Virus Su PC da Pendriver AIUTOO!!! URGENTISSIMO

[Luca Pugliese]

Ciaoa tutti, spero che qualche persona di buon cuore possa aiutarmi!
Il virus consiste nel ricreare la stessa pendriver in sè stessa e non riesco a venirne a capo!



ecco cosa succede dopo aver inserito la chiavetta, tutti i file iniziano a scomparire è compare questa icona , cliccandoci dentro si apre la vera direttoria della pennetta facendoti visualizzare tutti i file in essa.

Facendo proprietà sul icona all'interno della penna c'è questa stringa , che va a richiamare il file rund1132.exe
sono andato su questo file
ecco come si presenta



nelle proprietà come nella pendriver , sul file rund1132.exe non c'è nessuna stringa.


ho installato avira , bit defender, ed avast spyhunter anche ma l'unica rilevazione e stata di avira che anche scansionando non e limina il file sia in modalità normale che in provvisoria con rete.



ho fatto fare la scansione ad avast in modalità provvisori ma non ha rilevato nulla, prima di formattare tutte è 4 le macchine volevo un parere da più persone c'è secondo voi una soluzione?

Grazie a tutti anticipatamente.

- - - Updated - - -

Forse ho risolto in parte, fatto l'acquisto di antimalwarebytes premium è sembra che si chiama Trojan.Agent - PUP.Hacktool.appcrack è PUP.Optional.ConduilSearchProtect

Bah non sto capendo più nulla...

 

[lions1991]

Salve, non sò se hai già risolto, in ogni caso ti suggerisco di ricercare su Google "ripara usb" e di cliccare sul primo link visibile. Scarica e avvia il tool poi selezioni il dispositivo (pendrive, hdd ext od altro...), spunta "elimina i file sospetti..." e clicca ripara.

 

[SamTo]

Buondì, quoto Lions e dopo aver eliminato i file sospetti ti consiglio di analizzare la penna usb e i pc su cui è stata usata con Malwarebytes e anche Adwcleaner
entrambi software gratuiti, così avrai maggiori sicurezze sul non dover riaffrontare il problema a breve...

 

[Luca Pugliese]

Ciao ragazzi , grazie per le risposte già ho fatto tutte le prove sia con ripara usb , Malwarebytes, Adwcleaner, anche con combo fix è tutti gli antivirus esistenti in rete !!

il problema è che non si tratta solo di una singola pen driver ma di 100 o 1000 pennette il problema è principalmente questo, questo perchè dove e situato il pc è in un centro stampa per l'utente finale che stampa da quest'ultimo .

non riesco a capire il vero nome del virus " per il momento credo di aver risolto in parte , perchè il problema non si ripresenta con chiavette nuove , cosa che non succede con le chiavettte con il problema." se mi ricapita una chiavetta e mi da l'errore vi posto la foto cosi cerchiamo di capire cos'è , oppure se c'è un software in grado di fare un Logs di tutto il sistema in maniera dettagliata da capire bene cosa sia successo!


- - - Updated - - -





Ecco le foto di quello che dicevo!!
ho aperto la pennetta è ho cliccato 2 volte sull'icona diciamo VIRUS ! e mi da questo errore che si vede dalla prima foto.

nella seconda foto ho fatto Tasto destro del Mouse sull'icona > Proprietà è e nella direttoria dove è ipoteticamente posto il virus è: " %windir%\System32\rundll32.exe \wuz.dlq,biibiiiyyqgggggl "

Oltre al fatto che questa direttoria non esiste sia se ho la pendriver inserita o tolta .
quindi come lo elimino ?

ho fatto la scansione con tutti i possibili antivirus sia free che a pagamento , l'unico che abbia riscontrato qualche cosa e stato Malwarebytes continuando a persistere.

sono entrato nella directori C:\\windows\system32 per cercare la DLL o l'exe del file rundll32.exe e capire bene se come per l'icona del virus in precedenza aveva la stringa modificata , come avviene di solito per le toolbar, il risultato e pulito non c'è nulla..

ho seguito questa guida http://www.tomshw.it/forum/sicurezza/354162-ripulire-pc-combofix.html nel dettaglio ma nulla, non c'è nulla ora vi posto il log di HijackThis potrebbe risolvere qualche cosa.



