DOMANDA Risultati scansioni pc dopo schermata blu

zova

Nuovo Utente
8
0
Ciao a tutti. Ieri ho avuto un problema sul pc. Stavo navigando quando è apparsa la temutissima schermata blu, al riavvio Windows firewall mi dice che ha bloccato il file "syshost.exe". Faccio una scansione con l'antivirus e non trova nulla. Poi scansioni con Malwarebytes e mi trova 5 elementi infetti, che elimino. A questo punto ricerco la guida e procedo con le varie scansioni. Vi posto i risultati, qualcuno sa dirmi se posso stare tranquillo o meno? Scusate la frase tutta di seguito ma non riesco ad andare a capo. Grazie. P.s. Non mi carica i file. Li copio direttamente nel messaggio? grazie

- - - Updated - - -

provo così...Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Giovannini (ATTENTION: The logged in user is not administrator) on UTENTE-HP on 20-05-2015 09:45:05
Running from C:\Users\Giovannini\Desktop
Loaded Profiles: Michele & Giovannini (Available profiles: Utente & Michele & Giovannini & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvwmi64.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvwmi64.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AllplanUpdateLauncher.exe
Failed to access process -> HeciServer.exe
Failed to access process -> IPROSetMonitor.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> pdfsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> NisSrv.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Failed to access process -> svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> mscorsvw.exe
Failed to access process -> mscorsvw.exe
Failed to access process -> SearchIndexer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
Failed to access process -> dllhost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Farbar) C:\Users\Giovannini\Desktop\01_FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-09-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132480 2012-10-27] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RunPUMonitor] => C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe [235832 2013-06-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-520621222-3627379431-2782527401-1002\...\Run: [syshost32] => C:\Users\Giovannini\AppData\Local\{A44F2172-211A-A4E4-7886-5A445862C579}\syshost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\trehus GIOVANNINI.lnk [2014-09-09]
ShortcutTarget: trehus GIOVANNINI.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-520621222-3627379431-2782527401-1002\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
HKU\S-1-5-21-520621222-3627379431-2782527401-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
URLSearchHook: [S-1-5-21-520621222-3627379431-2782527401-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-520621222-3627379431-2782527401-1002 -> DefaultScope {D034F000-5ED6-4318-A971-E2ABDBD8E8DA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-520621222-3627379431-2782527401-1002 -> {36B75B49-3543-4E07-8B17-A9F9C60497AD} URL = Google
SearchScopes: HKU\S-1-5-21-520621222-3627379431-2782527401-1002 -> {D034F000-5ED6-4318-A971-E2ABDBD8E8DA} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Guida per l'accesso all'account Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-27] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-27] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllplanUpdateLauncher 2014; C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe [16680 2013-10-28] (Nemetschek Allplan Systems GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-27] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2273568 2013-10-23] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26072 2012-10-19] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [652760 2012-10-19] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [387344 2012-11-06] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [77584 2012-11-06] (Intel(R) Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 09:45 - 2015-05-20 09:45 - 00012379 _____ () C:\Users\Giovannini\Desktop\FRST.txt
