-
pollon91.
User deleted
salve,
ho un problema con il trojan svchost.exe
ho malwarebites come antivirus e, anche se ogni volta lo elimino, appena apro il pc me lo ritrova nei file temporanei. ho provato anche con combofix ma niente...mi ricompare lo stesso..ho cercato su internet e ho visto che manualmente si può eliminare in modalità provvisoria, ma non sono molto esperta e temo che con la rimozione manuale potrei creare qualche danno irreparabile...spero possiate aiutarmi
vi ringrazio in anticipo
. -
.
ciao pollon91
Allega i log di Farbar recovery scan tool e tdss killer.Le istr. sono in guida ai tools rimozione in firma.. -
pollon91.
User deleted
ciao
ti allego i log che mi hai detto, ti allego anche il log della scansione con malwarebytesFile Allegato
. -
.
Scarica il file in allegato sul desktop dove hai FRST.Avvia FRST in modalità normale(no recovery) e clicca sul pulsante fix una sola volta.Allega il log fixlog.txt che troveai sul desktop.
Al riavvio scarica farbar service scan e nel box copia svchost.exe e clicca su search file.Allega il log
Disinstalla YAC.File Allegato
. -
pollon91.
User deleted
credo siano questi...
comunque sembra che adesso malwarebytes non lo sta rilevando più...non so se è una cosa positiva o no!File Allegato
. -
.
Perfetto
L'infezione è eliminata.Non troverai più lo svchost infetto.
Per completare la disinfezione esegui adwcleaner.
Cancella la cartella FRST in C.
Segui la guida post rimozione in firma.
. -
pollon91.
User deleted
Graziee...
Non so come ringraziarti!!sarei uscita matta senza il tuo aiuto!!!
Grazie tante ancora!!!!
. -
.
. -
Irene Lauri.
User deleted
Buonasera sono stata infettata anche io, posso postare il log? . -
.
Ciao
Non è detto che sia un'infezione.
Spiega che problena hai e posta il log. -
soniatur.
User deleted
Buongiorno,
penso di avere dei problemi con svchost perché alcuni processi sotto questo nome da qualche tempo mi intasano la banda dati.
Ho eseguito FRST e allego i due log ottenuti (spero di farlo correttamente)
Grazie per l'aiutoSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017
Ran by SoniaePaolo (administrator) on SONIAEPAOLO-HP (21-10-2017 00:30:39)
Running from C:\Users\SoniaePaolo\Desktop
Loaded Profiles: SoniaePaolo (Available Profiles: SoniaePaolo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33508...-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Users\SoniaePaolo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be
moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-
Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-
28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08]
(Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07
-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19]
(Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15]
(EasyBits Software AS)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22]
(VMware, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280
2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880
2015-12-20] (Easybits)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
[235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON
INC.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Run: [Mobile Partner] => C:\Program Files\3 Internet\3 Internet.exe
[110592 2012-06-01] ()
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\SoniaePaolo\AppData
\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -
scheduler
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Run: [Settings Manager] => "C:\Users\SoniaePaolo\AppData\Roaming
\Settings Manager\SettingsManager.EXE" /autostart /restart
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {082529ad-3033-11e4-a7eb-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {143ca3fa-f52d-11e2-8464-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {201b8f21-a923-11e1-be39-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {201b8f37-a923-11e1-be39-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {2be661da-a8e1-11e1-9289-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {54c29342-abdf-11e1-9e06-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {54c2938f-abdf-11e1-9e06-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {54c293a4-abdf-11e1-9e06-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {9879cbc9-9da6-11e1-8eee-80c16e49175c} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {9879cbce-9da6-11e1-8eee-80c16e49175c} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {b73ee94d-dccd-11e2-a5c4-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {c2db4cff-ab0a-11e1-b22f-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {c2db4d01-ab0a-11e1-b22f-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {c2db4d05-ab0a-11e1-b22f-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {ea954cbf-ab17-11e1-96a3-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\MountPoints2: {f3c40a44-5e3c-11e2-9e18-005056c00008} - G:\AutoRun.exe
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows
\SysWOW64\ezUPBHook.dll [52920 2011-11-10] (EasyBits Software Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480 2009-10-22] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480 2009-10-22] (VMware, Inc.)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320 2009-10-22] (VMware,
Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320 2009-10-22] (VMware,
Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8178AC06-93FD-41C8-B6A5-620AC51E13C1}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?
source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?
source=art&q=
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {440438A5-13BD-4358-84D7-A7E4942C8805} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-
8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}&ei=
{inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search=
{searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?
mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {440438A5-13BD-4358-84D7-A7E4942C8805} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-
8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://it.search.yahoo.com/search?p={searchTerms}
&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://it.wikipedia.org/wiki/Special:Search?search=
{searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?
mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> DefaultScope {F8F02E0C-35F2-4693-AA54-8992D7680489} URL
= hxxp://yandex.ru/yandsearch?clid=1782899&text={searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
hxxp://speedial.com/results.php?f=4&q={searchTerms}
&a=spd_wnzp_14_21_ie&cd=2XzuyEtN2Y1L1QzuzztD0CtCyC0EyEzytCyByD0CyEzzyC0AtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1Czut
CyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEzy0AyDyBtDyDtG0EzztByEtGzzyEtC0AtGyD0DtA0EtGyCtDyByBzztC0FtAyCtC0E0E2QtN1M1F1B2Z1V
1N2Y1L1Qzu2SyBtCyEtBtCtB0DyCtGtB0DyBtBtG0CtByBzztGzytAtDzztGyB0CyCtA0D0BtAyE0DzyyEyE2Q&cr=144306412&ir=
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {440438A5-13BD-4358-84D7-A7E4942C8805} URL =
hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords=
{searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
hxxps://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
hxxp://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/724-111084-4166-3/4?mpre=hxxp://www.ebay.it/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> {F8F02E0C-35F2-4693-AA54-8992D7680489} URL =
hxxp://yandex.ru/yandsearch?clid=1782899&text={searchTerms}
BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
[2011-06-07] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012
-08-01] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll
[2012-08-01] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo
\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1
Runtime\bin\ssv.dll [2012-07-05] (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
[2011-08-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX
2.1 Runtime\bin\jp2ssv.dll [2012-07-05] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar
\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-648635001-2223325805-2038375246-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06
-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
[2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-
06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo
\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-08-01] (Sun Microsystems,
Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-01] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24]
( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON
INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin
\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App
\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-05-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe
Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\SoniaePaolo\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-648635001-2223325805-2038375246-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\SoniaePaolo
\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-648635001-2223325805-2038375246-1001: SkypePlugin -> C:\Users\SoniaePaolo\AppData\Local\SkypePlugin
\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-648635001-2223325805-2038375246-1001: SkypePlugin64 -> C:\Users\SoniaePaolo\AppData\Local
\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro
Devices, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil
Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84104 2015-02-04] ()
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 TorchCrashHandler; C:\Users\SoniaePaolo\AppData\Local\Torch\Update\TorchCrashHandler.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-21 00:30 - 2017-10-21 00:31 - 000023396 _____ C:\Users\SoniaePaolo\Desktop\FRST.txt
2017-10-21 00:30 - 2017-10-21 00:30 - 000000000 ____D C:\FRST
2017-10-21 00:28 - 2017-10-21 00:28 - 002402816 _____ (Farbar) C:\Users\SoniaePaolo\Desktop\FRST64.exe
2017-10-20 23:51 - 2017-10-20 23:51 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-20 22:25 - 2017-10-20 23:34 - 000455518 _____ C:\Windows\ntbtlog.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-20 23:50 - 2012-08-12 15:19 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-20 23:48 - 2014-03-14 12:30 - 000007599 _____ C:\Users\SoniaePaolo\AppData\Local\Resmon.ResmonCfg
2017-10-20 23:47 - 2009-07-14 06:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
1.C7483456-A289-439d-8115-601632D005A0
2017-10-20 23:47 - 2009-07-14 06:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
0.C7483456-A289-439d-8115-601632D005A0
2017-10-20 23:40 - 2012-05-19 16:01 - 000000000 ____D C:\ProgramData\VMware
2017-10-20 23:40 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-20 22:13 - 2012-05-14 21:50 - 000000000 ____D C:\Users\SoniaePaolo\AppData\Roaming\SoftGrid Client
2017-10-20 12:05 - 2015-06-20 01:15 - 000000000 ____D C:\Users\SoniaePaolo\AppData\Local\Dropbox
2017-10-20 12:05 - 2012-06-01 14:12 - 000000000 ____D C:\Users\SoniaePaolo\AppData\Roaming\Dropbox
2017-10-20 11:55 - 2013-02-23 13:16 - 000000000 ____D C:\Users\SoniaePaolo\AppData\Roaming\Avira
2017-10-20 11:55 - 2013-02-23 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-20 11:53 - 2014-08-23 15:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-05 08:54 - 2011-11-11 04:50 - 000744772 _____ C:\Windows\system32\perfh010.dat
2017-10-05 08:54 - 2011-11-11 04:50 - 000149062 _____ C:\Windows\system32\perfc010.dat
2017-10-05 08:54 - 2009-07-14 07:13 - 001670914 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-05 08:54 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
==================== Files in the root of some directories =======
2015-01-03 15:19 - 2015-01-03 15:19 - 000001595 _____ () C:\Users\SoniaePaolo\AppData\Roaming\SAS7_000.DAT
2014-03-14 12:30 - 2017-10-20 23:48 - 000007599 _____ () C:\Users\SoniaePaolo\AppData\Local\Resmon.ResmonCfg
2012-08-11 17:41 - 2014-12-28 18:20 - 000010579 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
2013-08-31 21:35 - 2013-08-31 21:36 - 000032768 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\01377977712639.exe
2013-01-29 00:20 - 2013-01-29 00:20 - 000248008 _____ (Ask.com) C:\Users\SoniaePaolo\AppData\Local\Temp\AskSLib.dll
2013-12-07 12:36 - 2014-08-23 15:17 - 000000000 ____D () C:\Users\SoniaePaolo\AppData\Local\Temp\avgnt.exe
2012-05-14 13:14 - 2008-09-01 18:07 - 000152576 ____R (Huawei Technologies Co., Ltd.) C:\Users\SoniaePaolo\AppData\Local
\Temp\DataCard_Setup64.exe
2015-12-14 02:12 - 2015-12-14 02:12 - 000071168 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\dropbox_sqlite_ext.
{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6zikg5.dll
2017-09-12 15:37 - 2017-09-12 15:37 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\GUR43D2.exe
2016-09-11 00:34 - 2016-09-11 00:34 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\GURC245.exe
2013-02-24 16:32 - 2012-12-27 00:22 - 001631232 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\Installhelper.dll
2013-08-07 06:43 - 2013-08-07 06:43 - 000020480 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\ms1x1inst.exe
2013-08-07 06:43 - 2013-08-07 06:43 - 000036864 _____ (Midiman) C:\Users\SoniaePaolo\AppData\Local\Temp\ms1x1uninst.exe
2015-03-23 17:28 - 2015-03-23 17:28 - 001207376 ____N (CANON INC.) C:\Users\SoniaePaolo\AppData\Local\Temp\MSETUP4.EXE
2016-05-12 16:10 - 2016-05-12 16:10 - 000043520 ____N () C:\Users\SoniaePaolo\AppData\Local\Temp
\proxy_vole1396386009514300862.dll
2008-09-01 18:07 - 2008-09-01 18:07 - 000007168 ____R () C:\Users\SoniaePaolo\AppData\Local\Temp\ResetDevice.exe
2015-02-03 11:22 - 2015-03-23 21:46 - 001338136 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\SearchProtectionSetup.exe
2015-03-22 21:12 - 2017-07-01 20:16 - 058684896 _____ (Skype Technologies S.A.) C:\Users\SoniaePaolo\AppData\Local\Temp
\SkypeSetup.exe
2013-02-24 16:32 - 2012-05-06 09:38 - 001085952 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\SRAssetsHelper.dll
2016-05-12 15:53 - 2016-05-12 15:57 - 050573824 _____ (Ravensburger AG) C:\Users\SoniaePaolo\AppData\Local\Temp\tiptoi-
install.exe
2013-08-07 06:43 - 2013-08-07 06:43 - 000017920 _____ (Doug Fetter Software Wizardry) C:\Users\SoniaePaolo\AppData\Local
\Temp\USBMM1X1.DLL
2013-08-07 06:43 - 2013-08-07 06:43 - 000082944 _____ (Doug Fetter Software Wizardry) C:\Users\SoniaePaolo\AppData\Local
\Temp\USBMN1X1.DLL
2017-07-01 20:22 - 2017-07-01 20:22 - 014456872 _____ (Microsoft Corporation) C:\Users\SoniaePaolo\AppData\Local\Temp
\vc_redist.x86.exe
2016-08-28 16:38 - 2016-08-28 16:43 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{1D5CD72F-6AB0-4639-A5D7-
3B8B2CE955DA}-DropboxClient_8.4.21.exe
2016-10-31 18:27 - 2016-10-31 18:40 - 004847279 _____ (Dropbox, Inc.) C:\Users\SoniaePaolo\AppData\Local\Temp\{27F32216-
D47C-4BCB-B1A2-13CF56449E0B}-DropboxClient_13.4.21.exe
2017-03-09 12:57 - 2017-03-09 12:57 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{2BF07307-DEBE-4697-A9B0-
2A73A19F5440}-DropboxClient_20.4.19.exe
2016-12-23 21:28 - 2016-12-23 21:33 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{63A6A8D7-3AFE-4DD5-9249-
3339BA1BB4B0}-DropboxClient_16.4.30.exe
2015-08-01 15:55 - 2015-08-01 16:00 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{7CDC37B4-B17F-4645-A8B1-
8BA553087C75}-DropboxClient_3.8.5.exe
2016-08-06 00:44 - 2016-08-06 00:44 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{C90190DA-AB3B-47EC-AF33-
7086D3648FC4}-DropboxClient_7.4.30.exe
2016-08-27 00:57 - 2016-08-27 00:57 - 000000000 _____ () C:\Users\SoniaePaolo\AppData\Local\Temp\{E549D5CC-DFD8-4157-B00C-
38428EB1C349}-DropboxClient_8.4.21.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-05 09:51
==================== End of FRST.txt ============================SPOILER (clicca per visualizzare)Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2017
Ran by SoniaePaolo (21-10-2017 00:31:48)
Running from C:\Users\SoniaePaolo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-14 10:45:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-648635001-2223325805-2038375246-500 - Administrator - Disabled)
Guest (S-1-5-21-648635001-2223325805-2038375246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-648635001-2223325805-2038375246-1005 - Limited - Enabled)
SoniaePaolo (S-1-5-21-648635001-2223325805-2038375246-1001 - Administrator - Enabled) => C:\Users\SoniaePaolo
__vmware_user__ (S-1-5-21-648635001-2223325805-2038375246-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)
µTorrent (HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
3 Internet (HKLM-x32\...\3 Internet) (Version: 11.002.03.23.12 - Huawei Technologies Co.,Ltd)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard)
Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems
Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Amazon MP3 Downloader) (Version: 1.0.18
- Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro
Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Connect (HKLM-x32\...\{3D310F56-A7CA-441F-993E-35BF9CE0B021}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co.
