Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG update [Closed]

malware logs

  • This topic is locked This topic is locked

#1
bero

bero

    New Member

  • Member
  • Pip
  • 3 posts

Hello everybody!!

 

this morning after AVG update my browsers started crashing(both Chrome and FF) and I had quite high usage of browsers memory with multiple istances of chrome even with one tab open;

 

for an hour I was stuck with my connection  clogged ,

 

1.a ran a first OTL scan_

 

2.then an AVG scan and it found and fixed the following problems:
"";"Adware Generic5.AOJI, C:\Users\leodue\AppData\Local\Temp\bitool.dll";"Secured"

 

3. reran OTL

 

now I'm not stuck anymore but connection is not fast as usual,

 

I'll include logs , if somebody wants to take a look i'd appreciate;

thanks

 

 

 

 


Edited by bero, 04 August 2015 - 07:36 AM.

  • 0

Advertisements


#2
bero

bero

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

first OTL log:

OTL logfile created on: 04/08/2015 10:39:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\leodue\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,98 Gb Total Physical Memory | 5,56 Gb Available Physical Memory | 69,61% Memory free
7,98 Gb Paging File | 5,31 Gb Available in Paging File | 66,54% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 36,13 Gb Free Space | 32,32% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 62,82 Gb Free Space | 42,15% Space Free | Partition Type: NTFS
Drive E: | 161,06 Gb Total Space | 96,31 Gb Free Space | 59,80% Space Free | Partition Type: NTFS
Drive F: | 170,90 Gb Total Space | 170,80 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: LEODUE-PC | User Name: leodue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2015/08/04 10:37:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leodue\Downloads\OTL.exe
PRC - [2015/07/25 10:46:43 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/07/23 11:51:42 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\MozillaFirefox\firefox.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/03 09:19:46 | 003,259,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2015/07/03 09:18:08 | 005,214,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2015/07/03 09:11:18 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/15 21:02:26 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009/07/24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2015/07/25 10:46:41 | 001,405,768 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
MOD - [2015/07/25 10:46:40 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
MOD - [2010/11/15 21:04:34 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\it_it\acrotray.ita
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/07/02 22:48:32 | 002,683,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\nvwmi64.exe -- (NVWMI)
SRV:[b]64bit:[/b] - [2010/04/29 19:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/08/03 10:57:47 | 000,149,672 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/07/03 09:19:46 | 003,259,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/07/03 09:11:18 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2015/06/25 20:09:34 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2015/05/26 21:04:18 | 000,369,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2015/05/26 21:03:18 | 000,237,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2015/05/26 21:03:16 | 000,211,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2015/05/18 21:13:08 | 000,276,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2014/10/24 11:20:06 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2014/09/01 15:22:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 23:13:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2014/07/02 22:48:32 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:[b]64bit:[/b] - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2013/11/26 16:49:44 | 000,888,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,077,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:[b]64bit:[/b] - [2013/01/25 03:16:40 | 000,109,568 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2012/12/22 03:46:11 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:[b]64bit:[/b] - [2012/10/03 17:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/08/12 14:03:28 | 000,748,648 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:[b]64bit:[/b] - [2010/04/28 17:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:[b]64bit:[/b] - [2009/11/18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/11/21 10:54:08 | 000,025,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AMDx64CUT.sys -- (SUMMACUTamd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 37 E5 94 F3 C5 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.46.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/09/01 15:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Components: C:\Program Files (x86)\Firefox Developer Edition\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Plugins: C:\Program Files (x86)\Firefox Developer Edition\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\MozillaFirefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\MozillaFirefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Components: C:\Program Files (x86)\Firefox Developer Edition\components
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Plugins: C:\Program Files (x86)\Firefox Developer Edition\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\MozillaFirefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\MozillaFirefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/08/05 17:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Extensions
[2015/08/03 11:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Firefox\Profiles\hx3j48iq.dev-edition-default\extensions
[2015/07/30 09:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Firefox\Profiles\zjonny93.default\extensions
[2015/08/03 11:09:04 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\hx3j48iq.dev-edition-default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/06/17 09:50:51 | 002,593,367 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\[email protected]
[2015/05/29 10:52:48 | 000,420,836 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\[email protected]
[2015/07/30 09:48:24 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/05/29 15:10:33 | 000,154,460 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.8_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\bomhdjeadceaggdgfoefmpeafkjhegbo\1.8.6_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc\1.4.3_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.81_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji\2.0.8_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
 