2015-05-20 09:44 - 2015-05-20 09:45 - 00000000 ____D () C:\FRST
2015-05-20 09:44 - 2015-05-20 09:24 - 02107904 _____ (Farbar) C:\Users\Giovannini\Desktop\01_FRST64.exe
2015-05-20 09:42 - 2015-05-20 09:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Giovannini\Downloads\05_tdsskiller.exe
2015-05-20 09:41 - 2015-05-20 09:43 - 16980568 _____ () C:\Users\Giovannini\Downloads\04_RogueKiller.exe
2015-05-20 09:33 - 2015-05-20 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-20 09:32 - 2015-05-20 09:32 - 02209792 _____ () C:\Users\Giovannini\Downloads\03_AdwCleaner.exe
2015-05-20 09:31 - 2015-05-20 09:31 - 00602112 _____ (OldTimer Tools) C:\Users\Giovannini\Downloads\02_OTL.exe
2015-05-20 09:23 - 2015-05-20 09:24 - 02107904 _____ (Farbar) C:\Users\Giovannini\Downloads\01_FRST64.exe
2015-05-20 09:11 - 2015-05-20 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 09:10 - 2015-05-20 09:11 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Giovannini\Downloads\mbar-1.09.1.1004.exe
2015-05-20 09:10 - 2015-05-20 09:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Giovannini\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-19 17:09 - 2015-05-19 17:09 - 1132111349 _____ () C:\Windows\MEMORY.DMP
2015-05-19 17:09 - 2015-05-19 17:09 - 00000000 ____D () C:\Windows\Minidump
2015-05-19 17:07 - 2015-05-19 17:32 - 00000000 ____D () C:\Users\Giovannini\AppData\Local\{A44F2172-211A-A4E4-7886-5A445862C579}
2015-05-19 14:53 - 2015-05-19 15:51 - 00000000 ____D () C:\Users\Giovannini\Desktop\Canezza immagini
2015-05-18 14:59 - 2015-05-18 14:59 - 00006092 _____ () C:\Users\Giovannini\AppData\Local\recently-used.xbel
2015-05-18 14:26 - 2015-05-18 14:27 - 00000000 ____D () C:\Users\Giovannini\Desktop\NOGAREDO CONSEGNA CLIENTE
2015-05-15 15:03 - 2015-05-15 15:24 - 00000000 ____D () C:\Users\Giovannini\Desktop\NOGAREDO CONSEGNA COMUNE
2015-05-11 11:14 - 2015-05-11 11:15 - 00000000 ____D () C:\Users\Giovannini\Desktop\CESENA ELETTRICO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 09:32 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 09:32 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 09:30 - 2013-08-22 19:30 - 02094063 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 09:30 - 2013-08-22 05:05 - 00757828 _____ () C:\Windows\system32\perfh010.dat
2015-05-20 09:30 - 2013-08-22 05:05 - 00153188 _____ () C:\Windows\system32\perfc010.dat
2015-05-20 09:30 - 2009-07-14 07:13 - 01696330 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 09:26 - 2013-08-22 05:42 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-20 09:25 - 2014-09-30 14:43 - 00000000 ____D () C:\Windows\it
2015-05-20 09:25 - 2013-08-28 10:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-20 09:25 - 2010-11-21 05:47 - 00284778 _____ () C:\Windows\PFRO.log
2015-05-20 09:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 09:25 - 2009-07-14 06:51 - 00085924 _____ () C:\Windows\setupact.log
2015-05-20 08:57 - 2014-02-13 16:59 - 00000650 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2014.job
2015-05-20 08:57 - 2013-08-22 19:33 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 17:09 - 2013-08-28 10:48 - 00000000 ____D () C:\Users\Giovannini
2015-05-18 14:59 - 2013-11-14 09:49 - 00000000 ____D () C:\Users\Giovannini\.gimp-2.8
2015-04-23 17:27 - 2013-11-15 16:05 - 00000000 ____D () C:\Users\Giovannini\AppData\Local\gtk-2.0
2015-04-21 08:57 - 2013-08-22 19:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 08:57 - 2013-08-22 19:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-05-18 14:59 - 2015-05-18 14:59 - 0006092 _____ () C:\Users\Giovannini\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Giovannini\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Giovannini\AppData\Local\Temp\HP_Designjet_Utility_Setup_2_3_3_2612.exe
C:\Users\Giovannini\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aaa_aih.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================

- - - Updated - - -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Giovannini at 2015-05-20 09:45:19
Running from C:\Users\Giovannini\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-520621222-3627379431-2782527401-500 - Administrator - Enabled) => C:\Users\Administrator
Giovannini (S-1-5-21-520621222-3627379431-2782527401-1002 - Limited - Enabled) => C:\Users\Giovannini
Guest (S-1-5-21-520621222-3627379431-2782527401-501 - Limited - Disabled)
Michele (S-1-5-21-520621222-3627379431-2782527401-1001 - Administrator - Enabled) => C:\Users\Michele
Utente (S-1-5-21-520621222-3627379431-2782527401-1000 - Limited - Enabled) => C:\Users\Utente
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Allplan 2014 Library (HKLM-x32\...\{726EC4CD-3AD2-4ED7-AFEF-45E2CB998F66}) (Version: 20.13.00 - Nemetschek Allplan Italia S.r.l.)
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
CINEMA 4D 14.042 (HKLM\...\MAXON656170D5) (Version: 14.042 - MAXON Computer GmbH) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
General Runtime Files for Allplan 2014-0-0 (x32 Version: 1.7.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Allplan 2014-0-0 x64 (Version: 1.4.1.0 - Nemetschek Allplan Systems GmbH) Hidden
General Runtime Files for Nemetschek Softlock 2006 (x32 Version: 1.3.0.0 - Nemetschek) Hidden
General Runtime Files for Nemetschek Softlock 2006 64 (Version: 1.2.0.0 - Nemetschek) Hidden
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
HP Designjet Utility (HKLM-x32\...\{0F9C0BFD-8421-4944-8074-BEE4316E9FF3}) (Version: 2.1.5.2297 - Nome società)
HP Performance Advisor (HKLM-x32\...\{E8C829D5-C892-4A36-A0B8-8B3358CF9EE1}) (Version: 1.5.4719 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP T920 and T1500 series ICC Profiles (HKLM\...\{1A65F5EF-6CD6-4EC3-861C-8AAC767989C7}) (Version: 2.0.0 - Hewlett Packard, Co.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
Intel(R) Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - it-it (HKLM\...\HomeBusinessRetail - it-it) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nemetschek Allplan 2014 (HKLM-x32\...\{669D6EB8-28DD-4F5C-A7C3-5DCB53F59691}) (Version: 2014.0 - Nemetschek Allplan Systems GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - Nemetschek Allplan Systems GmbH)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.7 - )
NVIDIA Driver audio HD 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA WMI 2.15.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.15.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Pannello di controllo NVIDIA 311.66 (Version: 311.66 - NVIDIA Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.9 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Print Conductor 3.2 (HKLM-x32\...\Print Conductor_is1) (Version: 3.2 - fCoder Group, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Registrazione Web HP (x32 Version: 1.3.0.0 - Hewlett Packard, Co.) Hidden
Stampanti ePrinter HP Designjet T920 e T1500 (HKLM-x32\...\HPT920-T1500) (Version: - Hewlett-Packard Co.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\AutoUpdate Allplan 2014.job =>
Task: C:\Windows\Tasks\WebContent AutoUpdate 2014.job =>
==================== Loaded Modules (Whitelisted) ==============
2010-11-08 17:15 - 2010-11-08 17:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-520621222-3627379431-2782527401-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Giovannini\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{3C1DE03E-CD0B-4F32-B49F-5C989C64FFE1}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{DF807898-CD88-4FBC-9CDF-46C8C9224D64}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{95CE2523-0B07-4745-B738-180F5132B6B5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E63FF0F4-6154-4A98-B745-70BCA28654D9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{80F1D98B-2F52-43AA-823A-FB3758A23058}] => (Allow) LPort=2869
FirewallRules: [{F4D765FE-4636-4935-B35A-B1510E09C5C5}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{BE7FFC4E-8CEA-4D54-BAAD-4E5A0EA4C845}C:\users\giovannini\appdata\local\{a44f2172-211a-a4e4-7886-5a445862c579}\syshost.exe] => (Block) C:\users\giovannini\appdata\local\{a44f2172-211a-a4e4-7886-5a445862c579}\syshost.exe
FirewallRules: [UDP Query User{FF38B471-EB78-4065-8F0A-C39B6C4ACFE4}C:\users\giovannini\appdata\local\{a44f2172-211a-a4e4-7886-5a445862c579}\syshost.exe] => (Block) C:\users\giovannini\appdata\local\{a44f2172-211a-a4e4-7886-5a445862c579}\syshost.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2015 09:27:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/20/2015 08:06:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2015 05:52:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2015 05:25:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2015 08:11:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/18/2015 08:12:03 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/16/2015 10:28:26 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/15/2015 08:04:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/14/2015 09:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: IEXPLORE.EXE, versione: 10.0.9200.16798, timestamp: 0x52ec7da1
Nome del modulo che ha generato l'errore: unknown, versione: 0.0.0.0, timestamp: 0x00000000
Codice eccezione: 0xc0000005
Offset errore 0x20296425
ID processo che ha generato l'errore: 0x1448
Ora di avvio dell'applicazione che ha generato l'errore: 0xIEXPLORE.EXE0
Percorso dell'applicazione che ha generato l'errore: IEXPLORE.EXE1
Percorso del modulo che ha generato l'errore: IEXPLORE.EXE2
ID segnalazione: IEXPLORE.EXE3
Error: (05/14/2015 08:06:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Prodotto Adobe Reader XI - Italiano: impossibile installare aggiornamento "{AC76BA86-7AD7-0000-2550-7A8C40011011}". Codice errore 1625. È possibile impostare Windows Installer per la creazione di log, che possono facilitare la risoluzione di problemi di installazione dei pacchetti software. Istruzioni per l'attivazione del supporto della registrazione sono disponibili tramite il seguente collegamento: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (05/20/2015 09:41:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
Error: (05/20/2015 09:41:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
Error: (05/20/2015 09:23:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
Error: (05/20/2015 09:23:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Ricevuto avviso di errore irreversibile: 40.
Error: (05/19/2015 05:22:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (05/19/2015 05:09:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato per il seguente errore:
%%1068
Error: (05/19/2015 05:09:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato per il seguente errore:
%%1068
Error: (05/19/2015 05:09:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato per il seguente errore:
%%1068
Error: (05/19/2015 05:09:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato per il seguente errore:
%%1068
Error: (05/19/2015 05:09:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Servizio Elenco reti dipende dal servizio Riconoscimento presenza in rete che non è stato avviato per il seguente errore:
%%1068

Microsoft Office Sessions:
=========================
Error: (05/20/2015 09:27:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/20/2015 08:06:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/19/2015 05:52:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/19/2015 05:25:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/19/2015 08:11:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/18/2015 08:12:03 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/16/2015 10:28:26 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/15/2015 08:04:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
Error: (05/14/2015 09:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1679852ec7da1unknown0.0.0.000000000c000000520296425144801d08e1407902ac7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown690f29ec-fa07-11e4-8bed-8851fb6bcc10
Error: (05/14/2015 08:06:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: Utente-HP)
Description: Adobe Reader XI - Italiano{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 16307.51 MB
Available physical RAM: 13711.04 MB
Total Pagefile: 32613.2 MB
Available Pagefile: 29762.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:225.91 GB) (Free:119.6 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:899.85 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================

- - - Updated - - -

OTL logfile created on: 20/05/2015 09:49:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giovannini\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

15,93 Gb Total Physical Memory | 13,44 Gb Available Physical Memory | 84,40% Memory free
31,85 Gb Paging File | 29,06 Gb Available in Paging File | 91,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225,91 Gb Total Space | 119,61 Gb Free Space | 52,94% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 899,85 Gb Free Space | 96,60% Space Free | Partition Type: NTFS

Computer Name: UTENTE-HP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Giovannini\Desktop\02_OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\59e7896e1130fa9846b1b09aa707a204\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\aa082a27df085dae57ffa438182c792c\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\370c5ef85421bfb212fe35348fbe19bc\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\469e1cf4e09484b942c93ea026b40652\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\8ef5b36c55e9c8ae10f7fe77612898fb\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\4f1fe9912c5d04b1e13f4f691cf040d6\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8dbbd62caca2103cec7ddaeec4c9f618\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6497e394eb0346d9f374976af5033e37\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ac2e26bafa70e93b307087d7fe6b9dd2\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\853f7abd2d9a620ba57c7b4005fe1976\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e2bd0f22021bdcf633c8eb9c213264f7\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\33e2c43bb5e6f50244ae444c1d9b33cd\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4752710c6fe78ee418c736dad7a05b52\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\04df5d9ce6e44ab62433e2ae1a3b54e9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\95a58c416cfe8803af6b325d952a374a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d3572e8c3c314a0f12383d41e8bee78\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c3885cc7cab15da4386e65d2ad552661\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\a6a6fa5e1e0fa50040bcb18751901007\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\003c06af327914e4ad317c4fbf1c37e2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a369005c18456d7fd36347e36d63fe05\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d12f4fda3d1bfabf888342e96983e9a7\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AllplanUpdateLauncher 2014) -- C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe (Nemetschek Allplan Systems GmbH)
SRV:64bit: - (NVWMI) -- C:\Windows\SysNative\nvwmi64.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM60x64.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP60x64.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStorS) -- C:\Windows\SysNative\drivers\iaStorS.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes,DefaultScope = {D034F000-5ED6-4318-A971-E2ABDBD8E8DA}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{36B75B49-3543-4E07-8B17-A9F9C60497AD}: "URL" = http://www.google.it/#hl=it&source=...aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{D034F000-5ED6-4318-A971-E2ABDBD8E8DA}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins @microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins @microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @Intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins @Intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins @microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RunPUMonitor] C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520621222-3627379431-2782527401-1002..\Run: [syshost32] C:\Users\Giovannini\AppData\Local\{A44F2172-211A-A4E4-7886-5A445862C579}\syshost.exe File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE94C398-3CF2-4201-8371-7A4926BB61D7}: DhcpNameServer = 8.8.8.8 208.67.222.222
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/30 15:24:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2015/05/20 09:44:53 | 000,000,000 | ---D | C] -- C:\FRST
[2015/05/20 09:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015/05/20 09:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/05/19 17:09:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 60 Days ==========

[2015/05/20 09:32:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/20 09:32:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/20 09:30:30 | 001,696,330 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/05/20 09:30:30 | 000,757,828 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2015/05/20 09:30:30 | 000,661,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/05/20 09:30:30 | 000,153,188 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2015/05/20 09:30:30 | 000,127,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/05/20 09:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/20 09:25:47 | 4234,809,342 | -HS- | M] () -- C:\hiberfil.sys
[2015/05/20 08:57:14 | 000,000,650 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2014.job
[2015/05/20 08:57:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/19 17:09:22 | 1132,111,349 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/04/21 08:57:17 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/04/21 08:57:17 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/03/25 09:07:45 | 000,402,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2015/05/19 17:09:22 | 1132,111,349 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/13 16:55:09 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2014/02/13 16:34:45 | 000,070,912 | ---- | C] () -- C:\Windows\SysWow64\ListLabel13JNI.dll
[2014/02/13 16:32:34 | 000,001,332 | ---- | C] () -- C:\Windows\Allright.ini
[2013/10/21 10:53:16 | 000,143,360 | ---- | C] () -- C:\Windows\gswin32c.exe
[2013/08/28 11:15:51 | 000,000,705 | ---- | C] () -- C:\Windows\hpntwksetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 12:04:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2013/08/28 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAXON
[2014/02/13 17:01:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nemetschek
[2014/02/13 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nemetschek Allplan GmbH
[2013/08/28 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2014/02/05 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PrintConductor
[2013/09/13 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Autodesk
[2015/03/02 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Foxmail7
[2013/11/08 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\gtk-2.0
[2013/08/28 12:38:03 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\MAXON
[2014/02/13 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Nemetschek
[2013/09/02 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Notepad++
[2014/02/11 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\PrintConductor
[2013/09/30 15:24:10 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Autodesk
[2013/08/28 12:37:39 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\MAXON
[2013/08/28 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Notepad++
[2014/11/07 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\pdfforge
[2014/01/31 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\PrintConductor
[2015/03/02 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Tencent
[2013/08/28 09:26:59 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Notepad++

========== Purity Check ==========


< End of report >

- - - Updated - - -

OTL logfile created on: 20/05/2015 09:49:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giovannini\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

15,93 Gb Total Physical Memory | 13,44 Gb Available Physical Memory | 84,40% Memory free
31,85 Gb Paging File | 29,06 Gb Available in Paging File | 91,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225,91 Gb Total Space | 119,61 Gb Free Space | 52,94% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 899,85 Gb Free Space | 96,60% Space Free | Partition Type: NTFS

Computer Name: UTENTE-HP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Giovannini\Desktop\02_OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\59e7896e1130fa9846b1b09aa707a204\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\aa082a27df085dae57ffa438182c792c\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\370c5ef85421bfb212fe35348fbe19bc\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\469e1cf4e09484b942c93ea026b40652\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\8ef5b36c55e9c8ae10f7fe77612898fb\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\4f1fe9912c5d04b1e13f4f691cf040d6\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8dbbd62caca2103cec7ddaeec4c9f618\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6497e394eb0346d9f374976af5033e37\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ac2e26bafa70e93b307087d7fe6b9dd2\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\853f7abd2d9a620ba57c7b4005fe1976\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e2bd0f22021bdcf633c8eb9c213264f7\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\33e2c43bb5e6f50244ae444c1d9b33cd\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4752710c6fe78ee418c736dad7a05b52\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\04df5d9ce6e44ab62433e2ae1a3b54e9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\95a58c416cfe8803af6b325d952a374a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9d3572e8c3c314a0f12383d41e8bee78\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c3885cc7cab15da4386e65d2ad552661\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\a6a6fa5e1e0fa50040bcb18751901007\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\003c06af327914e4ad317c4fbf1c37e2\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a369005c18456d7fd36347e36d63fe05\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d12f4fda3d1bfabf888342e96983e9a7\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AllplanUpdateLauncher 2014) -- C:\Program Files\Nemetschek\AllplanUpdateLauncher 2014\AllplanUpdateLauncher.exe (Nemetschek Allplan Systems GmbH)
SRV:64bit: - (NVWMI) -- C:\Windows\SysNative\nvwmi64.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM60x64.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP60x64.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStorS) -- C:\Windows\SysNative\drivers\iaStorS.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM13/27
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes,DefaultScope = {D034F000-5ED6-4318-A971-E2ABDBD8E8DA}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{36B75B49-3543-4E07-8B17-A9F9C60497AD}: "URL" = http://www.google.it/#hl=it&source=...aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\..\SearchScopes\{D034F000-5ED6-4318-A971-E2ABDBD8E8DA}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-520621222-3627379431-2782527401-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins @microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins @microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @Intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins @Intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins @microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins @microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RunPUMonitor] C:\Program Files (x86)\Hewlett-Packard\HP Designjet Utility\Designjet Utility\HPDesignjetUtility.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520621222-3627379431-2782527401-1002..\Run: [syshost32] C:\Users\Giovannini\AppData\Local\{A44F2172-211A-A4E4-7886-5A445862C579}\syshost.exe File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE94C398-3CF2-4201-8371-7A4926BB61D7}: DhcpNameServer = 8.8.8.8 208.67.222.222
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/30 15:24:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2015/05/20 09:44:53 | 000,000,000 | ---D | C] -- C:\FRST
[2015/05/20 09:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015/05/20 09:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/05/19 17:09:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 60 Days ==========

[2015/05/20 09:32:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/20 09:32:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/20 09:30:30 | 001,696,330 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/05/20 09:30:30 | 000,757,828 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2015/05/20 09:30:30 | 000,661,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/05/20 09:30:30 | 000,153,188 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2015/05/20 09:30:30 | 000,127,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/05/20 09:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/20 09:25:47 | 4234,809,342 | -HS- | M] () -- C:\hiberfil.sys
[2015/05/20 08:57:14 | 000,000,650 | ---- | M] () -- C:\Windows\tasks\WebContent AutoUpdate 2014.job
[2015/05/20 08:57:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/19 17:09:22 | 1132,111,349 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/04/21 08:57:17 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/04/21 08:57:17 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/03/25 09:07:45 | 000,402,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2015/05/19 17:09:22 | 1132,111,349 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/13 16:55:09 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2014/02/13 16:34:45 | 000,070,912 | ---- | C] () -- C:\Windows\SysWow64\ListLabel13JNI.dll
[2014/02/13 16:32:34 | 000,001,332 | ---- | C] () -- C:\Windows\Allright.ini
[2013/10/21 10:53:16 | 000,143,360 | ---- | C] () -- C:\Windows\gswin32c.exe
[2013/08/28 11:15:51 | 000,000,705 | ---- | C] () -- C:\Windows\hpntwksetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 12:04:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2013/08/28 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAXON
[2014/02/13 17:01:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nemetschek
[2014/02/13 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nemetschek Allplan GmbH
[2013/08/28 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2014/02/05 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PrintConductor
[2013/09/13 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Autodesk
[2015/03/02 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Foxmail7
[2013/11/08 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\gtk-2.0
[2013/08/28 12:38:03 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\MAXON
[2014/02/13 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Nemetschek
[2013/09/02 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\Notepad++
[2014/02/11 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\Giovannini\AppData\Roaming\PrintConductor
[2013/09/30 15:24:10 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Autodesk
[2013/08/28 12:37:39 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\MAXON
[2013/08/28 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Notepad++
[2014/11/07 11:53:01 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\pdfforge
[2014/01/31 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\PrintConductor
[2015/03/02 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Tencent
[2013/08/28 09:26:59 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Notepad++

========== Purity Check ==========


< End of report >
 

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!