory in use: 44% Total physical RAM: 1952.77 MB Available physical RAM: 1089.3 MB Total Pagefile: 3846.48 MB Available Pagefile: 2699.48 MB Total Virtual: 2047.88 MB Available Virtual: 1921.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.03 GB) (Free:286.75 GB) NTFS Drive f: (HP_RECOVERY) (Fixed) (Total:15.72 GB) (Free:1.95 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive j: (VERBATIM) (Fixed) (Total:465.65 GB) (Free:35.21 GB) FAT32 Drive y: () (Network) (Total:1860.97 GB) (Free:1308.46 GB) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A557EF6A) Partition 1: (Not Active) - (Size=450 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=15.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: DAAF5B94) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C) ==================== End of log ============================
  12. 3rd post - the FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015 Ran by Mepra (administrator) on EMANUELE on 26-06-2015 08:40:43 Running from C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS Loaded Profiles: Mepra (Available Profiles: Mepra) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Italiano (Italia) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Programmi\Bonjour\mDNSResponder.exe (Sanford, L.P.) C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe (IBM) C:\Lotus\Notes\nsd.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe (IBM Corp) C:\Lotus\Notes\SUService.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (IBM Corp) C:\Lotus\Notes\ntmulti.exe (Nero AG) C:\Programmi\Nero\Nero BackItUp\NBService.exe (Panasonic) C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe () C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Panasonic Communications Co., Ltd.) C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe (RealNetworks, Inc.) C:\Programmi\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Programmi\iTunes\iTunesHelper.exe (Nero AG) C:\Programmi\Nero\Nero BackItUp\BackItUp.exe (Wondershare) C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Oracle Corporation) C:\Programmi\File comuni\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avgnt.exe (Piriform Ltd) C:\Programmi\CCleaner\CCleaner.exe () C:\Programmi\FileHippo.com\FileHippo.AppManager.exe (Sun Microsystems, Inc.) C:\Documents and Settings\Mepra\Mercurio\jre\launch4j-tmp\Mercurio.exe (Sun Microsystems, Inc.) C:\Programmi\Mercurio\jre\bin\javaw.exe (Avira Operations GmbH & Co. KG) C:\Programmi\Avira\Antivirus\avshadow.exe (Apple Inc.) C:\Programmi\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Programmi\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] => C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [Panasonic Device Monitor Wakeup] => C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe [421888 2008-06-17] (Panasonic Communications Co., Ltd.) HKLM\...\Run: [APSDaemon] => C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [Client Access Service] => C:\Programmi\IBM\Client Access\cwbsvstr.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Help Update] => C:\Programmi\IBM\Client Access\cwbinhlp.exe [24626 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Check Version] => C:\Programmi\IBM\Client Access\cwbckver.exe [49152 2001-05-08] (IBM Corporation) HKLM\...\Run: [Client Access Express Welcome] => C:\Programmi\IBM\Client Access\cwbwlwiz.exe [20530 2001-05-08] (IBM Corporation) HKLM\...\Run: [TkBellExe] => C:\Programmi\Real\RealPlayer\update\realsched.exe [295512 2013-08-29] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Programmi\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Programmi\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKLM\...\Run: [Nero BackItUp] => C:\Programmi\Nero\Nero BackItUp\BackItUp.exe [1104728 2015-05-25] (Nero AG) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [sunJavaUpdateSched] => C:\Programmi\File comuni\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Programmi\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => C:\Programmi\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Programmi\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [FileHippo.com] => C:\Programmi\FileHippo.com\FileHippo.AppManager.exe [10574544 2015-05-12] () HKU\S-1-5-21-682003330-1957994488-839522115-1003\...\Run: [Mercurio Live] => C:\Documents and Settings\Mepra\Mercurio\Mercurio.exe [31744 2013-06-25] (Zucchetti S.p.A.) Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk [2012-11-30] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Av.bat [2012-09-20] () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a AS-LOGIN.lnk [2012-09-20] ShortcutTarget: Collegamento a AS-LOGIN.lnk -> C:\AS-LOGIN.bat () Startup: C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Esecuzione automatica\Mercurio.lnk [2013-06-25] ShortcutTarget: Mercurio.lnk -> C:\Programmi\Mercurio\Mercurio.exe (Zucchetti S.p.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-682003330-1957994488-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-682003330-1957994488-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {65D290DA-7796-44A7-B6DA-2F026F9A5741} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-1957994488-839522115-1003 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programmi\Java\jre1.8.0_45\bin\ssv.dll [2015-06-12] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programmi\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-12] (Oracle Corporation) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348151756703 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash5/cabs/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll [2005-09-23] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: WSWSVCUchrome - No CLSID Value - ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation) Winsock: Catalog5 04 C:\Programmi\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\..