O1 HOSTS File: ([2015/02/03 18:03:09 | 000,001,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1         activate.adobe.com
O1 - Hosts: 127.0.0.1         localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1         maiolab.dev
O1 - Hosts: 127.0.0.1         ps13.dev
O1 - Hosts: 127.0.0.1         leggiadra.dev
O1 - Hosts: 127.0.0.1         phptest.dev
O1 - Hosts: 127.0.0.1         cube.dev
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\modem WiFi\modem WiFi File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FA818C-3508-405D-9FBE-D08D2469499F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C696923-7736-4E7F-87A5-6B64E463A8AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DDD8702-DF80-4F1A-9A37-79F40B165A7C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A792903E-E614-44CB-BF26-1C70EBC0BA42}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE87D0C3-0A15-4C31-97B7-0DCBB92D1476}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45BD3AC-455A-4CAD-B5C1-96E41A5EB41F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6C7092-25A3-46E8-820B-9B43FD252A1A}: DhcpNameServer = 192.168.42.129
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1132fd2f-543a-11e4-a737-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{1132fd2f-543a-11e4-a737-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{170d69a6-a2d8-11e4-a470-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{170d69a6-a2d8-11e4-a470-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{292a45a7-52af-11e4-ad0e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{292a45a7-52af-11e4-ad0e-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2af41068-928c-11e4-9b33-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{2af41068-928c-11e4-9b33-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f944e4e-85c7-11e4-beeb-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{2f944e4e-85c7-11e4-beeb-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{30aab045-480e-11e4-8484-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{30aab045-480e-11e4-8484-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{30aab093-480e-11e4-8484-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{30aab093-480e-11e4-8484-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{328d58c5-47a7-11e4-bc7c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{328d58c5-47a7-11e4-bc7c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3bc4f0d2-1d35-11e4-bc1b-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc4f0d2-1d35-11e4-bc1b-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{45e418e7-7156-11e4-afe3-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{45e418e7-7156-11e4-afe3-6c626d3b6a8c}\Shell\AutoRun\command - "" = P:\AutoRun.exe
O33 - MountPoints2\{45febc29-41ce-11e4-8237-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{45febc29-41ce-11e4-8237-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4a2c7127-1dfc-11e4-bb46-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2c7127-1dfc-11e4-bb46-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5574b32d-925b-11e4-ade5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5574b32d-925b-11e4-ade5-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5aeb2dc9-44ef-11e4-87cc-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5aeb2dc9-44ef-11e4-87cc-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5c1054ae-4acb-11e4-a00a-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1054ae-4acb-11e4-a00a-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{652306a6-4a76-11e4-ac1b-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{652306a6-4a76-11e4-ac1b-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6adcd3eb-3fcd-11e4-97a1-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6adcd3eb-3fcd-11e4-97a1-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6b523696-7097-11e4-a257-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6b523696-7097-11e4-a257-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6df2c507-59b6-11e4-a5e6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6df2c507-59b6-11e4-a5e6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{710a3810-3b8d-11e4-9305-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{710a3810-3b8d-11e4-9305-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{710a381b-3b8d-11e4-9305-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{710a381b-3b8d-11e4-9305-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{798856c8-9c8f-11e4-804e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{798856c8-9c8f-11e4-804e-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7f8aeaab-4c04-11e4-b826-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8aeaab-4c04-11e4-b826-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7f8aeaba-4c04-11e4-b826-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8aeaba-4c04-11e4-b826-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{831c31e8-1cdb-11e4-a3d3-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{831c31e8-1cdb-11e4-a3d3-6c626d3b6a8c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{857daf66-4d26-11e4-98f0-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{857daf66-4d26-11e4-98f0-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{89a178a9-277f-11e4-978f-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{89a178a9-277f-11e4-978f-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8b783bad-868e-11e4-97b7-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b783bad-868e-11e4-97b7-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8d574d89-3ca6-11e4-bab2-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8d574d89-3ca6-11e4-bab2-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8f00f887-02ac-11e5-9cd5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8f00f887-02ac-11e5-9cd5-6c626d3b6a8c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{9d9f89da-3f74-11e4-adf6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