KG) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-3abf326c-95f6-430f-9472-f68bcd20b388) (Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Browser Extensions (HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version:
2.8.8.11 - Spigot, Inc.) <==== ATTENTION
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.4.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon
Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.2.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-e93004e8-dc87-43db-ac09-a3759e338729) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Componente aggiuntivo Microsoft Salvataggio in formato PDF o XPS per applicazioni di Microsoft Office 2007 (HKLM-x32\...
\{90120000-00B2-0410-0000-0000000FF1CE}) (Version: 12.0.4518.1018 - Microsoft Corporation)
Cradle of Rome 2 (HKLM-x32\...\WTA-44c99a4c-0c46-47e1-b23e-c52f2b58e1b2) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink
Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-339185d6-49a7-4ee7-b093-9d2f1d5afee2) (Version: 2.2.0.98 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-fc1e9fa7-6aa4-401c-9570-3555e4b66f59) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-269b1eec-cd6b-49e7-81d9-89c5e86b0b79) (Version: 2.2.0.95 - WildTangent) Hidden
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-
Packard) Hidden
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{79CCA10A-16D3-43C4-8980-956F7396BF0E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Insaniquarium Deluxe (HKLM-x32\...\WTA-b4be7f03-bc2e-4add-959b-07855b3fcdaf) (Version: 2.2.0.97 - WildTangent) Hidden
J2SE Runtime Environment 5.0 Update 16 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150160}) (Version: 1.5.0.160 - Sun
Microsystems, Inc.)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Java(TM) 6 Update 32 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416032FF}) (Version: 6.0.320 - Oracle)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-a0be9037-1748-40ff-8ddb-0540c79d0dcf) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (HKLM-x32\...\WTA-53df920e-1e56-4bdc-bc82-d7134e006980) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-e52c8cc3-495b-4e53-95a1-1a038bccd077) (Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft
Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mahjongg Artifacts (HKLM-x32\...\WTA-879ea7f6-e95d-4045-8690-2933c0330297) (Version: 2.2.0.95 - WildTangent) Hidden
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft
Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft
Corporation)
Microsoft Office a portata di clic 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Starter 2010 - Italiano (HKLM-x32\...\{90140011-0066-0410-0000-0000000FF1CE}) (Version: 14.0.5139.5005 -
Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version:
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version:
10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a})
(Version: 14.0.24215.1 - Microsoft Corporation)
Modular Editor 3.03 (HKLM-x32\...\Modular Editor 3.03) (Version: - )
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft
Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-418a1db7-5056-40f4-9e13-eb9a9d2627d8) (Version: 2.2.0.98 - WildTangent)
Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-05e3589d-e03f-4328-88af-27698746a03b) (Version: 2.2.0.98 -
WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-c1a043a2-552d-4dd6-803c-acfcca48ca0b) (Version: 2.2.0.97 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft
Corporation) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-1891b8c8-c7d1-47fd-a046-3fb45397fa12) (Version: 2.2.0.98 - WildTangent)
Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek
Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK
Semiconductor Corp.)
Registrazione utente Canon MG3600 series (HKLM-x32\...\Registrazione utente Canon MG3600 series) (Version: - Canon Inc.)
SaveVid Plug-in (HKLM-x32\...\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}) (Version: 2.0.0.591 - Bandoo Media, Inc) Hidden
SaveVid Plug-in (HKLM-x32\...\SaveVid Plug-in) (Version: 2.0.0.591 - Bandoo Media, Inc)
Settings Manager (HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Settings Manager) (Version: 24.0.0.1 - Spigot,
Inc.) <==== ATTENTION
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Speedial (HKLM-x32\...\Speedial) (Version: - Speedial) <==== ATTENTION
Supporto applicazioni Apple (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG)
Torch (HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Torch) (Version: 33.0.0.7462 - Torch Media, Inc) <====
ATTENTION
Torchlight (HKLM-x32\...\WTA-2e6df363-d94e-46f8-803d-53527753095c) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App)
(Version: - WildTangent) Hidden
USB Midisport Uno 1.0.1.0 (HKLM-x32\...\MidiSportUno) (Version: - )
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-4406a6e8-c2f0-434b-8836-7c6c2e4ff88f) (Version: 2.2.0.98 -
WildTangent) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 7.0.0.9911 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.0.9911 - VMware, Inc)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version:
4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version:
15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version:
15.4.5722.2 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Zuma's Revenge (HKLM-x32\...\WTA-9861ffe3-80f1-440a-a38b-183996c0cc5f) (Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
CustomCLSID: HKU\S-1-5-21-648635001-2223325805-2038375246-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-
77BCCAAE8470}\InprocServer32 -> C:\Users\SoniaePaolo\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype
Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-648635001-2223325805-2038375246-1001_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-
A76A66211660}\localserver32 -> C:\Users\SoniaePaolo\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype
Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-648635001-2223325805-2038375246-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-
43E6C7547BC2}\localserver32 -> C:\Users\SoniaePaolo\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype
Technologies S.A.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-02]
(Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll
[2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013
-11-20] (WinZip Computing, S.L.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware
\VMware Workstation\vmdkShellExt.dll [2009-10-22] (VMware, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-11-
20] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE
\Core-Static\atiacm64.dll [2011-09-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-02]
(Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll
[2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013
-11-20] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
Task: {221941F7-7E7D-41D0-B14D-C1D164D40CA7} - System32\Tasks\{5C03A94D-E3BA-4F56-9FFB-63DEA2C59608} => C:\Program Files
(x86)\3 Internet\3 Internet.exe
Task: {4F4C54BF-E921-409E-BBF6-6752E9B92183} - System32\Tasks\{A5A8CB69-0262-467B-BB1F-3E8C6DE7CE21} => C:\Windows
\system32\pcalua.exe -a "C:\Users\SoniaePaolo\AppData\Local\Microsoft\Windows\Temporary Internet Files
\Content.IE5\AF2WM96F\FileInternet266_ALL.exe" -d C:\Users\SoniaePaolo\Desktop
Task: {72AC8FC2-9A78-4EDD-A8D7-E00841C5CA85} - System32\Tasks\{8C012898-A1E6-4D70-94C6-E21AE9E40925} => C:\Program Files
(x86)\3 Internet\3 Internet.exe
Task: {85FB35D5-BA9D-4134-A06F-A7BADDE10F02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis =>
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8AD9628B-B33C-40DC-93A8-63B530FBFA31} - System32\Tasks\{601873E5-D6A8-4B73-BD7F-32960CEB6733} => C:\Windows
\system32\pcalua.exe -a G:\DataCard_Setup.exe -d G:\
Task: {9E62FDE3-C92D-4C5C-814F-5827F5DA246C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {AC22751E-D715-42BD-A665-522C270EB419} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft
Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {B4A063BA-0C85-4A2A-B74E-C626F383F816} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:
\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {CA2A6646-7A50-4DC8-8A92-342502A74E58} - System32\Tasks\{85FD1891-5046-4A61-AF25-FAF6016BC43B} => C:\Program Files
(x86)\3 Internet\3 Internet.exe
Task: {CD854269-01EA-4492-BED3-1F19C34F9952} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam
\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {F3EF4615-16F9-4998-A9FC-C8B347DE75D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant
Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-
09] (Hewlett-Packard Company)
Task: {FE435EB4-BD8B-4611-8CA1-C2466FA064FB} - System32\Tasks\{CDAC37F5-5566-4856-BF59-5BC1A99C6423} => C:\Windows
\system32\pcalua.exe -a "G:\3 Internet\Setup.exe" -d "G:\3 Internet"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not
be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\SoniaePaolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unico On Line\UnicoOnLine
PF 2012.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile -J-
Djnlp.application.href=hxxp://jws.agenziaentrate.it/jws/dichiarazioni/2012/UNI12.jnlp "C:\Users\SoniaePaolo\AppData
\LocalLow\Sun\Java\Deployment\cache\6.0\34\7c0717a2-3d267c20"
==================== Loaded Modules (Whitelisted) ==============
2011-09-28 07:19 - 2011-09-28 07:19 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel
\Fuel.Container.Wlan.dll
2017-09-06 12:46 - 2015-02-04 11:38 - 000084104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-05-22 23:06 - 2013-05-22 23:06 - 000400704 _____ () C:\Users\SoniaePaolo\AppData\Local\Program Files\Amazon\MP3
Downloader\AmazonMP3DownloaderHelper.exe
2011-09-30 11:40 - 2011-09-30 11:40 - 000107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-09-28 07:19 - 2011-09-28 07:19 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel
\Fuel.Proxy.Native.dll
2011-09-28 07:06 - 2011-09-28 07:06 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding
\Branding.dll
2009-10-22 04:59 - 2009-10-22 04:59 - 000970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2009-10-22 04:59 - 2009-10-22 04:59 - 000068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SoniaePaolo\AppData\Roaming
\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5)
(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
FirewallRules: [{D22EACF6-6DB2-4E2A-8271-E875E0B2D3AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91BB57E1-0FCD-485D-B697-C09A47D11998}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{22004154-7FBD-4AD6-842E-068F4099C800}] => (Allow) LPort=2869
FirewallRules: [{75632F5D-7F9B-4ED1-8E52-B4D7FB102A41}] => (Allow) LPort=1900
FirewallRules: [{4762C935-F945-4300-9F78-E12885954688}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\msnmsgr.exe
FirewallRules: [{93495CF4-4405-4C59-A933-9DB9A7343459}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8659EF88-7BAB-47C2-8199-951EEBB2BBFF}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{B556C6A1-CA01-4B7F-A574-9A6100722978}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{C739932A-89C2-47CB-B360-F3A3E7271FD9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation
\vmware-authd.exe
FirewallRules: [{9964FDF4-88AD-46EE-A43E-9464D611270D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation
\vmware-authd.exe
FirewallRules: [{0A79011E-B502-441E-A9A1-A116A0EAFC84}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\Dropbox\bin
\Dropbox.exe
FirewallRules: [{E3486884-B14C-4A29-90A7-42928E98E08B}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\Dropbox\bin
\Dropbox.exe
FirewallRules: [{E67DA215-44D5-4FB3-822F-D848710770A1}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\Dropbox\bin
\Dropbox.exe
FirewallRules: [{6FEF056D-2FD8-43EF-8C4E-A5915F6CC10E}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\Dropbox\bin
\Dropbox.exe
FirewallRules: [{F2D59565-73EE-483E-BCE6-86CDAF4C53A7}] => (Allow) C:\Users\SoniaePaolo\AppData\Local\Temp\7zS2E21.tmp
\SymNRT.exe
FirewallRules: [{8E3012D5-98F0-48D6-A2BD-9F28EAFE542F}] => (Allow) C:\Users\SoniaePaolo\AppData\Local\Temp\7zS2E21.tmp
\SymNRT.exe
FirewallRules: [{89131830-1DC2-48A7-B173-21F69569B8B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqtra08.exe
FirewallRules: [{399A2265-A853-4129-B176-217FA4C01C7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqste08.exe
FirewallRules: [{A5E7E6DE-74DD-496F-B3C5-81E037EF171C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpofxm08.exe
FirewallRules: [{C3C8572F-9419-44BA-A888-575ACD9CCE70}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hposfx08.exe
FirewallRules: [{C46338C4-633B-4852-9F59-64771DE70D2B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hposid01.exe
FirewallRules: [{5F8AA415-7A0C-4944-A043-1C9C5737F5FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqkygrp.exe
FirewallRules: [{131F8BB1-E7B8-4672-8E7A-11102B10FA23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqcopy2.exe
FirewallRules: [{FB10F346-37BA-47B5-897B-CBB668CC3111}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpfccopy.exe
FirewallRules: [{FE96B40C-3131-4373-9294-37E7E0DD76F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpzwiz01.exe
FirewallRules: [{185121EF-6601-4CBD-A611-D44442BBB256}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpoews01.exe
FirewallRules: [{E7A3545C-E60A-4C93-87AA-52DF4E2DC3DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqnrs08.exe
FirewallRules: [{80488363-7B4D-4D92-832E-FC97C0DFA112}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpiscnapp.exe
FirewallRules: [{2F81F490-F367-4AD4-9EC0-B95C915FDA28}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging
\bin\hpqphotocrm.exe
FirewallRules: [{F3AED138-8B81-479F-8D11-2589FF4AD254}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqsudi.exe
FirewallRules: [{888A7C53-CD5B-4550-84E2-DC92D8BEE68F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpsapp.exe
FirewallRules: [{11F749AA-0DB6-4ED4-A444-0C6425EFE168}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpofxs08.exe
FirewallRules: [{9A5C2EDF-63FD-42B0-8976-FCBB5EADB947}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqfxt08.exe
FirewallRules: [{32C10E8F-9C42-47A5-B30C-BC53EF4F1E7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{E75FDB2F-265A-4D09-95A4-C2B5A649164B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgplgtupl.exe
FirewallRules: [{F427DCB6-3897-4C15-AD8F-41052B288B99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgpc01.exe
FirewallRules: [{958DA4D0-A6C1-42DC-9744-D226E9D6CAE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgm.exe
FirewallRules: [{74F49916-2A9C-42CD-925E-90664DE644D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgh.exe
FirewallRules: [{6DF38269-E80A-4AE8-B884-AAD8193EAA7E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A9F13AA0-887F-4DFE-AC67-3D0B353EC559}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web
printing\smartwebprintexe.exe
FirewallRules: [{F66CD6B3-CBAB-49E1-932B-24B35CBE8293}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple
Application Support\WebKit2WebProcess.exe
FirewallRules: [{BD814970-7527-4015-954C-91285D2E602B}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\uTorrent
\uTorrent.exe
FirewallRules: [{D203683D-3DB7-417F-8FC5-BD8D1EF7A946}] => (Allow) C:\Users\SoniaePaolo\AppData\Roaming\uTorrent
\uTorrent.exe
FirewallRules: [{A3EDD874-11F2-4616-A8ED-77FFE9551B74}] => (Allow) C:\Users\SoniaePaolo\AppData\Local\Torch\Application
\torch.exe
FirewallRules: [{8D73A152-F5E5-45EF-A54C-A232CF2DA940}] => (Allow) C:\Users\SoniaePaolo\AppData\Local\Torch\Plugins\Hola
\hola_plugin.exe
FirewallRules: [{EB10A9D1-CAD7-4542-B117-EE3B53FA5F9E}] => (Allow) C:\Users\SoniaePaolo\AppData\Local\Torch\Plugins\Hola
\hola_plugin_x64.exe
FirewallRules: [TCP Query User{62FA6489-CD12-44DB-9004-7255B7439D69}C:\users\soniaepaolo\appdata\local\skypeplugin
\pluginhost.exe] => (Allow) C:\users\soniaepaolo\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{8DB2A37A-5C02-4195-BAEB-1FDBE14526BA}C:\users\soniaepaolo\appdata\local\skypeplugin
\pluginhost.exe] => (Allow) C:\users\soniaepaolo\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{BA87BA54-41DE-431B-AA93-4F8629AF479E}] => (Block) C:\users\soniaepaolo\appdata\local\skypeplugin
\pluginhost.exe
FirewallRules: [{E1C4BA66-A60A-441C-A940-5881793A942F}] => (Block) C:\users\soniaepaolo\appdata\local\skypeplugin
\pluginhost.exe
==================== Restore Points =========================
22-05-2017 13:07:17 Punto di controllo pianificato
01-07-2017 14:35:36 Punto di controllo pianificato
01-07-2017 20:22:17 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-07-2017 20:23:29 Windows Update
05-10-2017 09:57:54 Punto di controllo pianificato
==================== Faulty Device Manager Devices =============
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow
the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow
the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2017 11:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 11:36:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 11:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 10:27:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 10:26:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 10:22:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 10:09:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Solo a scopo informativo.
(Patch task for {90140011-0066-0410-0000-0000000FF1CE}): DownloadLatest Failed: Nessuna connessione di rete attualmente
attiva. Quando verrà collegata una scheda, Servizio trasferimento intelligente in background (BITS) ripeterà l'operazione.
Error: (10/20/2017 09:59:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Impossibile riattivare il filtro eventi con query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" nello spazio dei nomi "//./root/CIMV2". Errore
0x80041003. Impossibile recapitare gli eventi tramite questo filtro fino alla risoluzione del problema.
Error: (10/20/2017 12:12:23 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/20/2017 12:07:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Solo a scopo informativo.
(Patch task for {90140011-0066-0410-0000-0000000FF1CE}): DownloadLatest Failed: Impossibile risolvere il nome o l'indirizzo
del server
System errors:
=============
Error: (10/21/2017 12:25:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Generato avviso di errore irreversibile: 40. Lo stato dell'errore interno è 252.
Error: (10/21/2017 12:25:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Generato avviso di errore irreversibile: 40. Lo stato dell'errore interno è 252.
Error: (10/21/2017 12:25:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Generato avviso di errore irreversibile: 40. Lo stato dell'errore interno è 252.
Error: (10/21/2017 12:25:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Generato avviso di errore irreversibile: 40. Lo stato dell'errore interno è 252.
Error: (10/20/2017 11:40:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Servizio VMware USB Arbitration Service terminato con l'errore:
Un dispositivo collegato al sistema non è in funzione.
Error: (10/20/2017 11:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Torch Crash Handler non è stato avviato per il seguente errore:
Impossibile trovare il file specificato.
Error: (10/20/2017 11:34:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato
per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.
Error: (10/20/2017 11:34:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato
per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.
Error: (10/20/2017 11:34:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato
per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.
Error: (10/20/2017 11:34:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato
per il seguente errore:
Avvio del gruppo o del servizio di dipendenza non riuscito.
CodeIntegrity:
===================================
Date: 2016-12-30 22:21:14.541
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-30 22:21:14.338
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-30 18:32:46.800
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-30 18:32:46.597
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-23 21:20:51.189
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-23 21:20:50.986
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-23 19:29:59.277
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-23 19:29:59.027
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-22 10:23:50.566
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
Date: 2016-12-22 10:23:50.333
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\FileOpen
\Services\fileopen64.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file
danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
==================== Memory info ===========================
Processor: AMD E2-3000M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 3561.41 MB
Available physical RAM: 1842.93 MB
Total Virtual: 7120.99 MB
Available Virtual: 4983.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.19 GB) (Free:274.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.4 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 039E4160)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End of Addition.txt ============================. -
.