\Interfaces\{B29C1FD5-8878-4C91-ADC7-6FF324C56C01}: [NameServer] 62.97.32.21,62.97.33.21 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_95.dll [2015-04-27] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @dymo.com/DymoLabelFramework -> C:\Programmi\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Programmi\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Programmi\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-12] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Programmi\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-29] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Programmi\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-29] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programmi\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programmi\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Programmi\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Programmi\File comuni\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems) FF SearchPlugin: C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\searchplugins\avira-safesearch.xml [2015-06-25] FF Extension: No Name - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\profiles\extensions\extensions [2015-05-16] FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\iobitascsurfingprotection@iobit.com [2015-06-23] FF Extension: Avira SafeSearch Plus - C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\Extensions\safesearchplus@avira.com [2015-06-15] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-20] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-29] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default CHR Extension: (Google Docs) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-06] CHR Extension: (Google Drive) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-06] CHR Extension: (YouTube) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-06] CHR Extension: (Google Search) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-06] CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27] CHR Extension: (RealDownloader) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06] CHR Extension: (Google Wallet) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06] CHR Extension: (Gmail) - C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-11-30] (Adobe Systems) [File not signed] S2 AntiVirMailService; C:\Programmi\Avira\Antivirus\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Programmi\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programmi\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Programmi\Avira\Antivirus\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2015-01-20] (Apple Inc.) S2 Avira.ServiceHost; C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) R2 Bonjour Service; C:\Programmi\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.) S3 Cwbrxd; C:\WINDOWS\CWBRXD.EXE [53248 2001-05-08] (IBM Corporation) [File not signed] R2 DymoPnpService; C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) S3 FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-09-20] (Macrovision Europe Ltd.) [File not signed] S2 gupdate; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2013-11-06] (Google Inc.) S3 gupdatem; C:\Programmi\Google\Update\GoogleUpdate.exe [116648 2013-11-06] (Google Inc.) R2 IBM Notes Diagnostics; C:\lotus\notes\nsd.exe [5164136 2013-10-15] (IBM) S3 IDriverT; C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R3 iPod Service; C:\Programmi\iPod\bin\iPodService.exe [540968 2015-04-07] (Apple Inc.) S2 LiveUpdateSvc; C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit) R2 LMS; C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation) R2 LNSUSvc; C:\lotus\notes\SUService.exe [1654376 2013-10-15] (IBM Corp) S2 MBAMScheduler; C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [148136 2015-06-22] (Mozilla Foundation) R2 MSSQL$SQLEXPRESS; c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Programmi\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Multi-user Cleanup Service; C:\lotus\notes\ntmulti.exe [38504 2013-10-15] (IBM Corp) R2 NeroBackItUpBackgroundService; C:\Programmi\Nero\Nero BackItUp\NBService.exe [279904 2015-05-25] (Nero AG) R2 Panasonic Trap Monitor Service; C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SQLBrowser; c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944 2010-12-10] (Microsoft Corporation) R2 SQLWriter; c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe [86880 2010-12-10] (Microsoft Corporation) S3 SwitchBoard; C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UNS; C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation) S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACSSCR; C:\WINDOWS\System32\DRIVERS\a38usbxp.sys [24832 2004-04-30] (Advanced Card Systems Ltd) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-27] (Avira Operations GmbH & Co. KG) R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2177024 2011-11-21] (Intel Corporation) [File not signed] S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) [File not signed] R3 SNXPCARD; C:\WINDOWS\System32\DRIVERS\snxpcard.sys [59272 2009-12-03] (Manufactor) R3 SNXPSERX; C:\WINDOWS\System32\DRIVERS\snxpserx.sys [60808 2009-12-03] (Manufactor) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 eapihdrv; \??\C:\DOCUME~1\Mepra\IMPOST~1\Temp\ehdrv.sys [X] S1 SDHookDriver; \??\C:\Programmi\Spybot - Search & Destroy 2\SDHookDrv32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-25 18:46 - 2015-06-25 18:46 - 00000000 ____D C:\Programmi\ESET 2015-06-25 18:35 - 2015-06-25 18:35 - 02244096 _____ C:\Documents and Settings\Mepra\Desktop\adwcleaner_4.207.exe 2015-06-24 18:31 - 2015-06-24 18:31 - 00018918 _____ C:\Documents and Settings\Mepra\Desktop\dds.txt 2015-06-24 18:31 - 2015-06-24 18:31 - 00010572 _____ C:\Documents and Settings\Mepra\Desktop\attach.txt 2015-06-22 11:50 - 2015-06-22 14:17 - 00000000 ____D C:\Programmi\Mozilla Firefox 2015-06-20 10:43 - 2015-06-20 10:59 - 00000120 _____ C:\WINDOWS\setupact.log 2015-06-20 10:43 - 2015-06-20 10:43 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-06-19 12:32 - 2015-06-19 12:40 - 00022016 _____ C:\Documents and Settings\Mepra\Documenti\Costo orario manodopera Anno 2015.xls 2015-06-16 13:17 - 2015-06-16 13:17 - 00001556 _____ C:\Documents and Settings\All Users\Desktop\IBM Notes (Basic).lnk 2015-06-15 10:50 - 2015-06-15 10:50 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Avira 2015-06-15 10:50 - 2015-06-15 10:50 - 00000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni\Avira 2015-06-15 10:48 - 2015-05-27 13:07 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-06-15 10:48 - 2015-05-27 13:07 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-06-15 10:48 - 2015-05-27 13:07 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-06-15 10:46 - 2015-06-15 10:46 - 00000813 _____ C:\Documents and Settings\All Users\Desktop\Avira.lnk 2015-06-15 10:45 - 2015-06-15 10:50 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira 2015-06-15 10:45 - 2015-06-15 10:48 - 00000000 ____D C:\Programmi\Avira 2015-06-15 08:29 - 2015-06-25 18:40 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-06-15 08:29 - 2015-06-25 18:40 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-06-15 08:28 - 2015-06-15 08:28 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2015-06-12 08:38 - 2015-06-12 08:38 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Oracle 2015-06-11 13:11 - 2015-06-11 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$ 2015-06-11 13:09 - 2011-10-28 18:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-06-11 13:00 - 2015-06-11 13:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$ 2015-06-11 12:42 - 2015-05-27 13:08 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys 2015-06-04 18:05 - 2015-06-10 09:25 - 00001874 _____ C:\Documents and Settings\All Users\Desktop\Free AVI Video Converter.lnk 2015-06-04 18:05 - 2015-06-10 09:25 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\DVDVideoSoft Free Studio.lnk 2015-06-04 18:05 - 2015-06-10 09:25 - 00000000 ____D C:\Programmi\DVDVideoSoft 2015-06-04 18:05 - 2015-06-10 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\DVDVideoSoft 2015-06-04 18:05 - 2015-06-10 09:24 - 00000000 ____D C:\Programmi\File comuni\DVDVideoSoft 2015-06-04 17:45 - 2015-06-04 17:45 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Wondershare 2015-06-04 17:45 - 2015-06-04 17:45 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Wondershare MediaServer 2015-06-04 17:44 - 2015-06-04 18:04 - 00000000 ____D C:\Programmi\Wondershare 2015-06-04 17:44 - 2015-06-04 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Wondershare 2015-06-04 17:44 - 2014-10-24 14:16 - 00214528 _____ () C:\WINDOWS\system32\WSCM32.dll 2015-06-04 11:26 - 2015-06-04 11:26 - 00011987 _____ C:\Documents and Settings\Mepra\Desktop\Senza nome 1.odt 2015-06-04 08:17 - 2015-06-04 08:17 - 00000000 ____D C:\Documents and Settings\Mepra\.fontconfig 2015-06-04 08:16 - 2015-06-04 08:16 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Movavi 2015-06-04 08:16 - 2015-06-04 08:16 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Movavi 2015-06-03 19:29 - 2015-06-03 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Movavi Video Converter 15 2015-06-03 15:42 - 2015-06-03 15:42 - 00000000 ____D C:\Documents and Settings\Mepra\Menu Avvio\Programmi\Ghostscript 2015-06-03 15:40 - 2015-06-03 15:46 - 00000000 ____D C:\Programmi\A-PDF to Video 2015-06-03 15:40 - 2015-06-03 15:40 - 00000650 _____ C:\Documents and Settings\Mepra\Desktop\A-PDF to Video.lnk 2015-06-03 15:40 - 2015-06-03 15:40 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\A-PDF to Video 2015-06-03 15:19 - 2015-06-03 15:19 - 00000824 _____ C:\Documents and Settings\Mepra\Desktop\Any Video Converter.lnk 2015-06-03 15:02 - 2015-06-03 15:02 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Apowersoft 2015-06-03 15:02 - 2015-06-03 15:02 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\Apowersoft 2015-06-03 15:02 - 2015-06-03 15:02 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Apowersoft 2015-06-03 08:25 - 2015-06-03 08:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Dati applicazioni\Nero 2015-06-03 08:19 - 2015-06-03 08:19 - 00000000 ____D C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Nero_AG 2015-05-30 10:13 - 2015-06-25 18:38 - 00032286 _____ C:\WINDOWS\SchedLgU.Txt 2015-05-30 10:08 - 2015-05-30 10:08 - 00004128 _____ C:\Documents and Settings\All Users\Dati applicazioni\bqeojehc.wbx 2015-05-30 10:08 - 2015-05-30 10:08 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\MOVAVI 2015-05-30 09:59 - 2015-06-04 17:16 - 00000000 ____D C:\Programmi\Total Video Converter 2015-05-30 09:48 - 2015-05-30 10:06 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Freemake 2015-05-30 09:48 - 2015-05-30 10:05 - 00000000 ____D C:\Programmi\Freemake 2015-05-30 09:48 - 2015-05-30 09:48 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Freemake ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-26 08:41 - 2012-09-20 11:37 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Temp 2015-06-26 08:40 - 2014-09-29 08:24 - 00000000 ____D C:\FRST 2015-06-26 08:40 - 2013-01-17 13:29 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\ANTIVIRUS 2015-06-26 08:13 - 2013-02-01 11:47 - 00000978 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-06-26 07:49 - 2012-09-20 11:28 - 01953598 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-26 07:42 - 2013-11-06 12:47 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-26 02:00 - 2012-09-21 10:10 - 00000332 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-EMANUELE-Mepra.job 2015-06-26 02:00 - 2012-09-20 18:18 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe 2015-06-25 22:16 - 2015-05-04 08:25 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\I miei download FileHippo 2015-06-25 22:00 - 2012-09-20 17:38 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Download 2015-06-25 18:46 - 2012-09-20 12:02 - 00000000 ____D C:\Programmi 2015-06-25 18:43 - 2014-11-24 09:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-25 18:43 - 2012-12-13 13:11 - 00000270 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-06-25 18:42 - 2013-06-25 09:40 - 00000000 ____D C:\Documents and Settings\Mepra\Mercurio 2015-06-25 18:42 - 2012-12-13 13:11 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-06-25 18:42 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-25 18:40 - 2014-03-24 09:17 - 00000222 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job 2015-06-25 18:40 - 2013-11-06 12:47 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-25 18:40 - 2012-12-27 10:50 - 00000292 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-06-25 18:39 - 2014-06-23 15:08 - 00060540 _____ C:\SUService.log 2015-06-25 18:39 - 2012-09-20 11:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-25 18:38 - 2012-10-10 09:43 - 00622458 ____C C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat 2015-06-25 18:38 - 2012-09-20 11:37 - 00000194 ___SH C:\Documents and Settings\Mepra\ntuser.ini 2015-06-25 18:38 - 2012-09-20 11:37 - 00000000 ____D C:\Documents and Settings\Mepra 2015-06-25 18:37 - 2015-04-11 09:06 - 00000000 ____D C:\Apri 2015-06-25 18:37 - 2014-09-26 17:52 - 00000000 ____D C:\AdwCleaner 2015-06-25 18:37 - 2012-09-20 12:02 - 00000000 __RHD C:\Documents and Settings\All Users\Dati applicazioni 2015-06-25 18:37 - 2012-09-20 11:37 - 00000000 __RHD C:\Documents and Settings\Mepra\Dati applicazioni 2015-06-25 18:37 - 2012-09-20 11:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni 2015-06-25 18:33 - 2014-10-27 09:26 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2015-06-25 18:33 - 2012-09-25 17:38 - 00000000 ____D C:\Programmi\CCleaner 2015-06-25 18:30 - 2012-12-27 10:50 - 00000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-06-25 18:29 - 2012-09-20 12:01 - 04095928 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-06-25 18:28 - 2014-11-20 17:01 - 00000000 ____D C:\Programmi\Mozilla Maintenance Service 2015-06-25 18:27 - 2012-10-10 09:43 - 01867322 ____C C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-682003330-1957994488-839522115-1003-0.dat 2015-06-25 18:24 - 2014-09-30 15:38 - 00000000 ____D C:\Documents and Settings\LocalService\Impostazioni locali\temp 2015-06-25 18:21 - 2012-09-20 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi 2015-06-25 17:42 - 2012-11-30 15:57 - 00002299 _____ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Acrobat 7.0 Professional.lnk 2015-06-25 17:08 - 2015-01-07 12:15 - 00221184 _____ C:\Documents and Settings\Mepra\Documenti\Mensa ARISTON 2015.xls 2015-06-25 17:08 - 2012-09-20 11:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti 2015-06-25 16:41 - 2015-01-09 15:07 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\FERIE E PERMESSI 2015-06-25 16:38 - 2012-12-27 10:50 - 00000318 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1957994488-839522115-1003.job 2015-06-25 14:39 - 2008-04-14 13:00 - 00000579 _____ C:\WINDOWS\win.ini 2015-06-25 08:05 - 2015-03-04 19:05 - 00002321 _____ C:\Documents and Settings\All Users\Desktop\NinjaTrader 7.lnk 2015-06-24 17:39 - 2012-09-20 17:40 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\eBook personali 2015-06-24 14:05 - 2012-09-20 16:38 - 00125240 ____C C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2015-06-24 12:14 - 2015-05-16 12:16 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\IObit 2015-06-24 12:13 - 2015-05-16 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\ProductData 2015-06-24 12:11 - 2012-10-02 11:02 - 00000000 ____D C:\Programmi\TeamViewer 2015-06-24 09:53 - 2014-09-17 10:13 - 00000000 ____D C:\MEPRA NUOVO CATALOGO HOTEL 2014 2015-06-24 09:30 - 2012-09-21 11:31 - 00013030 _____ C:\PDOXUSRS.NET 2015-06-23 15:21 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Pagamenti 2015-06-23 15:13 - 2012-09-20 18:34 - 00000000 ____D C:\Documents and Settings\Mepra\zucchetti_prof 2015-06-23 10:37 - 2012-09-21 17:19 - 00000420 _____ C:\WINDOWS\BRWMARK.INI 2015-06-23 09:40 - 2012-09-20 18:02 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\desk 2015-06-23 09:32 - 2015-05-16 12:16 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\IObit 2015-06-23 09:32 - 2012-09-20 11:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Modelli 2015-06-22 19:18 - 2012-11-29 15:17 - 00000276 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-06-22 15:22 - 2012-09-21 11:41 - 00000358 _____ C:\WINDOWS\barcode.INI 2015-06-22 14:58 - 2012-11-22 16:30 - 00000000 ____D C:\BACKUP 2015-06-22 11:26 - 2013-09-04 14:15 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Lavoro interinale 2015-06-22 09:37 - 2012-09-20 11:37 - 00000000 ___HD C:\Documents and Settings\Mepra\Risorse di rete 2015-06-22 09:31 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Prestazioni occasionali 2015-06-22 08:58 - 2012-09-20 17:38 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\API 2015-06-20 12:23 - 2012-09-20 11:34 - 00000000 ___HD C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni 2015-06-16 15:25 - 2015-05-20 11:33 - 00002409 _____ C:\Documents and Settings\All Users\Desktop\INPS uniEMens Integrato.lnk 2015-06-16 13:17 - 2014-06-23 15:08 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Applicazioni IBM 2015-06-16 13:17 - 2014-06-23 15:06 - 00428402 _____ C:\Documents and Settings\Mepra\Documenti\IBMNotesInstall.log 2015-06-16 11:24 - 2014-08-27 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Package Cache 2015-06-16 09:11 - 2012-09-20 17:43 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Visite mediche 2015-06-15 10:50 - 2012-09-20 11:34 - 00000000 ____D C:\Documents and Settings\LocalService\Dati applicazioni 2015-06-15 10:48 - 2012-12-28 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Avira 2015-06-15 09:36 - 2013-08-05 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software 2015-06-12 10:12 - 2015-05-13 11:09 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\Preventivi 2015-06-12 08:39 - 2012-09-20 18:26 - 00000000 ____D C:\Programmi\File comuni\Adobe AIR 2015-06-12 08:38 - 2015-02-24 16:51 - 00002138 _____ C:\Documents and Settings\Mepra\Desktop\Controlli CU 2015.lnk 2015-06-12 08:38 - 2014-11-06 10:49 - 00002228 _____ C:\Documents and Settings\Mepra\Desktop\F24 On Line.lnk 2015-06-12 08:37 - 2014-10-17 14:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-06-12 08:37 - 2012-11-07 12:23 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-06-12 08:37 - 2012-09-20 18:20 - 00000000 ____D C:\Programmi\Java 2015-06-11 13:15 - 2012-09-20 16:36 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-06-11 13:11 - 2012-09-20 12:02 - 01334156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-11 13:11 - 2008-04-14 13:00 - 00597920 _____ C:\WINDOWS\system32\perfh010.dat 2015-06-11 13:11 - 2008-04-14 13:00 - 00121290 _____ C:\WINDOWS\system32\perfc010.dat 2015-06-11 13:09 - 2012-09-20 15:10 - 00000000 ____D C:\WINDOWS\ie8updates 2015-06-11 13:09 - 2012-09-20 12:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2015-06-11 12:58 - 2012-09-21 09:14 - 00000000 ____D C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Temp 2015-06-11 12:53 - 2012-09-20 11:30 - 00000000 ____D C:\Documents and Settings\NetworkService\Dati applicazioni 2015-06-11 12:47 - 2012-09-20 12:02 - 00000000 ___RD C:\Documents and Settings\All Users\Documenti 2015-06-11 12:26 - 2014-02-25 13:18 - 00000000 ____D C:\Programmi\LibreOffice 4 2015-06-10 09:31 - 2013-09-18 15:30 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\vlc 2015-06-10 09:29 - 2012-09-20 17:43 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti\Video 2015-06-10 09:24 - 2015-03-26 11:18 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\DVDVideoSoft 2015-06-10 03:05 - 2013-08-28 17:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 03:00 - 2012-09-20 15:06 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-08 15:55 - 2012-09-20 17:40 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\FONDAPI 2015-06-08 15:00 - 2014-03-24 09:17 - 00000216 _____ C:\WINDOWS\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job 2015-06-08 09:55 - 2012-09-20 11:37 - 00000000 ___RD C:\Documents and Settings\Mepra\Documenti\Immagini 2015-06-06 09:01 - 2015-02-09 09:30 - 00000638 _____ C:\Documents and Settings\Mepra\Desktop\Core FTP LE.lnk 2015-06-06 09:01 - 2012-11-09 15:50 - 00000000 ____D C:\Programmi\CoreFTP 2015-06-06 08:08 - 2012-09-20 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$ 2015-06-05 10:52 - 2012-09-20 17:43 - 00054272 _____ C:\Documents and Settings\Mepra\Documenti\Prospetto malattie e maternità.xls 2015-06-04 18:05 - 2012-09-20 12:02 - 00000000 ____D C:\Programmi\File comuni 2015-06-04 17:49 - 2013-02-01 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\Wondershare Video Converter Ultimate 2015-06-04 09:54 - 2012-11-08 18:26 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\CD per fiere USA dettaglio 2015-06-04 09:46 - 2013-01-22 10:03 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\CD Dettaglio 2015-06-03 19:17 - 2013-01-30 13:04 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\AnvSoft 2015-06-03 18:58 - 2013-01-10 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\A-PDF 2015-06-03 18:20 - 2012-09-20 17:42 - 00000000 ____D C:\Documents and Settings\Mepra\Documenti\Privacy 2015-06-03 15:56 - 2015-04-20 11:17 - 00000000 ____D C:\Documents and Settings\Mepra\Desktop\Adobe InDesign CS5 2015-06-03 15:42 - 2012-09-20 11:37 - 00000000 ____D C:\Documents and Settings\Mepra\Menu Avvio\Programmi 2015-06-03 15:18 - 2013-01-30 13:03 - 00000000 ____D C:\Programmi\AnvSoft 2015-06-03 09:15 - 2012-09-20 15:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$ 2015-06-03 08:26 - 2015-05-19 09:59 - 00002881 _____ C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk 2015-06-03 08:26 - 2015-05-19 09:59 - 00000000 ____D C:\Documents and Settings\All Users\Menu Avvio\Programmi\Nero 2015-06-03 08:19 - 2012-09-20 11:30 - 00000000 ___HD C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni 2015-05-30 10:01 - 2012-11-09 15:50 - 00000000 ____D C:\Documents and Settings\Mepra\Dati applicazioni\CoreFTP 2015-05-29 19:08 - 2013-05-16 08:51 - 00000000 ____D C:\Programmi\gs 2015-05-29 14:57 - 2012-09-20 18:30 - 00000000 ____D C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe 2015-05-29 10:18 - 2014-10-13 09:28 - 00000000 ____D C:\Documents and Settings\Mepra\livecare 2015-05-29 08:31 - 2012-09-20 12:02 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica ==================== Files in the root of some directories ======= 2014-11-27 17:16 - 2012-09-20 17:52 - 0008039 _____ () C:\Programmi\Cmdgong.prm 2014-10-01 11:31 - 2014-10-01 12:21 - 0055571 __RSH () C:\Programmi\DLS8Uninstall.log 2012-12-13 11:41 - 2015-03-03 17:52 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe BMP Format CS5 Prefs 2013-05-20 15:19 - 2013-05-20 15:19 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe GIF Format CS5 Prefs 2013-06-18 10:23 - 2013-06-18 10:23 - 0000132 ____C () C:\Documents and Settings\Mepra\Dati applicazioni\Adobe PNG Format CS5 Prefs 2014-07-11 11:46 - 2014-07-29 11:33 - 0000132 _____ () C:\Documents and Settings\Mepra\Dati applicazioni\Preferenze filtro Adobe Esporta tracciati CS5 2014-11-26 11:20 - 2014-11-26 13:18 - 0001456 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Adobe Salva per Web e dispositivi 12.0 Prefs 2013-11-19 11:31 - 2013-12-27 17:02 - 0005952 _____ () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\dat6_.xml 2012-09-21 10:29 - 2013-02-01 18:30 - 0011264 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-31 10:21 - 2013-07-31 10:21 - 0000332 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\poetsch.bat 2013-08-07 14:51 - 2013-08-07 14:51 - 0000782 ____C () C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\recently-used.xbel Some files in TEMP: ==================== C:\Documents and Settings\Mepra\Impostazioni locali\Temp\avgnt.exe C:\Documents and Settings\Mepra\Impostazioni locali\Temp\Quarantine.exe C:\Documents and Settings\Mepra\Impostazioni locali\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================
  13. 2nd post - ESET log C:\Documents and Settings\Mepra\Desktop\switchsetup-2-.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Download\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Download\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent (1).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent (2).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent (3).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent (4).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent (5).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\BitTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\file-repair-setup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\FreeAVIVideoConverter.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\Setup_FileViewPro_[2015].exe Win32/Solvusoft.A potentially unwanted application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\uTorrent (1).exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\uTorrent(1).exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\Adobe InDesign CS5 Premium v7.0 + KEYGEN {Archon}\Adobe InDesign CS5 Premium v7.0.zip a variant of Win32/HackTool.Patcher.P potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\Downloads\Adobe InDesign CS5 Premium v7.0 + KEYGEN {Archon}\Adobe InDesign CS5 Premium v7.0\Your Software Here\Keygen\keygen.exe a variant of Win32/HackTool.Patcher.P potentially unsafe application cleaned by deleting - quarantined C:\Documents and Settings\Mepra\Documenti\I miei download FileHippo\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Documents and Settings\Mepra\Documenti\I miei download FileHippo\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\WINDOWS\Installer\MSI603.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined C:\WINDOWS\Installer\MSI8B.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent (1).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent (2).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent (3).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent (4).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent (5).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\BitTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\file-repair-setup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\uTorrent (1).exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\uTorrent(1).exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Downloads\Adobe InDesign CS5 Premium v7.0 + KEYGEN {Archon}\Adobe InDesign CS5 Premium v7.0.zip a variant of Win32/HackTool.Patcher.P potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Downloads\Adobe InDesign CS5 Premium v7.0 + KEYGEN {Archon}\Adobe InDesign CS5 Premium v7.0\Your Software Here\Keygen\keygen.exe a variant of Win32/HackTool.Patcher.P potentially unsafe application cleaned by deleting - quarantined J:\Documenti 06 05 2015\Download\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined J:\Documenti 06 05 2015\Download\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
  14. Hi TheJoker and thank you very much for your promplt reply Herewith attached I post all the logs you asked me to post, one by one I look forward to hear from you soon Emanuele 1st post - ADWCleaner log # AdwCleaner v4.207 - Logfile created 25/06/2015 at 18:37:44 # Updated 21/06/2015 by Xplode # Database : 2015-06-23.1 [server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : Mepra - EMANUELE # Running from : C:\Documents and Settings\Mepra\Desktop\adwcleaner_4.207.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\apn Folder Deleted : C:\Programmi\FileViewPro Folder Deleted : C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\FileViewPro Folder Deleted : C:\Documents and Settings\Mepra\Dati applicazioni\ProgSense File Deleted : C:\APRI File Deleted : C:\Documents and Settings\Mepra\Dati applicazioni\APRI File Deleted : C:\Documents and Settings\Mepra\Dati applicazioni\Mozilla\Firefox\Profiles\ifp85owe.default-1428392148019\user.js File Deleted : C:\Programmi\Mozilla Firefox\defaults\pref\itms.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Key Deleted : HKCU\Software\ProgSense Key Deleted : HKLM\SOFTWARE\SiteSee Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v39.0 (x86 en-US) [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...] [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"ba6db6a16e305a30d6f92f5b6f7ba5e991e8ae43\""); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"409bb4d138583081507b98115166b0e5c8f7af62\""); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1434358321273"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.safesearch.search_offer_disabled", "true"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":224542617,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224542618,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...] [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.version.last", "39.0"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "7.18.7.8802"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=8B0F6424-04D0-449B-B088-BD1DAA84431A&n=781b446a&p2=^HJ^xdm255^YYA^it&si=CKnXu_a158UCFWjMtAoddh0A4[...] [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "Cookies"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", ""); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.dlpCountryCode", "IT"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2015052906"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm255^YYA^it"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CKnXu_a158UCFWjMtAoddh0A4g"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://free.videodownloadconverter.com/install_pixels.jhtml?partner=^HJ^xdm255^YYA^it&sub_id=CKnXu_a158UCFWjMtAoddh0A4g&coI[...] [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "8B0F6424-04D0-449B-B088-BD1DAA84431A"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1433313149907"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "7.18.7.8802"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://free.videodownloadconverter.com/installComplete.jhtml"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", true); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com"); [ifp85owe.default-1428392148019\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"iobitascsurfingprotection@iobit.com\":{\"d\":\"C:\\\\Documents and Settings\\\\Mepra\\\\Dati applicazioni\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ifp[...] -\\ Google Chrome v45.0.2438.3 [C:\Documents and Settings\Mepra\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.my-online-search.com/?q={searchTerms}&babsrc=SP_ofln&mntrId=5C4180C16EE2D760&cat=buenosearch&dlb=1&affID=128492&tsp=5207 ************************* AdwCleaner[R0].txt - [14518 bytes] - [26/09/2014 17:52:06] AdwCleaner[R1].txt - [2465 bytes] - [24/11/2014 11:45:10] AdwCleaner[R2].txt - [7802 bytes] - [25/06/2015 18:36:13] AdwCleaner[s0].txt - [14823 bytes] - [26/09/2014 17:56:53] AdwCleaner[s1].txt - [2558 bytes] - [24/11/2014 11:47:53] AdwCleaner[s2].txt - [8126 bytes] - [25/06/2015 18:37:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [8185 bytes] ##########
  15. hi everybody I'm starting this topic because today my computer seems to be very slow and in some moments it freezes for 5 or 10 seconds. herewith attached I post the logs of Malwarebites - DDS and Security Check: please help me if possible Emanuele Malwarebytes Anti-Malware www.malwarebytes.org Data scansione: 24/06/2015 Ora scansione: 17.22.40 File di log: scan.txt Amministratore: Si Versione: 2.01.6.1022 Database malware: v2015.06.24.02 Database rootkit: v2015.06.22.01 Licenza: Premium Protezione da malware: Attivata Protezione da siti web nocivi: Attivata Auto-protezione: Disattivata SO: Windows XP Service Pack 3 CPU: x86 File system: NTFS Utente: Mepra Tipo di scansione: Ricerca elementi nocivi Risultati: Completata Elementi analizzati: 404473 Tempo impiegato: 1 ore, 5 min, 47 sec Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Euristica: Attivata PUP: Attivata PUM: Attivata Processi: 0 (Nessun elemento nocivo rilevato) Moduli: 0 (Nessun elemento nocivo rilevato) Chiavi di registro: 0 (Nessun elemento nocivo rilevato) Valori di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Cartelle: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settori fisici: 0 (Nessun elemento nocivo rilevato) (end) DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.45.2 Run by Mepra at 18:30:11 on 2015-06-24 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1953.643 [GMT 2:00] . AV: Avira Antivirus *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programmi\Avira\Antivirus\sched.exe C:\Programmi\Avira\Antivirus\avguard.exe C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\DYMO\DYMO Label Software\DymoPnpService.exe C:\lotus\notes\nsd.exe C:\Programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\lotus\notes\SUService.exe C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\lotus\notes\ntmulti.exe C:\Programmi\Nero\Nero BackItUp\NBService.exe C:\Programmi\Panasonic\TrapMonitor\Trapmnnt.exe C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe C:\Programmi\Malwarebytes Anti-Malware\mbam.exe C:\Programmi\Avira\Antivirus\avshadow.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmi\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Programmi\File comuni\Java\Java Update\jusched.exe C:\Programmi\Avira\Antivirus\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Avira\Launcher\Avira.Systray.exe C:\Programmi\CCleaner\CCleaner.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJKE.EXE C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Programmi\FileHippo.com\FileHippo.AppManager.exe C:\Documents and Settings\Mepra\Mercurio\jre\launch4j-tmp\Mercurio.exe C:\Programmi\Mercurio\jre\bin\javaw.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Programmi\IObit\Advanced SystemCare 8\ASCService.exe C:\Programmi\IObit\Advanced SystemCare 8\ASC.exe C:\Programmi\IObit\Advanced SystemCare 8\Monitor.exe C:\Programmi\IObit\Advanced SystemCare 8\ASCTray.exe C:\Programmi\Real\RealPlayer\update\realsched.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mSearch Page = about:blank mDefault_Page_URL = about:blank mDefault_Search_URL = about:blank BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre1.8.0_45\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\programmi\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre1.8.0_45\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [CCleaner Monitoring] "c:\programmi\ccleaner\CCleaner.exe" /MONITOR uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatijke.exe /ept "epltarget\P0000000000000001" /M "WF-3010 Series" uRun: [FileHippo.com] "c:\programmi\filehippo.com\FileHippo.AppManager.exe" /background uRun: [Advanced SystemCare 8] "c:\programmi\iobit\advanced systemcare 8\ASCTray.exe" /Auto uRun: [Mercurio Live] c:\documents and settings\mepra\mercurio\Mercurio.exe uRunOnce: [Adobe Speed Launcher] 1434958551 mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AdobeAAMUpdater-1.0] "c:\programmi\file comuni\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\programmi\file comuni\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Panasonic Device Monitor Wakeup] c:\programmi\panasonic\panasonic-dms\device monitor\DMWakeup.exe mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe" mRun: [Client Access Service] "c:\programmi\ibm\client access\cwbsvstr.exe" mRun: [Client Access Help Update] "c:\programmi\ibm\client access\cwbinhlp.exe" mRun: [Client Access Check Version] "c:\programmi\ibm\client access\cwbckver.exe" LOGIN mRun: [Client Access Express Welcome] "c:\programmi\ibm\client access\cwbwlwiz.exe" mRun: [TkBellExe] "c:\programmi\real\realplayer\update\realsched.exe" -osboot mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe" mRun: [Nero BackItUp] "c:\programmi\nero\nero backitup\BackItUp.exe" /WinStart mRun: [Wondershare Helper Compact.exe] c:\programmi\common files\wondershare\wondershare helper compact\WSHelper.exe mRun: [sunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe" mRun: [Avira Systray] c:\programmi\avira\launcher\Avira.Systray.exe mRun: [avgnt] "c:\programmi\avira\antivirus\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\documents and settings\mepra\menu avvio\programmi\esecuzione automatica\Av.bat StartupFolder: c:\docume~1\mepra\menuav~1\progra~1\esecuz~1\colleg~1.lnk - c:\AS-LOGIN.bat StartupFolder: c:\docume~1\mepra\menuav~1\progra~1\esecuz~1\mercurio.lnk - c:\programmi\mercurio\Mercurio.exe StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Download All using 4shared Desktop - c:\programmi\4shared desktop\Desktop.32/D_ALL_LINK IE: &Download using 4shared Desktop - c:\programmi\4shared desktop\Desktop.32/D_ONE_LINK IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe LSP: c:\programmi\avira\antivirus\avsda.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348151699250 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348151756703 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash5/cabs/swflash.cab TCP: Interfaces\{B29C1FD5-8878-4C91-ADC7-6FF324C56C01} : NameServer = 62.97.32.21,62.97.33.21 Handler: WSWSVCUchrome - Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programmi\coreftp\pftpns.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programmi\google\chrome\application\45.0.2438.3\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mepra\dati applicazioni\mozilla\firefox\profiles\ifp85owe.default-1428392148019\ FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\documents and settings\all users\dati applicazioni\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\programmi\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\programmi\dymo\dymo label software\framework\npDYMOLabelFramework.dll FF - plugin: c:\programmi\file comuni\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\programmi\file comuni\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\programmi\google\update\1.3.27.5\npGoogleUpdate3.dll FF - plugin: c:\programmi\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\programmi\java\jre1.8.0_45\bin\plugin2\npjp2.dll FF - plugin: c:\programmi\microsoft silverlight\5.1.40416.0\npctrlui.dll FF - plugin: c:\programmi\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1218158.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_95.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2015-6-15 37896] R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\programmi\iobit\advanced systemcare 8\ASCService.exe [2015-5-16 814880] R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivirus\sched.exe [2015-6-15 450808] R2 AntiVirService;Avira Real-Time Protection;c:\programmi\avira\antivirus\avguard.exe [2015-6-15 450808] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2015-6-15 108448] R2 Avira.ServiceHost;Avira Service Host;c:\programmi\avira\launcher\Avira.ServiceHost.exe [2015-5-21 208632] R2 DymoPnpService;DYMO PnP Service;c:\programmi\dymo\dymo label software\DymoPnpService.exe [2014-3-20 33072] R2 IBM Notes Diagnostics;Diagnostica IBM Notes;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?] R2 LNSUSvc;Servizio IBM Notes Smart Upgrade ;c:\lotus\notes\SUService.exe [2013-10-15 1654376] R2 MBAMScheduler;MBAMScheduler;c:\programmi\malwarebytes anti-malware\mbamscheduler.exe [2014-11-24 1871160] R2 MBAMService;MBAMService;c:\programmi\malwarebytes anti-malware\mbamservice.exe [2014-11-24 1080120] R2 NeroBackItUpBackgroundService;Nero BackItUp Background Service;c:\programmi\nero\nero backitup\NBService.exe [2015-5-25 279904] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056] R2 UNS;Intel® Management and Security Application User Notification Service;c:\programmi\intel\intel® management engine components\uns\UNS.exe [2012-9-20 2656280] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-24 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-24 119512] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-9-20 41088] R3 SNXPCARD;Multi-I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2012-9-20 59272] R3 SNXPSERX;Multi-I/O Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [2012-9-20 60808] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S1 SDHookDriver;Hook Test Driver;\??\c:\programmi\spybot - search & destroy 2\sdhookdrv32.sys --> c:\programmi\spybot - search & destroy 2\SDHookDrv32.sys [?] S2 AntiVirMailService;Avira Mail Protection;c:\programmi\avira\antivirus\avmailc.exe [2015-6-15 825136] S2 AntiVirWebService;Avira Web Protection;c:\programmi\avira\antivirus\avwebgrd.exe [2015-6-15 1187336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LiveUpdateSvc;LiveUpdate;c:\programmi\iobit\liveupdate\LiveUpdate.exe [2015-5-16 2904864] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [2013-9-16 24832] S3 SwitchBoard;SwitchBoard;c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2015-06-22 09:51:03 17064 ----a-w- c:\programmi\mozilla firefox\mozalloc.dll 2015-06-15 08:50:41 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Avira 2015-06-15 08:48:55 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2015-06-15 08:48:55 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-06-15 08:45:54 -------- d-----w- c:\programmi\Avira 2015-06-04 16:05:27 -------- d-----w- c:\programmi\file comuni\DVDVideoSoft 2015-06-04 16:05:26 -------- d-----w- c:\programmi\DVDVideoSoft 2015-06-04 15:45:27 -------- d-----w- c:\documents and settings\mepra\impostazioni locali\dati applicazioni\Wondershare 2015-06-04 15:44:56 214528 ----a-w- c:\windows\system32\WSCM32.dll 2015-06-04 15:44:48 -------- d-----w- c:\programmi\Wondershare 2015-06-04 15:44:48 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Wondershare 2015-06-04 06:17:26 -------- d-----w- c:\documents and settings\mepra\.fontconfig 2015-06-04 06:16:42 -------- d-----w- c:\documents and settings\mepra\impostazioni locali\dati applicazioni\Movavi 2015-06-04 06:16:02 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Movavi 2015-06-03 17:29:30 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Movavi Video Converter 15 2015-06-03 13:40:07 -------- d-----w- c:\programmi\A-PDF to Video 2015-06-03 13:02:07 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\Apowersoft 2015-06-03 13:02:04 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Apowersoft 2015-05-30 08:08:08 -------- d-----w- c:\documents and settings\mepra\dati applicazioni\MOVAVI 2015-05-30 07:59:21 -------- d-----w- c:\programmi\Total Video Converter 2015-05-30 07:48:13 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Freemake 2015-05-30 07:48:01 -------- d-----w- c:\programmi\Freemake . ==================== Find3M ==================== . 2015-06-24 15:23:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-12 06:37:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-06-12 06:37:42 146432 ----a-w- c:\windows\system32\javacpl.cpl 2015-04-27 06:43:28 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-04-27 06:43:28 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-04-14 07:37:48 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-04-14 07:37:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 18.31.44,15 =============== Results of screen317's Security Check version 1.004 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 31 Java 8 Update 45 Adobe Flash Player 18.0.0.95 Adobe Reader XI Mozilla Firefox (39.0) Google Chrome (45.0.2431.0) Google Chrome (45.0.2438.3) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log``````````````````````