9f89da-3f74-11e4-adf6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{9e39b693-faf4-11e4-962c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9e39b693-faf4-11e4-962c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{9f4b9b0a-4eb6-11e4-a224-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4b9b0a-4eb6-11e4-a224-6c626d3b6a8c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{aa640a11-454b-11e4-896e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{aa640a11-454b-11e4-896e-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ab5b48a7-4871-11e4-8491-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ab5b48a7-4871-11e4-8491-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ab5e33e9-3ac4-11e4-baf9-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ab5e33e9-3ac4-11e4-baf9-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{af57c451-4481-11e4-98bb-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{af57c451-4481-11e4-98bb-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b469c5ec-8758-11e4-8ee5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{b469c5ec-8758-11e4-8ee5-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b59f9e90-5371-11e4-ac68-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{b59f9e90-5371-11e4-ac68-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c5aff58e-5829-11e4-8d29-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5aff58e-5829-11e4-8d29-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ca84df08-45c6-11e4-b1e1-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ca84df08-45c6-11e4-b1e1-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d04a8286-3d1c-11e4-b979-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{d04a8286-3d1c-11e4-b979-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb976484-1cae-11e4-8553-e252a692db75}\Shell - "" = AutoRun
O33 - MountPoints2\{eb976484-1cae-11e4-8553-e252a692db75}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{eb97648a-1cae-11e4-8553-80560c3eeb7b}\Shell - "" = AutoRun
O33 - MountPoints2\{eb97648a-1cae-11e4-8553-80560c3eeb7b}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{ebfbcf46-4431-11e4-8b03-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfbcf46-4431-11e4-8b03-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f1a1f2f4-3e36-11e4-8ac6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f1a1f2f4-3e36-11e4-8ac6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f8f30da9-4cd6-11e4-8d9c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f8f30da9-4cd6-11e4-8d9c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2015/08/03 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox Developer Edition
[2015/07/23 11:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozillaFirefox
[2015/07/16 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2015/08/04 10:31:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/08/04 10:31:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/08/04 10:28:30 | 001,516,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/08/04 10:28:30 | 000,689,234 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2015/08/04 10:28:30 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/08/04 10:28:30 | 000,124,420 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2015/08/04 10:28:30 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/08/04 10:24:19 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/04 10:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/08/04 10:17:07 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/22 17:32:46 | 000,000,132 | ---- | M] () -- C:\Users\leodue\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2015/07/20 15:12:24 | 000,014,246 | ---- | M] () -- C:\Users\leodue\Desktop\fiorenzo-bon.pdf
[2015/07/20 15:06:10 | 000,011,177 | ---- | M] () -- C:\Users\leodue\Desktop\sda-bon.pdf
[2015/07/17 11:46:49 | 001,554,117 | ---- | M] () -- C:\Users\leodue\Desktop\IMG_0872.JPG
[2015/07/16 12:49:00 | 000,440,368 | ---- | M] () -- C:\Users\leodue\Desktop\fax.pdf
[2015/07/16 12:39:05 | 000,532,682 | ---- | M] () -- C:\Users\leodue\Desktop\delega ritiro.jpeg
[2015/07/16 11:51:26 | 000,000,906 | ---- | M] () -- C:\Users\leodue\Desktop\scacchiera-vuota.png
[2015/07/16 11:29:43 | 000,106,788 | ---- | M] () -- C:\Users\leodue\Desktop\IMG_0328.JPG
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2015/07/20 15:12:24 | 000,014,246 | ---- | C] () -- C:\Users\leodue\Desktop\fiorenzo-bon.pdf
[2015/07/20 15:06:10 | 000,011,177 | ---- | C] () -- C:\Users\leodue\Desktop\sda-bon.pdf
[2015/07/17 11:47:49 | 001,554,117 | ---- | C] () -- C:\Users\leodue\Desktop\IMG_0872.JPG
[2015/07/16 12:48:59 | 000,440,368 | ---- | C] () -- C:\Users\leodue\Desktop\fax.pdf
[2015/07/16 12:39:27 | 000,532,682 | ---- | C] () -- C:\Users\leodue\Desktop\delega ritiro.jpeg
[2015/07/16 11:51:26 | 000,000,906 | ---- | C] () -- C:\Users\leodue\Desktop\scacchiera-vuota.png
[2015/07/16 11:29:43 | 000,106,788 | ---- | C] () -- C:\Users\leodue\Desktop\IMG_0328.JPG
[2015/07/02 15:36:19 | 000,007,600 | ---- | C] () -- C:\Users\leodue\AppData\Local\Resmon.ResmonCfg
[2014/11/24 13:28:33 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2014/11/13 12:52:48 | 000,000,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/23 09:37:11 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2014/09/01 16:29:42 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/08/08 15:07:48 | 000,735,410 | ---- | C] () -- C:\Users\leodue\stampa.pdf
[2014/08/07 08:36:17 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\MozillaFirefoxwtu-secure-search.xml
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2014/10/30 16:56:04 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-219865609-1501828379-148795355-1000\$RROJ0YJ\l
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 212 bytes -> C:\Users\leodue\Desktop\delega ritiro.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >



  • 0

#3
bero

bero

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

here's the second(doesn't look much differnet but maybe I'm missing something:)

OTL logfile created on: 04/08/2015 12:24:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\leodue\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
7,98 Gb Total Physical Memory | 4,12 Gb Available Physical Memory | 51,64% Memory free
7,98 Gb Paging File | 4,14 Gb Available in Paging File | 51,88% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 35,90 Gb Free Space | 32,12% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 62,81 Gb Free Space | 42,14% Space Free | Partition Type: NTFS
Drive E: | 161,06 Gb Total Space | 96,31 Gb Free Space | 59,80% Space Free | Partition Type: NTFS
Drive F: | 170,90 Gb Total Space | 170,80 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: LEODUE-PC | User Name: leodue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2015/08/04 10:37:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leodue\Downloads\OTL.exe
PRC - [2015/07/25 10:46:43 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/07/23 11:51:42 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\MozillaFirefox\firefox.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/03 09:19:46 | 003,259,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2015/07/03 09:18:08 | 005,214,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2015/07/03 09:11:18 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/15 21:02:26 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009/07/24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2015/07/25 10:46:41 | 001,405,768 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
MOD - [2015/07/25 10:46:40 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
MOD - [2010/11/15 21:04:34 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\it_it\acrotray.ita
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/07/02 22:48:32 | 002,683,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\nvwmi64.exe -- (NVWMI)
SRV:[b]64bit:[/b] - [2010/04/29 19:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/08/03 10:57:47 | 000,149,672 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/07/03 09:19:46 | 003,259,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/07/03 09:11:18 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2015/06/25 20:09:34 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/07/02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2015/05/26 21:04:18 | 000,369,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:[b]64bit:[/b] - [2015/05/26 21:03:18 | 000,237,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:[b]64bit:[/b] - [2015/05/26 21:03:16 | 000,211,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2015/05/18 21:13:08 | 000,276,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2014/10/24 11:20:06 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2014/09/01 15:22:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 23:13:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2014/07/02 22:48:32 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:[b]64bit:[/b] - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2013/11/26 16:49:44 | 000,888,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,077,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:[b]64bit:[/b] - [2013/03/04 10:32:48 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:[b]64bit:[/b] - [2013/01/25 03:16:40 | 000,109,568 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:[b]64bit:[/b] - [2012/12/22 03:46:11 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:[b]64bit:[/b] - [2012/10/03 17:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/08/12 14:03:28 | 000,748,648 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:[b]64bit:[/b] - [2010/04/28 17:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:[b]64bit:[/b] - [2009/11/18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/11/21 10:54:08 | 000,025,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AMDx64CUT.sys -- (SUMMACUTamd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 37 E5 94 F3 C5 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.46.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/09/01 15:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Components: C:\Program Files (x86)\Firefox Developer Edition\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Plugins: C:\Program Files (x86)\Firefox Developer Edition\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\MozillaFirefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\MozillaFirefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Components: C:\Program Files (x86)\Firefox Developer Edition\components
FF - HKEY_CURRENT_USER\software\mozilla\Firefox Developer Edition 41.0a2\extensions\\Plugins: C:\Program Files (x86)\Firefox Developer Edition\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\MozillaFirefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\MozillaFirefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/08/05 17:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Extensions
[2015/08/03 11:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Firefox\Profiles\hx3j48iq.dev-edition-default\extensions
[2015/07/30 09:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\Firefox\Profiles\zjonny93.default\extensions
[2015/08/03 11:09:04 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\hx3j48iq.dev-edition-default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/06/17 09:50:51 | 002,593,367 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\[email protected]
[2015/05/29 10:52:48 | 000,420,836 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\[email protected]
[2015/07/30 09:48:24 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/05/29 15:10:33 | 000,154,460 | ---- | M] () (No name found) -- C:\Users\leodue\AppData\Roaming\mozilla\firefox\profiles\zjonny93.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.8_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\bomhdjeadceaggdgfoefmpeafkjhegbo\1.8.6_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc\1.4.3_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji\2.0.8_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\leodue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
 