Log File

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:15:24, on 29/06/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 38.0.5 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\msiexec.exe
C:\Program Files\Transmission\transmission-qt.exe
C:\Program Files\Transmission\dbus-daemon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\School\AppData\Roaming\Spotify\Spotify.exe
C:\Users\School\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\School\AppData\Roaming\Spotify\Spotify.exe
C:\Users\School\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\School\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Users\School\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\ProgramData\msqafggb.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\School\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\School\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - Global Startup: EFI ES-1000.lnk = C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Notifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: ADU Service (Nokia Software Recovery Tool) (ADUServiceNSRT) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: EFI ES1000 - Electronics for Imaging, Inc. - C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: Maxthon Core Update Service (MaxthonUpdateSvc) - Maxthon - C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: USBBKSvc - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\USB Blocker\USBBKSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13518 bytes

 

[deleted_271768]

Quindi hai provato a formattare la chiavetta (tanto il Worm ti ha già cancellato i dati)?

 

[Luca Pugliese]

Quindi hai provato a formattare la chiavetta (tanto il Worm ti ha già cancellato i dati)?

si formattando la chiavetta avrai perso tutti i dati è il Worm muore su questo non ci sono dubbi , il problema che la maggior parte dei clienti che in questo periodo e stata infetta o hanno perso i dati o ritornano con la chiavetta infetta da noi , ma il punto è mica posso formattare 1000 chiavette? sarei un folle solo a pensarci :cav: oltre al fatto che non potrei prendermi la responsabilità di fargli cancellare tutti i dati contenuti in essa.

la soluzione più valida è ripulirle tutte in modo automatico ma come?
antivirus? quale li ho provati tutti!

 

[Ansuel]

Sai da quanto ho capito sono fregati comunque... Perché se poi hanno messo la penna nei propri pc e gli antivirus non rilevano nulla bhe... Buona fortuna

 

[Luca Pugliese]

Sai da quanto ho capito sono fregati comunque... Perché se poi hanno messo la penna nei propri pc e gli antivirus non rilevano nulla bhe... Buona fortuna

il problema è questo come lo contrasto? e come sò se il mio sistema è pulito da questo ipotetico Virus? "invisibile"?!???:cav:

ho notato una cosa, se nella pennetta faccio la ricerca di windows mi trova i file.


PS: chi l'ha fatto hai i controcoglioni di sicuro!

- - - Updated - - -

con ripara usb sembra che corregge la penna creando una cartella "recuperato " questo non avviene sempre però

ho fatto un'altra prova aprendo il terminale con chiavetta infetta sotto windows e dando il comando CMD e spostandomi nella direttoria D: la pendriver facendo dir non ci sono file all' suo interno!!

 

[R16]

il problema è questo come lo contrasto?

Ciao.
L'infezione si vede dal log di HJT.
Scarica FRST sul desktop: (è obligatorio)

Installa la versione adatta al tuo Sistema Operativo (32 bit oppure 64 bit )

Farbar Recovery Scan Tool Download

Avvialo e clicca Esegui.

Sulla finestra che ti compare clicca SI.

Clicca Scan.

Aspetta pazientemente la fine della scansione.

Posta i 2 log log che rilascia sul desktop (FRST.txt e Addition.txt)

 

[Luca Pugliese]

log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Principale (administrator) on PRINCIPALE-PC on 29-06-2015 19:43:43
Running from C:\Users\Principale\Desktop
Loaded Profiles: Principale (Available Profiles: Principale)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Software602) C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Danea Soft (Italy) - Danea: software gestionale per aziende e condominio) C:\Program Files (x86)\Danea Easyfatt\Easyfatt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Print2PDF Print Monitor] => C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [222776 2011-04-12] (Software602)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\S-1-5-21-4154990772-4121405202-2777641981-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4154990772-4121405202-2777641981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
HKU\S-1-5-21-4154990772-4121405202-2777641981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKU\S-1-5-21-4154990772-4121405202-2777641981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2015-06-10] (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2015-06-10] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74EEFED8-8BC4-486E-9D2E-B670086E2D86}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Principale\AppData\Roaming\Mozilla\Firefox\Profiles\mgcl26di.default
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-06-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2015-06-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nVIDIA.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nVIDIA.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-10]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-05-07]

Chrome:
=======
CHR Profile: C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Principale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S2 Service_21; C:\Windows\System32\Service_21.exe [1050904 2014-04-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2015-04-25] (Realtek Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 19:43 - 2015-06-29 19:43 - 00017333 _____ C:\Users\Principale\Desktop\FRST.txt
2015-06-29 19:42 - 2015-06-29 19:43 - 00000000 ____D C:\FRST
2015-06-29 19:42 - 2015-06-29 19:42 - 02112512 _____ (Farbar) C:\Users\Principale\Desktop\FRST64.exe
2015-06-27 13:03 - 2015-06-27 13:03 - 00008803 _____ C:\Users\Principale\Desktop\pagelline amalia.cdr
2015-06-27 12:47 - 2015-06-27 12:47 - 02805083 _____ C:\Users\Principale\Desktop\blsacr-sh4.psd
2015-06-27 12:31 - 2015-06-27 12:31 - 03593502 _____ C:\Users\Principale\Desktop\blsacr-sh3.psd
2015-06-27 12:03 - 2015-06-27 12:03 - 00021120 _____ C:\ComboFix.txt
2015-06-27 11:52 - 2015-06-27 12:03 - 00000000 ____D C:\ComboFix
2015-06-27 11:52 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-27 11:52 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-27 11:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-27 11:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-27 11:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-27 11:52 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-27 11:52 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-27 11:52 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-27 11:51 - 2015-06-27 12:03 - 00000000 ____D C:\Qoobox
2015-06-27 11:51 - 2015-06-27 12:01 - 00000000 ____D C:\Windows\erdnt
2015-06-27 11:18 - 2015-06-27 11:19 - 05631168 ____R (Swearware) C:\Users\Principale\Downloads\ComboFix.exe
2015-06-25 15:11 - 2015-06-25 15:21 - 00000000 ____D C:\Users\Principale\Desktop\attestati
2015-06-25 15:09 - 2015-06-25 15:09 - 01721267 _____ C:\Users\Principale\Desktop\pergamena Bruna-mery.cdr
2015-06-25 13:02 - 2015-06-25 13:02 - 00000000 ____D C:\Users\Principale\Downloads\documenti
2015-06-25 12:57 - 2015-06-25 12:57 - 01773774 _____ C:\Users\Principale\Downloads\documenti.zip
2015-06-25 10:22 - 2015-06-25 10:22 - 08829032 _____ C:\Users\Principale\Downloads\fotomichela.zip
2015-06-25 09:28 - 2015-06-25 14:13 - 00000000 ____D C:\Users\Principale\Downloads\Blackhatavi
2015-06-25 08:59 - 2015-06-25 09:00 - 25032658 _____ C:\Users\Principale\Downloads\stampeandrea1.zip
2015-06-24 10:25 - 2015-06-29 18:23 - 00000000 ____D C:\Users\Principale\Desktop\GIORNALE
2015-06-23 18:20 - 2015-06-23 18:42 - 00000000 ____D C:\Users\Principale\Desktop\Locale fico
2015-06-22 18:04 - 2015-06-22 18:04 - 00000000 ____D C:\Users\Principale\AppData\Roaming\U3
2015-06-22 13:55 - 2015-06-22 13:55 - 00000000 ____D C:\ProgramData\HTC
2015-06-22 13:55 - 2015-06-22 13:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Care Suite
2015-06-22 13:52 - 2015-06-22 13:52 - 02203600 _____ (Microsoft) C:\Users\Principale\Downloads\WindowsPhoneRecoveryToolInstaller(1).exe
2015-06-22 11:16 - 2015-06-25 12:44 - 00000000 ____D C:\Users\Principale\Downloads\Trust 2010 iTALiAN BRRip 720p MKVTRL mkv(8f6c4e770ad39)
2015-06-22 11:16 - 2015-06-25 09:51 - 00000000 ____D C:\Users\Principale\Downloads\Square 2008 dvdrip ita (6f379b0517dbd)
2015-06-22 11:16 - 2015-06-25 09:46 - 00000000 ____D C:\Users\Principale\Downloads\Kingsman Secret Service 2015 BDRip XviD AC3 iTALIA(3fe2e97ee4501)
2015-06-20 12:38 - 2015-06-20 12:38 - 02203600 _____ (Microsoft) C:\Users\Principale\Downloads\WindowsPhoneRecoveryToolInstaller.exe
2015-06-19 11:09 - 2015-06-19 11:09 - 00049431 _____ C:\Users\Principale\Downloads\segnaposto.zip
2015-06-19 08:37 - 2015-06-19 08:38 - 16444845 _____ C:\Users\Principale\Downloads\stampe A4 a colori.zip
2015-06-17 18:49 - 2015-06-17 18:49 - 02070580 _____ C:\Users\Principale\Desktop\neni.psd
2015-06-16 11:52 - 2015-06-16 13:54 - 00000000 ____D C:\Users\Principale\Desktop\Esame Vittoria
2015-06-15 14:46 - 2015-06-15 14:46 - 13095136 _____ (Microsoft Corporation) C:\Users\Principale\Desktop\Silverlight_x64.exe
2015-06-15 14:43 - 2015-06-15 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-15 14:43 - 2015-06-15 14:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-15 14:43 - 2015-06-15 14:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-15 14:42 - 2015-06-15 14:42 - 13095136 _____ (Microsoft Corporation) C:\Users\Principale\Downloads\Silverlight_x64.exe
2015-06-12 19:07 - 2015-06-12 19:07 - 00000209 _____ C:\Users\Principale\.swfinfo
2015-06-12 19:05 - 2015-06-12 19:07 - 04358144 _____ C:\Users\Principale\Downloads\jack_reacher___la_prova_decisiva__2012__brrip_ac3_5.1_640kbps_ita_avi_m4v.flv.part
2015-06-12 19:05 - 2015-06-12 19:05 - 00000043 _____ C:\Users\Principale\Downloads\jack_reacher___la_prova_decisiva__2012__brrip_ac3_5.1_640kbps_ita_avi_m4v.avi
2015-06-12 14:20 - 2015-06-26 11:49 - 00000000 ____D C:\Users\Principale\Desktop\POSTINO SCANSIONI A3
2015-06-12 13:34 - 2015-06-12 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiery
2015-06-12 13:34 - 2009-10-12 22:48 - 00000261 _____ C:\Windows\UnIFRS56.ISS
2015-06-12 13:33 - 2015-06-12 13:33 - 00000000 ____D C:\Program Files (x86)\Fiery
2015-06-12 13:33 - 2009-10-12 06:23 - 00000255 _____ C:\Windows\UnInsHar30_CXP.ISS
2015-06-12 13:28 - 2015-06-12 13:28 - 00000176 _____ C:\Windows\setup.log
2015-06-12 13:28 - 2009-10-16 01:46 - 00001065 ____N C:\Windows\del_har.bat
2015-06-12 12:34 - 2015-06-12 12:34 - 04769077 _____ C:\Users\Principale\Downloads\allegati(3).zip
2015-06-12 09:20 - 2015-06-12 09:20 - 00142155 _____ C:\Users\Principale\Downloads\fwdfatture.zip
2015-06-12 09:20 - 2015-06-12 09:20 - 00083572 _____ C:\Users\Principale\Downloads\fwdiffttnnccmaggio2015.zip
2015-06-11 19:36 - 2015-06-11 19:36 - 02260548 _____ C:\Users\Principale\Desktop\Backup_di_PERGAMENA.cdr
2015-06-11 19:20 - 2015-06-11 19:20 - 00967691 _____ C:\Users\Principale\Downloads\allegati(2).zip
2015-06-11 19:12 - 2015-06-11 19:12 - 08045550 _____ C:\Users\Principale\Downloads\allegati(1).zip
2015-06-11 19:11 - 2015-06-11 19:10 - 00823966 ____R C:\Users\Principale\Downloads\allegati.zip
2015-06-11 15:54 - 2015-06-11 15:54 - 00727810 _____ C:\Users\Principale\Downloads\stampeperlavocedelcane.zip
2015-06-11 11:22 - 2015-06-11 11:22 - 01920662 _____ C:\Users\Principale\Downloads\foto.zip
2015-06-10 18:46 - 2015-06-10 18:46 - 00005226 _____ C:\Users\Principale\Desktop\Adobe Acrobat XI Pro.exe - collegamento.lnk
2015-06-10 18:34 - 2015-06-10 18:34 - 00477168 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2015-06-10 18:34 - 2015-06-10 18:34 - 00473072 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2015-06-10 18:34 - 2015-06-10 18:34 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2015-06-10 18:34 - 2015-06-10 18:34 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2015-06-10 18:34 - 2015-06-10 18:34 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2015-06-10 18:34 - 2015-06-10 18:34 - 00000000 ____D C:\ProgramData\Sun
2015-06-10 18:34 - 2015-06-10 18:34 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-10 18:33 - 2015-06-10 18:35 - 00000000 ____D C:\Program Files (x86)\XMind
2015-06-10 18:33 - 2015-06-10 18:33 - 00000993 _____ C:\Users\Principale\Desktop\XMind 2012.lnk
2015-06-10 18:33 - 2015-06-10 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2015-06-10 15:38 - 2015-06-10 15:38 - 00346704 _____ C:\Users\Principale\Downloads\Files_downloaded_by_AirDroid.zip
2015-06-10 15:38 - 2015-06-10 15:38 - 00234352 _____ C:\Users\Principale\Downloads\Files_downloaded_by_AirDroid(1).zip
2015-06-10 14:16 - 2015-06-10 14:16 - 00000228 _____ C:\Users\Principale\Downloads\Affitto di Appartamento in Varcaturo-Licola. Giugliano in Campania.URL
2015-06-09 19:49 - 2015-06-10 18:01 - 02831055 _____ C:\Users\Principale\Desktop\3 COPIE CARTONATE.psd
2015-06-09 17:22 - 2015-06-09 17:22 - 25309020 _____ C:\Users\Principale\Downloads\fwdi.zip
2015-06-09 15:37 - 2015-06-09 15:37 - 301479831 _____ C:\Users\Principale\Desktop\aS2000 50X70 BLU BACK A COLORI.psd
2015-06-09 10:37 - 2015-06-09 10:37 - 01581213 _____ C:\Users\Principale\Desktop\Backup_di_adesivi MARIO E FLORA.cdr
2015-06-09 09:30 - 2015-06-09 09:30 - 00000000 ____D C:\Users\Principale\Desktop\UNITAF
2015-06-08 10:26 - 2015-06-08 10:26 - 00022058 _____ C:\Users\Principale\Desktop\pink-tilted-tiara-and-number-18.svg
2015-06-08 09:29 - 2015-06-08 09:30 - 28240654 _____ C:\Users\Principale\Downloads\com.skype.raider-v5.4.0.4165-84152389-Android-4.0.3.apk
2015-06-05 17:11 - 2015-06-05 17:11 - 01215118 _____ C:\Users\Principale\Desktop\costanzo giuseppe.mpo
2015-06-05 16:14 - 2015-06-05 16:39 - 00000000 ____D C:\Users\Principale\Desktop\MATRIMONIO MENA
2015-06-05 14:23 - 2015-06-05 14:41 - 1768021893 _____ C:\Users\Principale\Downloads\Turner.2014.BDRip.XviD.AC3.iTALIAN-RDF.wmv
2015-06-04 17:43 - 2015-06-04 17:43 - 00000000 ____D C:\Users\Principale\AppData\Roaming\Thinstall
2015-06-04 17:43 - 2015-06-04 17:43 - 00000000 ____D C:\Users\Principale\AppData\Local\Thinstall
2015-06-04 11:12 - 2015-06-04 11:12 - 00000000 ____D C:\Free PDF to Word Doc Converter
2015-06-04 11:10 - 2015-06-04 11:11 - 01128916 _____ (www.hellopdf.com ) C:\Users\Principale\Downloads\pdf2wordsetup.exe
2015-06-04 09:02 - 2015-06-04 09:02 - 00162208 _____ C:\Users\Principale\Downloads\Antivirus_Free_Edition.exe
2015-06-04 08:41 - 2015-06-04 08:41 - 02199018 _____ C:\Users\Principale\Downloads\fwdschedecolla.zip
2015-06-03 08:17 - 2015-06-10 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 07:55 - 2015-06-03 07:55 - 00000000 ____D C:\Users\Principale\AppData\Local\transmission
2015-06-03 07:54 - 2015-06-04 17:45 - 00000000 ____D C:\Users\Principale\AppData\Roaming\transmission
2015-06-03 07:54 - 2015-06-03 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission-Qt
2015-06-03 07:54 - 2015-06-03 07:54 - 00000000 ____D C:\Program Files\Transmission
2015-06-03 07:53 - 2015-06-03 07:54 - 15922896 _____ (Transmission) C:\Users\Principale\Downloads\Transmission-Qt-2.84.4-x86_32-installer.exe
2015-06-03 07:53 - 2015-06-03 07:53 - 01998432 _____ (BitTorrent Inc.) C:\Users\Principale\Downloads\uTorrent.exe
2015-06-03 07:52 - 2015-06-03 07:53 - 00090692 _____ C:\Users\Principale\Downloads\Pinnacle Studio HD Ultimate Collection 15.torrent
2015-06-01 19:05 - 2015-06-01 19:05 - 01054053 _____ C:\Users\Principale\Downloads\WpaTesterRc3.apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-29 19:22 - 2011-04-12 13:47 - 00741696 _____ C:\Windows\system32\perfh010.dat
2015-06-29 19:22 - 2011-04-12 13:47 - 00147248 _____ C:\Windows\system32\perfc010.dat
2015-06-29 19:22 - 2009-07-14 07:13 - 01662310 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 19:02 - 2015-04-27 15:23 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-29 18:54 - 2015-05-29 12:49 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-29 18:54 - 2015-04-27 10:11 - 00000000 ____D C:\1pdf
2015-06-29 17:54 - 2009-07-14 06:51 - 00469197 _____ C:\Windows\setupact.log
2015-06-29 16:38 - 2015-04-25 17:14 - 00000000 ____D C:\Users\Principale\Desktop\tutti i file salvati
2015-06-29 13:08 - 2015-04-25 14:09 - 00000000 ____D C:\Users\Principale
2015-06-29 12:54 - 2015-05-29 12:49 - 00001154 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 08:49 - 2015-05-12 18:33 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Principale-PC-Principale Principale-PC
2015-06-29 08:34 - 2009-07-14 06:45 - 00023808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-29 08:34 - 2009-07-14 06:45 - 00023808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-29 08:32 - 2015-04-25 14:10 - 00285160 _____ C:\Windows\WindowsUpdate.log
2015-06-29 08:28 - 2015-04-25 15:47 - 00000000 ____D C:\Users\Principale\AppData\Local\Adobe
2015-06-29 08:27 - 2015-04-25 15:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 08:27 - 2010-11-21 05:47 - 00024864 _____ C:\Windows\PFRO.log
2015-06-29 08:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 12:03 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-27 12:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-27 11:59 - 2015-04-25 16:25 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-06-25 19:11 - 2015-05-08 16:13 - 00000000 ____D C:\Users\Principale\AppData\Local\JDownloader v2.0
2015-06-25 08:41 - 2015-04-27 10:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 12:02 - 2015-05-27 14:04 - 00000000 ____D C:\Users\Principale\Desktop\MAPPE 2015
2015-06-24 11:02 - 2015-04-27 15:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 11:02 - 2015-04-27 15:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 11:02 - 2015-04-27 15:23 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 08:55 - 2015-05-29 12:50 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 13:55 - 2015-05-14 11:52 - 00041402 _____ C:\Windows\DPINST.LOG
2015-06-22 13:54 - 2015-04-25 16:01 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-12 13:34 - 2015-04-27 09:26 - 00000671 _____ C:\Windows\efiinst.log
2015-06-12 13:34 - 2015-04-25 15:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-09 09:10 - 2015-05-18 09:03 - 00000000 ____D C:\Users\Principale\Documents\File di Outlook
2015-06-09 09:08 - 2015-04-25 16:24 - 00000000 ____D C:\Users\Principale\AppData\Local\Microsoft Help
2015-06-08 09:07 - 2015-04-27 08:39 - 00000000 ____D C:\Users\Principale\Desktop\Driver
2015-06-05 09:02 - 2015-04-27 19:43 - 00000000 ____D C:\FFOutput
2015-06-05 08:22 - 2015-04-25 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 09:00 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2015-05-14 11:50 - 2015-05-14 11:52 - 0044120 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 10:55

==================== End of log ============================



Secondo Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Principale at 2015-06-29 19:44:11
Running from C:\Users\Principale\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4154990772-4121405202-2777641981-500 - Administrator - Disabled)
Guest (S-1-5-21-4154990772-4121405202-2777641981-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4154990772-4121405202-2777641981-1003 - Limited - Enabled)
Principale (S-1-5-21-4154990772-4121405202-2777641981-1000 - Administrator - Enabled) => C:\Users\Principale

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 2.4.1.21 (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
AIDA64 Extreme v5.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.20 - FinalWire Ltd.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.74 - MOJOSOFT)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Danea Easyfatt (dimostrativo) (HKLM-x32\...\Danea Easyfatt) (Version: 2013.22b - Danea Soft (Italy))
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
Emergency Download Driver (HKLM-x32\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia)
Fiery Remote Scan 5.7.1.21 (HKLM-x32\...\{35C30793-32F4-11D6-A043-00E081105A80}) (Version: 5.7.1.21 - Electronics For Imaging)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Freemake Video Converter versione 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hotfix per Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{90E6C0AA-3DF3-31E2-97B1-B91DB28E46B7}.KB947789) (Version: 1 - Microsoft Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ITA (HKLM-x32\...\{90E6C0AA-3DF3-31E2-97B1-B91DB28E46B7}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ITA (HKLM-x32\...\{8BFB850C-AD23-326D-99C8-D42DFDCF7EA0}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
MiPony 2.2.4 (HKLM-x32\...\MiPony) (Version: 2.2.4 - )
Mozilla Firefox 38.0.5 (x86 it) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 it)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
NVIDIA Driver 3D Vision 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Driver audio HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Driver del controller 3D Vision 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA Driver grafico 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Pannello di controllo NVIDIA 350.12 (Version: 350.12 - NVIDIA Corporation) Hidden
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Software602 Print2PDF (HKLM-x32\...\{32C74893-0243-4235-A6F3-201F0E5D2C03}) (Version: 9.1.11.0421 - Software602 Inc.)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.4 - Transmission)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
Windows Phone Recovery Tool 2.1.1 (HKLM-x32\...\{461efced-58d4-4470-9b4b-5f2fc83704d4}) (Version: 2.1.1 - Microsoft)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)
XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4154990772-4121405202-2777641981-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

27-06-2015 11:48:29 Punto di controllo pianificato

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-27 12:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087B10EB-815B-44B5-B29E-AC5F7A88851D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {209551C3-DEDC-4322-A515-684D33F81E9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2EE6BF4C-DD81-4662-81D9-4107F2D0162D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc.)
Task: {62FCDF27-9067-4181-B1BA-E4D952DF27F1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Principale-PC-Principale Principale-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {65F69187-4EA5-4CD1-A82A-59846C5BD90F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {75559C88-01B1-496A-B493-79A6F29B3A6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BCCE8454-373F-4207-B14D-04EDA5E2F06A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {BEC6E76F-523A-4A99-B44B-20C0096933D8} - System32\Tasks\AdobeAAMUpdater-1.0-Principale-PC-Principale => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {C7CEE3FE-23CD-4A1B-B9A7-B6BDAFC44AA1} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-08] (Microsoft Corporation)
Task: {CEAD80B7-BDCE-4CB5-8047-748D4BE6AFA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-25 18:25 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-04-25 18:25 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-05-07 18:19 - 2010-12-02 02:13 - 00216576 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\Software602.dll
2015-04-25 15:20 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-16 17:42 - 2015-04-16 17:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-16 17:41 - 2015-04-16 17:41 - 05842080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-06-04 04:11 - 2014-06-04 04:11 - 00798576 _____ () c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Draw\PsiClient.dll
2014-05-08 03:35 - 2014-05-08 03:35 - 00470728 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2014\aif_core.dll
2014-05-08 03:36 - 2014-05-08 03:36 - 02605256 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2014\aif_ogl.dll
2015-05-14 12:34 - 2015-05-14 12:34 - 00093696 _____ () C:\Users\Principale\AppData\Local\assembly\dl3\AGV03HEB.V07\9LKKPCD8.980\79fc4b93\00eae00f_7e44cf01\DYMO.Common.DLL
2015-04-25 15:21 - 2015-04-09 02:58 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 00746672 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 00136368 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Principale\Desktop\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\Antivirus_Free_Edition.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\kompozer-0.8b3.it.win32.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\pdf2wordsetup.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\Transmission-Qt-2.84.4-x86_32-installer.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\uTorrent.exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\WindowsPhoneRecoveryToolInstaller(1).exe:BDU
AlternateDataStreams: C:\Users\Principale\Downloads\WindowsPhoneRecoveryToolInstaller.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4154990772-4121405202-2777641981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Principale\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0A758B0C-3F55-4F26-B86A-B37121FEBAC3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{519110AB-A20C-4AFA-A02C-8CEA9069D480}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{73358896-5795-41A9-A1F2-0054A4910885}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{99653638-874A-4707-9355-5F23F136FE57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{360C7041-FC48-46CC-83AD-9561F5745B99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{34FD2372-0A91-4BEE-B4E8-80FDB712E28A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C679F7D3-0243-4B07-83C8-F42E41542BBD}] => (Allow) LPort=1688
FirewallRules: [{9B4E00BB-8687-4D64-9BDF-7157927D5289}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{019EE201-17A3-46B9-9D8F-B3B8BE9CADE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AE3CE0D-5A18-4DAD-95C1-2D903DF40FF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E6B1F699-57F1-4B4F-A234-7C19CF44AB40}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{255E758E-0C9B-49F3-B1BC-8ACBE92AFD70}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A38FE122-C88E-4803-9602-210E692E4068}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2507FEC2-E31B-4D0E-B7AF-49A4C5A21DBF}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{DDAF9204-281E-46C1-968C-5D530EF1E17D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{9F409FC7-4EA6-41FD-82D6-9B37E7A383B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63702660-552E-4281-A9C1-6852724689C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01474596-1A86-4B85-8145-1B3F7CDC9866}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{DD8042B6-09CC-4402-BC02-709ECF62305E}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{12B09AFA-4764-4734-8342-DC088030B3C5}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{618DFE60-EAE0-4CFF-A5A3-72587C7C5A7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Controller PCI Simple Communications
Description: Controller PCI Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 06:56:25 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 06:28:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:36:23 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:31:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:30:53 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:10:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:07:39 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 04:18:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 04:18:26 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 01:58:54 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


System errors:
=============
Error: (06/29/2015 03:47:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk3\DR11.

Error: (06/29/2015 03:47:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk3\DR11.

Error: (06/29/2015 03:47:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk3\DR11.

Error: (06/29/2015 03:47:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk3\DR11.

Error: (06/29/2015 11:16:34 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.

Error: (06/29/2015 11:16:33 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.

Error: (06/29/2015 11:16:33 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.

Error: (06/29/2015 11:16:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.

Error: (06/29/2015 11:16:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.

Error: (06/29/2015 11:16:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: Il driver ha rilevato un errore del controller su \Device\Harddisk2\DR4.


Microsoft Office:
=========================
Error: (06/29/2015 06:56:25 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 06:28:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:36:23 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:31:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:30:53 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:10:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 05:07:39 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 04:18:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 04:18:26 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/29/2015 01:58:54 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


CodeIntegrity Errors:
===================================
Date: 2015-06-27 11:59:28.285
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2015-06-27 11:59:28.261
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 56%
Total physical RAM: 8137.52 MB
Available physical RAM: 3549 MB
Total Pagefile: 16273.23 MB
Available Pagefile: 10147.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:44.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 03CE1EF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of log ============================

 

[R16]

Sinceramente nei log non risultano infezioni.
Rifai una scansione con HiJackThis e controlla se vedi questa voce:

F3 - REG:win.ini: load=C:\ProgramData\msqafggb.exe

 

[Luca Pugliese]

ok domani lo faccio! grazie vi tengo aggiornati

- - - Updated - - -



Ecco !:)

- - - Updated - - -

ho provato ad fixare la stringa F3 - REG:win.ini: load=C:\ProgramData\msqafggb.exe


ma niente !! se rifaccio la scansione ce sempre!! cosa faccio?:grat:

 

[R16]

Ciao.
Strano che non risulti nel log di FRST.
Vediamo se risulta con OTL:

Scarica OTL, e salvalo sul desktop:

OTL OldTimer's List-It Download - Geeks to Go Forum

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per essere più chiaro;
Collegati ad internet e vai alla pagina WikiSend:
Wikisend: free file sharing service
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

 

[Luca Pugliese]

Ecco

OTL.Txt

Extras.Txt

- - - Updated - - -

questo file Bat lo ricavato da una penna infetta magari può essere utile?

exec01.bat

 

[Mursey]

Una scansione con Malwarebytes ma in modalita' provvisoria la hai fatta ?
Il virus dovrebbe essere sul pc e agire sulla chiavetta, non risiedere sulla chiavetta stessa.

PS: direttoria non si dice, o la chiami directory o la chiami cartella