Ciao Soniatur
1)Scarica il file in allegato sul desktop dove hai FRST.exe.
Riavvia FRST e clicca sul pulsante FIX.
Allega il log fixlog scaturito
2)Scarica ed esegui adwcleaner.Trovi le istruzioni in guida ai tools rimozione.Allega anche in questo caso il log scaturito
Questo per quanto riguarda alcune infezioni.
Il problema del processo svchost potrebbe persistere perchè al 90% dipende dal serivzio di windows update che ti consiglio di chiudere perchè si avvia automaticamente e toglie risorse al pc portando la cpu a palla.
In questo caso digita services.msc nella barra di ricerca di windows ed avvialo dopo che lo ha trovato.
Portati al servizio windows update e in stato del servizio clicca su interrompi ,in tipo di avvio metti disabilitato.
Riavvia il pc e controllaFile Allegato
. -
soniatur.
User deleted
ciao vicky67,
grazie mille per la tua risposta. Ho fatto tutto e ti allego i 2 log. Avevo già fatto la procedura per disabilitare Windows Update, ho comunque controllato ed è disabilitato.
Il problema però ahimè persiste. ho questi due processi che si mangiano un sacco di banda:
svchost (LocalServiceAndNoImpersonation)
svchost(LocalServicePeerNet)
E' un problema comparso solo di recente, per questo penso sia un qualche tipo di virus.
Se hai qualche altro suggerimento sarò lieta di seguirlo altrimenti ti ringrazio comunque per il tentativo.SPOILER (clicca per visualizzare)Fix result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by SoniaePaolo (21-10-2017 22:41:10) Run:1
Running from C:\Users\SoniaePaolo\Desktop
Loaded Profiles: SoniaePaolo (Available Profiles: SoniaePaolo)
Boot Mode: Normal
==============================================
fixlist content:
*****************
S2 TorchCrashHandler; C:\Users\SoniaePaolo\AppData\Local\Torch\Update\TorchCrashHandler.exe [X] <==== ATTENTION
C:\Users\SoniaePaolo\AppData\Local\Torch\Update\TorchCrashHandler.exe
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\...\Run: [Settings Manager] => "C:\Users\SoniaePaolo\AppData\Roaming\Settings Manager\SettingsManager.EXE" /autostart /restart
C:\Users\SoniaePaolo\AppData\Roaming\Settings Manager\SettingsManager.EXE
EmptyTemp:
*****************
HKLM\System\CurrentControlSet\Services\TorchCrashHandler => key removed successfully
TorchCrashHandler => service removed successfully
"C:\Users\SoniaePaolo\AppData\Local\Torch\Update\TorchCrashHandler.exe" => not found.
HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Settings Manager => value removed successfully
"C:\Users\SoniaePaolo\AppData\Roaming\Settings Manager\SettingsManager.EXE" => not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50885112 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 1015007404 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55459733 B
systemprofile32 => 609956 B
LocalService => 0 B
NetworkService => 0 B
SoniaePaolo => 8034062919 B
RecycleBin => 448069742 B
EmptyTemp: => 9 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:44:16 ====SPOILER (clicca per visualizzare)# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 21 20:54:52 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\ProgramData\torchcrashhandler
Deleted: C:\ProgramData\Application Data\torchcrashhandler
Deleted: C:\Users\All Users\torchcrashhandler
Deleted: C:\ProgramData\wincert
Deleted: C:\ProgramData\Application Data\wincert
Deleted: C:\Users\All Users\wincert
Deleted: C:\Users\SoniaePaolo\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Program Files (x86)\Speedial
Deleted: C:\Users\SoniaePaolo\AppData\Roaming\Speedial
***** [ Files ] *****
Deleted: C:\Users\SoniaePaolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
Deleted: C:\Users\SoniaePaolo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Deleted: C:\Users\SoniaePaolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8D73A152-F5E5-45EF-A54C-A232CF2DA940}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Value] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Value] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\AppDataLow\Software\Settings Manager
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Settings Manager
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\torch
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted: [Key] - HKCU\Software\torch
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Speedial
Deleted: [Key] - HKCU\Software\Speedial
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A3EDD874-11F2-4616-A8ED-77FFE9551B74}
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savevid
Deleted: [Key] - HKU\S-1-5-21-648635001-2223325805-2038375246-1001\Software\iVIDI Plugin
Deleted: [Key] - HKCU\Software\iVIDI Plugin
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [6390 B] - [2017/10/21 20:53:47]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########. -
.
Sai fare un avvio pulito del sistema cioè disabilitando tutti i processi all'avvio tramite msconfig? . -
soniatur.
User deleted
Ciao, non l'ho mai fatto. .
(RISOLTO) eliminare svchost.exe |