O1 HOSTS File: ([2015/02/03 18:03:09 | 000,001,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1         activate.adobe.com
O1 - Hosts: 127.0.0.1         localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1         maiolab.dev
O1 - Hosts: 127.0.0.1         ps13.dev
O1 - Hosts: 127.0.0.1         leggiadra.dev
O1 - Hosts: 127.0.0.1         phptest.dev
O1 - Hosts: 127.0.0.1         cube.dev
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\modem WiFi\modem WiFi File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FA818C-3508-405D-9FBE-D08D2469499F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C696923-7736-4E7F-87A5-6B64E463A8AE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DDD8702-DF80-4F1A-9A37-79F40B165A7C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A792903E-E614-44CB-BF26-1C70EBC0BA42}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE87D0C3-0A15-4C31-97B7-0DCBB92D1476}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45BD3AC-455A-4CAD-B5C1-96E41A5EB41F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6C7092-25A3-46E8-820B-9B43FD252A1A}: DhcpNameServer = 192.168.42.129
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1132fd2f-543a-11e4-a737-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{1132fd2f-543a-11e4-a737-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{170d69a6-a2d8-11e4-a470-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{170d69a6-a2d8-11e4-a470-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{292a45a7-52af-11e4-ad0e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{292a45a7-52af-11e4-ad0e-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2af41068-928c-11e4-9b33-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{2af41068-928c-11e4-9b33-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f944e4e-85c7-11e4-beeb-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{2f944e4e-85c7-11e4-beeb-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{30aab045-480e-11e4-8484-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{30aab045-480e-11e4-8484-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{30aab093-480e-11e4-8484-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{30aab093-480e-11e4-8484-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{328d58c5-47a7-11e4-bc7c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{328d58c5-47a7-11e4-bc7c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3bc4f0d2-1d35-11e4-bc1b-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc4f0d2-1d35-11e4-bc1b-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{45e418e7-7156-11e4-afe3-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{45e418e7-7156-11e4-afe3-6c626d3b6a8c}\Shell\AutoRun\command - "" = P:\AutoRun.exe
O33 - MountPoints2\{45febc29-41ce-11e4-8237-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{45febc29-41ce-11e4-8237-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4a2c7127-1dfc-11e4-bb46-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2c7127-1dfc-11e4-bb46-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5574b32d-925b-11e4-ade5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5574b32d-925b-11e4-ade5-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5aeb2dc9-44ef-11e4-87cc-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5aeb2dc9-44ef-11e4-87cc-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5c1054ae-4acb-11e4-a00a-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1054ae-4acb-11e4-a00a-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{652306a6-4a76-11e4-ac1b-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{652306a6-4a76-11e4-ac1b-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6adcd3eb-3fcd-11e4-97a1-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6adcd3eb-3fcd-11e4-97a1-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6b523696-7097-11e4-a257-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6b523696-7097-11e4-a257-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6df2c507-59b6-11e4-a5e6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{6df2c507-59b6-11e4-a5e6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{710a3810-3b8d-11e4-9305-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{710a3810-3b8d-11e4-9305-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{710a381b-3b8d-11e4-9305-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{710a381b-3b8d-11e4-9305-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{798856c8-9c8f-11e4-804e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{798856c8-9c8f-11e4-804e-6c626d3b6a8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7f8aeaab-4c04-11e4-b826-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8aeaab-4c04-11e4-b826-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7f8aeaba-4c04-11e4-b826-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f8aeaba-4c04-11e4-b826-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{831c31e8-1cdb-11e4-a3d3-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{831c31e8-1cdb-11e4-a3d3-6c626d3b6a8c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{857daf66-4d26-11e4-98f0-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{857daf66-4d26-11e4-98f0-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{89a178a9-277f-11e4-978f-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{89a178a9-277f-11e4-978f-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8b783bad-868e-11e4-97b7-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b783bad-868e-11e4-97b7-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8d574d89-3ca6-11e4-bab2-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8d574d89-3ca6-11e4-bab2-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{8f00f887-02ac-11e5-9cd5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{8f00f887-02ac-11e5-9cd5-6c626d3b6a8c}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{9d9f89da-3f74-11e4-adf6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9f89da-3f74-11e4-adf6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{9e39b693-faf4-11e4-962c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9e39b693-faf4-11e4-962c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{9f4b9b0a-4eb6-11e4-a224-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4b9b0a-4eb6-11e4-a224-6c626d3b6a8c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{aa640a11-454b-11e4-896e-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{aa640a11-454b-11e4-896e-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ab5b48a7-4871-11e4-8491-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ab5b48a7-4871-11e4-8491-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ab5e33e9-3ac4-11e4-baf9-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ab5e33e9-3ac4-11e4-baf9-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{af57c451-4481-11e4-98bb-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{af57c451-4481-11e4-98bb-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b469c5ec-8758-11e4-8ee5-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{b469c5ec-8758-11e4-8ee5-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b59f9e90-5371-11e4-ac68-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{b59f9e90-5371-11e4-ac68-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c5aff58e-5829-11e4-8d29-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5aff58e-5829-11e4-8d29-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ca84df08-45c6-11e4-b1e1-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ca84df08-45c6-11e4-b1e1-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d04a8286-3d1c-11e4-b979-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{d04a8286-3d1c-11e4-b979-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb976484-1cae-11e4-8553-e252a692db75}\Shell - "" = AutoRun
O33 - MountPoints2\{eb976484-1cae-11e4-8553-e252a692db75}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{eb97648a-1cae-11e4-8553-80560c3eeb7b}\Shell - "" = AutoRun
O33 - MountPoints2\{eb97648a-1cae-11e4-8553-80560c3eeb7b}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{ebfbcf46-4431-11e4-8b03-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfbcf46-4431-11e4-8b03-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f1a1f2f4-3e36-11e4-8ac6-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f1a1f2f4-3e36-11e4-8ac6-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{f8f30da9-4cd6-11e4-8d9c-6c626d3b6a8c}\Shell - "" = AutoRun
O33 - MountPoints2\{f8f30da9-4cd6-11e4-8d9c-6c626d3b6a8c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2015/08/04 11:45:25 | 000,000,000 | ---D | C] -- C:\Users\leodue\Desktop\logs-debug
[2015/08/03 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox Developer Edition
[2015/07/23 11:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozillaFirefox
[2015/07/16 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2015/08/04 12:17:01 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/04 11:17:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/04 10:31:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/08/04 10:31:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/08/04 10:28:30 | 001,516,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/08/04 10:28:30 | 000,689,234 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2015/08/04 10:28:30 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/08/04 10:28:30 | 000,124,420 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2015/08/04 10:28:30 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/08/04 10:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/07/22 17:32:46 | 000,000,132 | ---- | M] () -- C:\Users\leodue\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2015/07/20 15:12:24 | 000,014,246 | ---- | M] () -- C:\Users\leodue\Desktop\fiorenzo-bon.pdf
[2015/07/20 15:06:10 | 000,011,177 | ---- | M] () -- C:\Users\leodue\Desktop\sda-bon.pdf
[2015/07/17 11:46:49 | 001,554,117 | ---- | M] () -- C:\Users\leodue\Desktop\IMG_0872.JPG
[2015/07/16 12:49:00 | 000,440,368 | ---- | M] () -- C:\Users\leodue\Desktop\fax.pdf
[2015/07/16 12:39:05 | 000,532,682 | ---- | M] () -- C:\Users\leodue\Desktop\delega ritiro.jpeg
[2015/07/16 11:51:26 | 000,000,906 | ---- | M] () -- C:\Users\leodue\Desktop\scacchiera-vuota.png
[2015/07/16 11:29:43 | 000,106,788 | ---- | M] () -- C:\Users\leodue\Desktop\IMG_0328.JPG
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2015/07/20 15:12:24 | 000,014,246 | ---- | C] () -- C:\Users\leodue\Desktop\fiorenzo-bon.pdf
[2015/07/20 15:06:10 | 000,011,177 | ---- | C] () -- C:\Users\leodue\Desktop\sda-bon.pdf
[2015/07/17 11:47:49 | 001,554,117 | ---- | C] () -- C:\Users\leodue\Desktop\IMG_0872.JPG
[2015/07/16 12:48:59 | 000,440,368 | ---- | C] () -- C:\Users\leodue\Desktop\fax.pdf
[2015/07/16 12:39:27 | 000,532,682 | ---- | C] () -- C:\Users\leodue\Desktop\delega ritiro.jpeg
[2015/07/16 11:51:26 | 000,000,906 | ---- | C] () -- C:\Users\leodue\Desktop\scacchiera-vuota.png
[2015/07/16 11:29:43 | 000,106,788 | ---- | C] () -- C:\Users\leodue\Desktop\IMG_0328.JPG
[2015/07/02 15:36:19 | 000,007,600 | ---- | C] () -- C:\Users\leodue\AppData\Local\Resmon.ResmonCfg
[2014/11/24 13:28:33 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2014/11/13 12:52:48 | 000,000,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/23 09:37:11 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2014/09/01 16:29:42 | 000,000,132 | ---- | C] () -- C:\Users\leodue\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/08/08 15:07:48 | 000,735,410 | ---- | C] () -- C:\Users\leodue\stampa.pdf
[2014/08/07 08:36:17 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\MozillaFirefoxwtu-secure-search.xml
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2014/10/30 16:56:04 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-219865609-1501828379-148795355-1000\$RROJ0YJ\l
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/08/05 17:16:11 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\AVG2014
[2015/02/03 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\Blender Foundation
[2015/06/09 15:43:11 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2015/06/15 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2014/09/01 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\DAEMON Tools Lite
[2014/08/07 10:56:16 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\FileZilla
[2014/08/06 10:06:42 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\JetBrains
[2014/08/07 10:55:29 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\Notepad++
[2015/06/24 11:41:15 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\npm
[2015/06/24 11:41:15 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\npm-cache
[2014/08/08 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\OpenOffice
[2014/08/20 11:33:45 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\pdfforge
[2014/08/05 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\Thunderbird
[2014/08/05 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\leodue\AppData\Roaming\TuneUp Software
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 212 bytes -> C:\Users\leodue\Desktop\delega ritiro.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

 


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hello bero,

I apologize for the delay! If you still require assistance, kindly follow the below steps (we are in need of fresh logs):
  • Step 1

    If you haven't already, download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
Thank you.
  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP