Vai al contenuto

English Italiano
Colour Theme
 

Indice Del Forum

- - - - -

Problema Con Pc Molto Lento - Potete Controllarmi Il Log?


  • Non puoi rispondere a questa discussione
17 replies to this topic

#1 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 17 May 2013 - 11:55 AM

Salve, il mio PC dopo aver eliminato un virus, è diventato molto lento in tutte le prestazioni. Allego il log di HJT (ho prima fatto tutti i passaggi indicati nel forum Ccleaner, Combofix, MalwareBytes, Advanced Sytem Care).
Sono nuovo del forum e non sono molto esperto di PC, spero riusciate ad aiutarmi.
Grazie mille in anticipo

Allega File



#2 Pike

Pike

    Illuminato

  • Vice Admin
  • 7665 Messaggi:
  • Sesso:

Inviato 17 May 2013 - 14:35 PM

ciao fedegiu,
dovresti allegare i log di Combofix e Mbam, per piacere.

#3 gopher

gopher

    Praticante

  • Utenti
  • PipPipPipPip
  • 265 Messaggi:
  • Sesso:
  • Località:/dev/null

Inviato 17 May 2013 - 14:46 PM

Ciao,
Io non vedo nessuna anomalia evidente tranne questa riga del log
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - [...]\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
che mi pare dubbia più che altro per il percorso. Se riesci ad isolare il file SoftwareUpdService.exe puoi farlo controllare su virus total (https://www.virustotal.com/it/)

Post modificato da gopher il 17 May 2013 - 14:47 PM


#4 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 07:01 AM

non ho più i log di Combofix e Mbam eseguiti prima, ho conservato solo quello di hijackthis. va bene se li rifaccio adesso?

#5 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 07:02 AM

grazie ma come faccio ad isolare il file sospetto?

#6 Mr 4011

Mr 4011

    Terribilus

  • Vice Admin
  • 2567 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 10:02 AM

Ciao fedegiu

OTL
  • Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
  • Fare doppio clic sull'icona per eseguirlo
  • Quando appare la schermata di OTL, in alto nel box Output modificare in Minimal output.
  • Mettere un segno di spunta alle voci "LOP Check e Purity Check"
  • Nel box Custom scan fixes incolla le seguenti direttive:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Fare clic sul pulsante Run Scan situato in alto a sinistra. Non modificare le impostazioni se non istruiti a farlo. La scansione durera' un bel po' , abbiate pazienza.
    • Quando la scansione è completata, si apriranno due finestre notepad. OTL.Txt e Extras.Txt.
    • Questi sono salvati nella stessa posizione dove si trova OTL.
    • Si prega di copiare (Edit-> Seleziona tutto, Modifica-> Copia) il contenuto di questi file, uno alla volta, e postarli nella successiva risposta.
    • Potrebbero essere necessari due post.

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .


Non allegare i log, fai copia incolla del loro contenuto

#7 Pike

Pike

    Illuminato

  • Vice Admin
  • 7665 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 10:24 AM

Visualizza messaggiofedegiu, su 20 May 2013 - 07:01 AM, ha detto:

non ho più i log di Combofix e Mbam eseguiti prima, ho conservato solo quello di hijackthis. va bene se li rifaccio adesso?
Mi sa che hai torto, sai? :)

In c:\Combofix.txt dovrebbe ancora esserci.
Mentre MBAM ha una opportuna linguetta nel programma dove vengono catalogati tutti i file di log del sistema.

#8 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 21:16 PM

ciao mr 4011, ci provo, ti allego i primi 2 log:

OTL logfile created on: 20/05/2013 21.32.06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fede\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

479,48 Mb Total Physical Memory | 140,29 Mb Available Physical Memory | 29,26% Memory free
1,10 Gb Paging File | 0,49 Gb Available in Paging File | 44,93% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 186,26 Gb Total Space | 141,82 Gb Free Space | 76,14% Space Free | Partition Type: FAT32

Computer Name: OEM-2B12LUWM5GV | User Name: fede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\fede\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programmi\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Programmi\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Programmi\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Programmi\Chiavetta Internet Olicard 200\ModemApplication.exe ()
PRC - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()
PRC - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()
PRC - C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)
PRC - C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVAST Software\Avast\defs\13052000\algo.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Programmi\AVAST Software\Avast\defs\13051801\algo.dll ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\webres.dll ()
MOD - C:\Programmi\IObit\Advanced SystemCare 6\sqlite3.dll ()
MOD - C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()
MOD - C:\Programmi\Canon\ImageBrowser EX\ServerCommon.dll ()
MOD - C:\Programmi\Canon\ImageBrowser EX\ServerCommon.xmlserializers.dll ()
MOD - C:\Programmi\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\Programmi\Chiavetta Internet Olicard 200\ModemApplication.exe ()
MOD - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()
MOD - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\WlanApp.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdvancedSystemCareService6) -- C:\Programmi\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SoftwareUpd) -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (Olivetti Silverstone Modem Device Helper) -- C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()
SRV - (CCALib8) -- C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ANIWZCSdService) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\fede\IMPOST~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)
DRV - (Olicard200net) -- C:\WINDOWS\system32\drivers\Olicard200Usbnet.sys (Olivetti)
DRV - (jrdusbser) -- C:\WINDOWS\system32\drivers\jrdusbser.sys (Olivetti)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EC2EADE5-7CD5-4252-BB98-0C359F21041B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{EC2EADE5-7CD5-4252-BB98-0C359F21041B}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EC2EADE5-7CD5-4252-BB98-0C359F21041B}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " http://search.findeer.com"
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programmi\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2013/05/13 21.52.50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/01/01 00.48.20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/01/01 00.48.22 | 000,000,000 | ---D | M]

[2011/01/01 00.49.50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Extensions
[2011/01/01 00.49.50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions
[2011/01/04 18.03.22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/05/09 21.48.14 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions\ascsurfingprotection@iobit.com
[2011/09/12 22.35.46 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2010/11/28 14.39.14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 08.31.12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2011/09/03 02.19.20 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2011/09/03 02.58.06 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/09/03 02.58.06 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/09/03 02.58.06 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/09/03 02.58.06 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/31 20.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Programmi\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM] C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Sepang Olivetti ModemListener] C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Programmi\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ImageBrowser EX Agent.lnk = C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()
O4 - Startup: C:\Documents and Settings\fede\Menu Avvio\Programmi\Esecuzione automatica\Sommario di OneNote.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{944F2CCE-1453-4343-8F19-61BE9B2F2876}: DhcpNameServer = 151.99.125.2 151.99.125.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0BC74CE-68FC-41B0-B1F7-E7669C3E25F9}: NameServer = 213.230.129.10 213.230.155.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8355D42-5C94-475B-BF7C-F1FF56CA0128}: DhcpNameServer = 151.99.125.2 151.99.125.3
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter ext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/12 08.58.54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32 ssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 21.29.52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe
[2013/05/14 21.09.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fede\Recent
[2013/05/13 21.54.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\avast! Free Antivirus
[2013/05/13 21.54.30 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/13 21.54.30 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/13 21.54.28 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/13 21.54.27 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/13 21.54.27 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/13 21.54.25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/13 21.54.24 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/13 21.52.45 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/10 20.37.53 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013/05/09 21.59.31 | 000,023,360 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/05/09 21.48.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/09 21.48.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\AppData
[2013/05/09 21.48.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\Dati applicazioni\IObit
[2013/05/09 21.48.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit
[2013/05/09 21.48.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Advanced SystemCare 6
[2013/05/09 21.47.50 | 000,000,000 | ---D | C] -- C:\Programmi\IObit
[2013/05/09 21.36.40 | 005,067,045 | R--- | C] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe
[2013/05/09 21.36.09 | 022,404,848 | ---- | C] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe
[2013/05/08 21.09.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\Dati applicazioni\Malwarebytes
[2013/05/08 21.09.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2013/05/08 21.09.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2013/05/08 21.09.04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/08 21.09.04 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2013/05/08 20.52.52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/08 20.52.52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/08 20.52.51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/08 20.52.51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/08 20.51.53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/07 23.26.27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/07 22.27.00 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[2013/05/06 21.31.25 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 21.29.18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe
[2013/05/20 21.04.26 | 000,001,126 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineUA.job
[2013/05/20 20.56.18 | 000,000,978 | ---- | M] () -- C:\WINDOWS asks\Adobe Flash Player Updater.job
[2013/05/20 20.20.02 | 000,000,304 | -H-- | M] () -- C:\WINDOWS asks\avast! Emergency Update.job
[2013/05/20 20.16.56 | 000,001,122 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineCore.job
[2013/05/20 20.16.54 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2013/05/20 20.16.50 | 000,000,258 | ---- | M] () -- C:\WINDOWS asks\ASC6_PerformanceMonitor.job
[2013/05/20 20.16.44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/20 20.16.42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/20 20.16.40 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/19 14.40.28 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/19 13.59.08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/19 13.59.08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/19 13.48.10 | 000,482,590 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/05/19 13.48.10 | 000,436,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/19 13.48.10 | 000,081,194 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/05/19 13.48.10 | 000,069,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/19 13.43.42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/13 21.54.34 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/13 21.54.26 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/10 21.07.52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2013/05/10 20.32.10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/05/09 21.48.08 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2013/05/09 21.48.08 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/05/09 13.25.08 | 022,404,848 | ---- | M] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe
[2013/05/09 10.59.10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/09 10.59.10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/09 10.59.10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/09 10.59.10 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/09 10.59.10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/09 10.59.10 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/09 10.59.10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/09 10.59.08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/09 10.58.38 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/09 10.58.28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/08 21.09.10 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/07 13.12.42 | 005,067,045 | R--- | M] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe
[2013/05/07 06.27.18 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/06 21.15.02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2013/05/06 13.45.44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe
[2013/04/30 22.00.32 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/19 13.24.23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/05/13 21.54.32 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/13 21.54.29 | 000,000,304 | -H-- | C] () -- C:\WINDOWS asks\avast! Emergency Update.job
[2013/05/13 21.54.26 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/13 21.54.26 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/10 21.05.12 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2013/05/10 21.05.11 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader 8.lnk
[2013/05/10 20.32.09 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/05/09 21.49.45 | 000,000,258 | ---- | C] () -- C:\WINDOWS asks\ASC6_PerformanceMonitor.job
[2013/05/09 21.48.06 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2013/05/09 21.48.06 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk
[2013/05/08 21.09.09 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/08 20.52.52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/08 20.52.52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/08 20.52.52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/08 20.52.52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/08 20.52.51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/07 23.19.15 | 502,845,440 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/06 21.15.01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\housecall.guid.cache
[2013/01/27 21.37.28 | 000,502,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2012/04/03 21.38.48 | 000,000,171 | ---- | C] () -- C:\WINDOWS\disney.ini
[2012/04/03 21.38.15 | 000,000,193 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2012/02/20 21.37.39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/02 23.27.32 | 000,000,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/07/19 22.02.41 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun
[2011/02/10 21.18.52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fede\Ÿ9Ÿ9
[2010/11/12 13.37.01 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/11/12 23.00.38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 15.16.32 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/20 12.53.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
[2011/09/14 23.26.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2013/01/13 09.27.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Canon_Inc_IC
[2013/05/09 21.48.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit
[2013/05/09 21.48.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2010/11/12 09.03.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\InterTrust
[2010/11/20 12.53.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\Autodesk
[2010/12/27 21.49.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\OLYMPUS
[2011/02/09 21.41.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\ElevatedDiagnostics
[2013/01/04 16.26.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\PerformerSoft
[2013/01/13 09.28.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\canon
[2013/01/13 09.31.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\Canon_Inc_IC
[2013/05/09 21.48.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\IObit

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\FLAG.ID
[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\IT.ID
[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\XPSP1.ID
[2010/11/12 08.44.44 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2003/01/24 10.49.36 | 000,441,001 | ---- | M] () -- C:\TXTSETUP.SIF
[2002/08/29 01.06.04 | 000,246,960 | ---- | M] () -- C:\$LDR$
[2013/05/20 20.16.38 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys
[2001/08/31 20.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/11/12 09.29.20 | 000,251,600 | RHS- | M] () -- C:\ntldr
[2010/11/12 09.29.20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/12/26 15.48.02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/12 08.58.54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 08.58.54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/12 08.58.54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/12 08.58.54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 23.00.12 | 000,261,312 | RHS- | M] () -- C:\cmldr
[2010/11/12 09.32.42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/05/20 20.16.40 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/10 20.32.10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

< %systemroot%\Fonts\*.com >
[2006/04/18 15.39.28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14.53.56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15.39.28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14.58.52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/11/12 08.58.44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 11.50.04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 13.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19.56.12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2007/10/20 18.21.50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2013/05/09 10.58.38 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/11/12 08.55.10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2010/11/12 08.55.10 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/11/12 08.55.10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/12 09.37.18 | 000,000,181 | -HS- | M] () -- C:\Documents and Settings\fede\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/11/12 09.20.02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\fede\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2013/05/06 13.45.44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe
[2013/05/09 13.25.08 | 022,404,848 | ---- | M] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe
[2013/05/07 13.12.42 | 005,067,045 | R--- | M] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe
[2013/05/20 21.29.18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32 est\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-19 11:53:32
< End of report >




OTL Extras logfile created on: 20/05/2013 21.32.06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fede\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

479,48 Mb Total Physical Memory | 140,29 Mb Available Physical Memory | 29,26% Memory free
1,10 Gb Paging File | 0,49 Gb Available in Paging File | 44,93% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 186,26 Gb Total Space | 141,82 Gb Free Space | 76,14% Space Free | Partition Type: FAT32

Computer Name: OEM-2B12LUWM5GV | User Name: fede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" = C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 -- (Adobe Systems Incorporated)
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\groove.exe" = C:\Programmi\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" = C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility -- (D-Link)
"C:\Programmi\Internet Explorer\iexplore.exe" = C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5783F2D7-0201-0410-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Autodesk Express Viewer" = Autodesk Express Viewer
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"Chiavetta Internet Olicard 200_is1" = Chiavetta Internet Olicard 200
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ie8" = Windows Internet Explorer 8
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 it)" = Mozilla Firefox 6.0.2 (x86 it)
"PhotoStitch" = Canon Utilities PhotoStitch
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi
"XviD4PSP5" = XviD4PSP 5.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/03/2013 6.01.17 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 6.01.20 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 7.40.32 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 7.40.32 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 21/03/2013 7.14.18 | Computer Name = OEM-2B12LUWM5GV | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ANIWZCSdS.exe, versione 1.0.3.7034,
modulo che ha provocato l'errore user32.dll, versione 5.1.2600.5512, indirizzo
errore 0x00014acd.

Error - 08/04/2013 15.29.12 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 09/04/2013 13.46.57 | Computer Name = OEM-2B12LUWM5GV | Source = MsiInstaller | ID = 11719
Description = Prodotto: OLYMPUS Master -- Errore 1719. Impossibile accedere al servizio
Windows Installer. Ciò può verificarsi se Windows Installer non è installato correttamente.
Contattare il personale di assistenza.

Error - 09/04/2013 14.59.29 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/04/2013 14.50.15 | Computer Name = OEM-2B12LUWM5GV | Source = MsiInstaller | ID = 11719
Description = Prodotto: OLYMPUS Master -- Errore 1719. Impossibile accedere al servizio
Windows Installer. Ciò può verificarsi se Windows Installer non è installato correttamente.
Contattare il personale di assistenza.

Error - 06/05/2013 14.52.45 | Computer Name = OEM-2B12LUWM5GV | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ANIWZCSdS.exe, versione 1.0.3.7034,
modulo che ha provocato l'errore user32.dll, versione 5.1.2600.5512, indirizzo
errore 0x00014acd.

[ System Events ]
Error - 13/05/2013 15.14.15 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 14/05/2013 15.10.06 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 14/05/2013 15.16.22 | Computer Name = OEM-2B12LUWM5GV | Source = Windows Update Agent | ID = 16
Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio
Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base
alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire
una connessione.

Error - 15/05/2013 14.50.21 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 19/05/2013 6.21.26 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 19/05/2013 6.22.21 | Computer Name = OEM-2B12LUWM5GV | Source = Windows Update Agent | ID = 16
Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio
Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base
alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire
una connessione.

Error - 19/05/2013 6.33.02 | Computer Name = OEM-2B12LUWM5GV | Source = DCOM | ID = 10010
Description = Il server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} non si è registrato
con DCOM entro il tempo d'attesa richiesto.

Error - 19/05/2013 8.42.37 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 20/05/2013 14.18.26 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022
Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 20/05/2013 15.03.40 | Computer Name = OEM-2B12LUWM5GV | Source = DCOM | ID = 10010
Description = Il server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} non si è registrato
con DCOM entro il tempo d'attesa richiesto.


< End of report >

#9 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 21:40 PM

ciao mr 4011, questo è l'altro log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-20 22:19:34
-----------------------------
22:19:34.640 OS Version: Windows 5.1.2600 Service Pack 3
22:19:34.640 Number of processors: 2 586 0x209
22:19:34.687 ComputerName: OEM-2B12LUWM5GV UserName: fede
22:19:37.515 Initialize success
22:19:42.375 AVAST engine defs: 13052000
22:19:55.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:19:55.265 Disk 0 Vendor: SAMSUNG_SP2014N VC100-33 Size: 190782MB BusType: 3
22:19:55.406 Disk 0 MBR read successfully
22:19:55.421 Disk 0 MBR scan
22:19:55.593 Disk 0 Windows XP default MBR code
22:19:55.609 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 190779 MB offset 63
22:19:55.656 Disk 0 scanning sectors +390716865
22:19:55.687 Disk 0 scanning C:\WINDOWS\system32\drivers
22:20:18.015 Service scanning
22:20:30.765 Modules scanning
22:20:55.984 Disk 0 trace - called modules:
22:20:56.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:20:56.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853cdab8]
22:20:56.062 3 CLASSPNP.SYS[f7856fd7] -> nt!IofCallDriver -> \Device\0000005e[0x853d0a40]
22:20:56.078 5 ACPI.sys[f77cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x853d0b58]
22:20:56.984 AVAST engine scan C:\WINDOWS
22:21:06.687 AVAST engine scan C:\WINDOWS\system32
22:24:03.703 AVAST engine scan C:\WINDOWS\system32\drivers
22:24:19.718 AVAST engine scan C:\Documents and Settings\fede
22:25:27.093 AVAST engine scan C:\Documents and Settings\All Users
22:25:40.500 Scan finished successfully
22:28:19.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fede\Desktop\MBR.dat"
22:28:19.546 The log file has been saved successfully to "C:\Documents and Settings\fede\Desktop\aswMBR.txt"

#10 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 21:44 PM

per mr 4011

scusa dimenticavo l'ultimo file

Allega File

  • Allega file  MBR.rar   512bytes   0 Numero di downloads


#11 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 20 May 2013 - 21:46 PM

ciao Pike.

il log di combofix non l'ho trovato, ti allego l'altro e grazie

Malwarebytes Anti-Malware (Prova) 1.75.0.1300
www.malwarebytes.org
Versione database: v2013.05.13.08
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
fede :: OEM-2B12LUWM5GV [amministratore]
Protezione: Attivata
14/05/2013 21.16.54
mbam-log-2013-05-14 (21-16-54).txt
Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 53018
Tempo impiegato: 18 minuti, 27 secondi [interrotto]
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)

#12 Mr 4011

Mr 4011

    Terribilus

  • Vice Admin
  • 2567 Messaggi:
  • Sesso:

Inviato 22 May 2013 - 17:13 PM

Ciao Fedegiu






Scarica AdwCleaner by Xplode sul tuo desktop
Chiudere tutti i programmi e le pagine internet aperte.
Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.
Fare clic su Elimina.
Confermare ogni volta con Ok.
Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.
Si prega di inviare il contenuto di tale file di log nela risposta successiva.
È possibile trovare il file di log anche in C:\AdwCleaner [S1] txt ..




Immagine inserita Scarica Junkware Removal Tool sul desktop.
  • Arrestare il software di protezione ora per evitare potenziali conflitti
  • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
  • Lo strumento si apre e avvia la scansione del sistema.
  • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
  • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
  • Post i contenuti di JRT.txt nel messaggio successivo


  • Scarica RogueKiller e salvalo sul desktop
  • Chiudi tutti gli altri programmi
  • Avvia RogueKiller.exe
  • Attendere mentre la Prescansione termina
  • Click su Scan

    Immagine inserita

  • Attendere la fine della scansione
  • Un report sarà creato sul desktop.
  • Click su Delete

    Immagine inserita

  • Successivamente cliccare su ShortcutsFix

    Immagine inserita

  • Un'altro log sarà creato sul desktop.

Posta tutti gli RKreport.txt posizionati sul tuo desktop.

#13 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 25 May 2013 - 06:49 AM

Ciao mr 4011.
Intanto grazie. Ho seguito le tue istruzioni, ora ti allego i log.
Però non ho trovato sul desktop il secondo report che avrebbe dovuto generarmi in automatico roguekiller dopo "ripara collegamenti". Ne ho trovato uno (quarantine Report) sulla sua cartella, non so se è quello giusto, io te lo posto ugualmente. Ho provato anche a cliccare io su report e mi dice "impossibile trovare RkReport[2]

# AdwCleaner v2.301 - Logfile creato il 24/05/2013 alle 19:41:20
# Aggiornamento 16/05/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : fede - OEM-2B12LUWM5GV
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\fede\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\fede\Dati applicazioni\file scout
Cartella Eliminato : C:\Documents and Settings\fede\Dati applicazioni\PerformerSoft
Cartella Eliminato : C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\PackageAware
Cartella Eliminato : C:\Programmi\file scout

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v6.0.2 (it)

File : C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\prefs.js

C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\user.js ... Eliminato !

[OK] File Pulito.

*************************


AdwCleaner[S1].txt - [1376 octets] - [24/05/2013 19:41:20]

########## EOF - C:\AdwCleaner[S1].txt - [1436 octets] ##########






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by fede on 24/05/2013 at 19.47.15,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\fede\Dati applicazioni\mozilla\firefox\profiles\plbn07t0.default\prefs.js

user_pref("browser.startup.homepage", " hxxp://search.findeer.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2013 at 19.52.58,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : fede [Admin rights]
Mode : Scan -- Date : 05/24/2013 20:03:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AGRSMMSG.EXE -- C:\WINDOWS\AGRSMMSG.exe [7] -> Chiuso [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys [-] --> Trovato
[Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys [-] --> Trovato
[Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys [-] --> Trovato
[Faked.Drv][FILE] bthusb.sys : C:\WINDOWS\system32\drivers\bthusb.sys [-] --> Trovato
[Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys [-] --> Trovato
[Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys [-] --> Trovato
[Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys [-] --> Trovato
[Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys [-] --> Trovato
[Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys [-] --> Trovato
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys [-] --> Trovato
[Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys [-] --> Trovato
[Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys [-] --> Trovato
[Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys [-] --> Trovato
[Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys [-] --> Trovato
[Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys [-] --> Trovato
[Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys [-] --> Trovato
[Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys [-] --> Trovato
[Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys [-] --> Trovato
[Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys [-] --> Trovato
[Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys [-] --> Trovato
[Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys [-] --> Trovato
[Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys [-] --> Trovato
[Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys [-] --> Trovato
[Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys [-] --> Trovato
[Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys [-] --> Trovato
[Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys [-] --> Trovato
[Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys [-] --> Trovato
[Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys [-] --> Trovato
[Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys [-] --> Trovato
[Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys [-] --> Trovato
[Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys [-] --> Trovato
[Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys [-] --> Trovato
[Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys [-] --> Trovato
[Faked.Drv][FILE] atinbtxx.sys : C:\WINDOWS\system32\drivers\atinbtxx.sys [-] --> Trovato
[Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys [-] --> Trovato
[Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys [-] --> Trovato
[Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys [-] --> Trovato
[Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys [-] --> Trovato
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys [-] --> Trovato
[Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys [-] --> Trovato
[Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys [-] --> Trovato
[Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys [-] --> Trovato
[Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys [-] --> Trovato
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys [-] --> Trovato
[Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys [-] --> Trovato
[Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys [-] --> Trovato
[Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys [-] --> Trovato
[Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys [-] --> Trovato
[Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys [-] --> Trovato
[Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys [-] --> Trovato
[Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys [-] --> Trovato
[Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys [-] --> Trovato
[Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys [-] --> Trovato
[Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys [-] --> Trovato
[Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys [-] --> Trovato
[Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys [-] --> Trovato
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys [-] --> Trovato
[Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys [-] --> Trovato
[Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys [-] --> Trovato
[Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys [-] --> Trovato
[Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys [-] --> Trovato
[Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys [-] --> Trovato
[Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys [-] --> Trovato
[Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys [-] --> Trovato
[Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys [-] --> Trovato
[Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys [-] --> Trovato
[Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys [-] --> Trovato
[Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys [-] --> Trovato
[Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys [-] --> Trovato
[Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys [-] --> Trovato
[Faked.Drv][FILE] amdagp.sys : C:\WINDOWS\system32\drivers\amdagp.sys [-] --> Trovato
[Faked.Drv][FILE] alim1541.sys : C:\WINDOWS\system32\drivers\alim1541.sys [-] --> Trovato
[Faked.Drv][FILE] agpcpq.sys : C:\WINDOWS\system32\drivers\agpcpq.sys [-] --> Trovato
[Faked.Drv][FILE] agp440.sys : C:\WINDOWS\system32\drivers\agp440.sys [-] --> Trovato
[Faked.Drv][FILE] hidusb.sys : C:\WINDOWS\system32\drivers\hidusb.sys [-] --> Trovato
[Faked.Drv][FILE] mouhid.sys : C:\WINDOWS\system32\drivers\mouhid.sys [-] --> Trovato
[Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys [-] --> Trovato
[Faked.Drv][FILE] Dr71WU.sys : C:\WINDOWS\system32\drivers\Dr71WU.sys [-] --> Trovato
[Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys [-] --> Trovato
[Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys [-] --> Trovato
[Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys [-] --> Trovato
[Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys [-] --> Trovato
[Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys [-] --> Trovato
[Faked.Drv][FILE] usbccgp.sys : C:\WINDOWS\system32\drivers\usbccgp.sys [-] --> Trovato
[Faked.Drv][FILE] usbprint.sys : C:\WINDOWS\system32\drivers\usbprint.sys [-] --> Trovato
[Faked.Drv][FILE] CDAC15BA.SYS : C:\WINDOWS\system32\drivers\CDAC15BA.SYS [-] --> Trovato
[Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys [-] --> Trovato
[Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys [-] --> Trovato
[Faked.Drv][FILE] usbscan.sys : C:\WINDOWS\system32\drivers\usbscan.sys [-] --> Trovato
[Faked.Drv][FILE] CDRBSDRV.SYS : C:\WINDOWS\system32\drivers\CDRBSDRV.SYS [-] --> Trovato
[Faked.Drv][FILE] HPZius12.sys : C:\WINDOWS\system32\drivers\HPZius12.sys [-] --> Trovato
[Faked.Drv][FILE] HPZid412.sys : C:\WINDOWS\system32\drivers\HPZid412.sys [-] --> Trovato
[Faked.Drv][FILE] HPZipr12.sys : C:\WINDOWS\system32\drivers\HPZipr12.sys [-] --> Trovato
[Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys [-] --> Trovato
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys [-] --> Trovato
[Faked.Drv][FILE] aswRvrt.sys : C:\WINDOWS\system32\drivers\aswRvrt.sys [-] --> Trovato
[Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys [-] --> Trovato
[Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys [-] --> Trovato
[Faked.Drv][FILE] mbam.sys : C:\WINDOWS\system32\drivers\mbam.sys [-] --> Trovato
[Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys [-] --> Trovato
[Faked.Drv][FILE] jrdusbser.sys : C:\WINDOWS\system32\drivers\jrdusbser.sys [-] --> Trovato
[Faked.Drv][FILE] Olicard200Usbnet.sys : C:\WINDOWS\system32\drivers\Olicard200Usbnet.sys [-] --> Trovato
[Faked.Drv][FILE] kbdhid.sys : C:\WINDOWS\system32\drivers\kbdhid.sys [-] --> Trovato
[Faked.Drv][FILE] aswSnx.sys : C:\WINDOWS\system32\drivers\aswSnx.sys [-] --> Trovato
[Faked.Drv][FILE] aswTdi.sys : C:\WINDOWS\system32\drivers\aswTdi.sys [-] --> Trovato
[Faked.Drv][FILE] Rtlnic51.sys : C:\WINDOWS\system32\drivers\Rtlnic51.sys [-] --> Trovato
[Faked.Drv][FILE] sisgrp.sys : C:\WINDOWS\system32\drivers\sisgrp.sys [-] --> Trovato
[Faked.Drv][FILE] srvkp.sys : C:\WINDOWS\system32\drivers\srvkp.sys [-] --> Trovato
[Faked.Drv][FILE] aswRdr.sys : C:\WINDOWS\system32\drivers\aswRdr.sys [-] --> Trovato
[Faked.Drv][FILE] aswSP.sys : C:\WINDOWS\system32\drivers\aswSP.sys [-] --> Trovato
[Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys [-] --> Trovato
[Faked.Drv][FILE] aswFsBlk.sys : C:\WINDOWS\system32\drivers\aswFsBlk.sys [-] --> Trovato
[Faked.Drv][FILE] TrueSight.sys : C:\WINDOWS\system32\drivers\TrueSight.sys [-] --> Trovato
[Faked.Drv][FILE] SISAGPX.SYS : C:\WINDOWS\system32\drivers\SISAGPX.SYS [-] --> Trovato
[Faked.Drv][FILE] ALCXSENS.SYS : C:\WINDOWS\system32\drivers\ALCXSENS.SYS [-] --> Trovato
[Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys [-] --> Trovato
[Faked.Drv][FILE] wstcodec.sys : C:\WINDOWS\system32\drivers\wstcodec.sys [-] --> Trovato
[Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys [-] --> Trovato
[Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys [-] --> Trovato
[Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys [-] --> Trovato
[Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys [-] --> Trovato
[Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys [-] --> Trovato
[Faked.Drv][FILE] usbstor.sys : C:\WINDOWS\system32\drivers\usbstor.sys [-] --> Trovato
[Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys [-] --> Trovato
[Faked.Drv][FILE] usbohci.sys : C:\WINDOWS\system32\drivers\usbohci.sys [-] --> Trovato
[Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys [-] --> Trovato
[Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys [-] --> Trovato
[Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys [-] --> Trovato
[Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys [-] --> Trovato
[Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys [-] --> Trovato
[Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys [-] --> Trovato
[Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys [-] --> Trovato
[Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys [-] --> Trovato
[Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys [-] --> Trovato
[Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys [-] --> Trovato
[Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys [-] --> Trovato
[Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys [-] --> Trovato
[Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys [-] --> Trovato
[Faked.Drv][FILE] streamip.sys : C:\WINDOWS\system32\drivers\streamip.sys [-] --> Trovato
[Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys [-] --> Trovato
[Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys [-] --> Trovato
[Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys [-] --> Trovato
[Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys [-] --> Trovato
[Faked.Drv][FILE] slip.sys : C:\WINDOWS\system32\drivers\slip.sys [-] --> Trovato
[Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys [-] --> Trovato
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys [-] --> Trovato
[Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys [-] --> Trovato
[Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys [-] --> Trovato
[Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys [-] --> Trovato
[Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys [-] --> Trovato
[Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys [-] --> Trovato
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys [-] --> Trovato
[Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys [-] --> Trovato
[Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys [-] --> Trovato
[Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys [-] --> Trovato
[Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys [-] --> Trovato
[Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys [-] --> Trovato
[Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys [-] --> Trovato
[Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys [-] --> Trovato
[Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys [-] --> Trovato
[Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys [-] --> Trovato
[Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys [-] --> Trovato
[Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys [-] --> Trovato
[Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys [-] --> Trovato
[Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys [-] --> Trovato
[Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys [-] --> Trovato
[Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys [-] --> Trovato
[Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys [-] --> Trovato
[Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys [-] --> Trovato
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys [-] --> Trovato
[Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys [-] --> Trovato
[Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys [-] --> Trovato
[Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys [-] --> Trovato
[Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys [-] --> Trovato
[Faked.Drv][FILE] ndisip.sys : C:\WINDOWS\system32\drivers\ndisip.sys [-] --> Trovato
[Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys [-] --> Trovato
[Faked.Drv][FILE] nabtsfec.sys : C:\WINDOWS\system32\drivers\nabtsfec.sys [-] --> Trovato
[Faked.Drv][FILE] mstee.sys : C:\WINDOWS\system32\drivers\mstee.sys [-] --> Trovato
[Faked.Drv][FILE] mspqm.sys : C:\WINDOWS\system32\drivers\mspqm.sys [-] --> Trovato
[Faked.Drv][FILE] mspclock.sys : C:\WINDOWS\system32\drivers\mspclock.sys [-] --> Trovato
[Faked.Drv][FILE] mskssrv.sys : C:\WINDOWS\system32\drivers\mskssrv.sys [-] --> Trovato
[Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys [-] --> Trovato
[Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys [-] --> Trovato
[Faked.Drv][FILE] msdv.sys : C:\WINDOWS\system32\drivers\msdv.sys [-] --> Trovato
[Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys [-] --> Trovato
[Faked.Drv][FILE] mpe.sys : C:\WINDOWS\system32\drivers\mpe.sys [-] --> Trovato
[Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys [-] --> Trovato
[Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys [-] --> Trovato
[Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys [-] --> Trovato
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys [-] --> Trovato
[Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys [-] --> Trovato
[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> Trovato
[Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys [-] --> Trovato
[Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys [-] --> Trovato
[Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys [-] --> Trovato
[Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys [-] --> Trovato
[Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys [-] --> Trovato
[Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys [-] --> Trovato
[Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys [-] --> Trovato
[Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys [-] --> Trovato
[Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys [-] --> Trovato
[Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys [-] --> Trovato
[Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys [-] --> Trovato
[Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys [-] --> Trovato
[Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys [-] --> Trovato
[Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys [-] --> Trovato
[Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys [-] --> Trovato
[Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys [-] --> Trovato
[Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys [-] --> Trovato
[Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys [-] --> Trovato
[Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys [-] --> Trovato
[Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys [-] --> Trovato
[Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys [-] --> Trovato
[Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys [-] --> Trovato
[Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys [-] --> Trovato
[Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys [-] --> Trovato
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> Trovato
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys [-] --> Trovato
[Faked.Drv][FILE] ccdecode.sys : C:\WINDOWS\system32\drivers\ccdecode.sys [-] --> Trovato
[Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys [-] --> Trovato
[Faked.Drv][FILE] bdasup.sys : C:\WINDOWS\system32\drivers\bdasup.sys [-] --> Trovato
[Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys [-] --> Trovato
[Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys [-] --> Trovato
[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys [-] --> Trovato
[Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys [-] --> Trovato
[Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys [-] --> Trovato
[Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys [-] --> Trovato
[Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys [-] --> Trovato
[Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys [-] --> Trovato
[Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys [-] --> Trovato
[Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys [-] --> Trovato
[Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys [-] --> Trovato
[Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys [-] --> Trovato
[Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys [-] --> Trovato
[Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys [-] --> Trovato
[Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys [-] --> Trovato
[Faked.Drv][FILE] viaagp.sys : C:\WINDOWS\system32\drivers\viaagp.sys [-] --> Trovato
[Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys [-] --> Trovato
[Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys [-] --> Trovato
[Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys [-] --> Trovato
[Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys [-] --> Trovato
[Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys [-] --> Trovato
[Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys [-] --> Trovato
[Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys [-] --> Trovato
[Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys [-] --> Trovato
[Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys [-] --> Trovato
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys [-] --> Trovato
[Faked.Drv][FILE] sisagp.sys : C:\WINDOWS\system32\drivers\sisagp.sys [-] --> Trovato
[Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys [-] --> Trovato
[Faked.Drv][FILE] sffp_mmc.sys : C:\WINDOWS\system32\drivers\sffp_mmc.sys [-] --> Trovato
[Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys [-] --> Trovato
[Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys [-] --> Trovato
[Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys [-] --> Trovato
[Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys [-] --> Trovato
[Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys [-] --> Trovato
[Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys [-] --> Trovato
[Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys [-] --> Trovato
[Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys [-] --> Trovato
[Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys [-] --> Trovato
[Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys [-] --> Trovato
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys [-] --> Trovato
[Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys [-] --> Trovato
[Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys [-] --> Trovato
[Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys [-] --> Trovato
[Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys [-] --> Trovato
[Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys [-] --> Trovato
[Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys [-] --> Trovato
[Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys [-] --> Trovato
[Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys [-] --> Trovato
[Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys [-] --> Trovato
[Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys [-] --> Trovato
[Faked.Drv][FILE] hdaudbus.sys : C:\WINDOWS\system32\drivers\hdaudbus.sys [-] --> Trovato
[Faked.Drv][FILE] gagp30kx.sys : C:\WINDOWS\system32\drivers\gagp30kx.sys [-] --> Trovato
[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys [-] --> Trovato

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2014N +++++
--- User ---
[MBR] f9d0deff7e5060156e7432f321cb3de7
[BSP] e041aa5b3fc6215d0ac8bccbe91dbf09 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05242013_02d2003.txt >>
RKreport[1]_S_05242013_02d2003.txt




Time : 24/05/2013 20:03:24
--------------------------
[AGRSMMSG.EXE.vir] -> C:\WINDOWS\AGRSMMSG.exe

#14 Mr 4011

Mr 4011

    Terribilus

  • Vice Admin
  • 2567 Messaggi:
  • Sesso:

Inviato 25 May 2013 - 07:56 AM

Ciao fedegiu
Leggere attentamente queste istruzioni per familiarizare con questo strumento
Fare riferimento a Questa Guida
Scarica ComboFix da una delle seguenti posizioni:
Link 1
Link 2
 
* IMPORTANTE-Salva ComboFix.exe sul Desktop
================================================== ==
disattivare antivirus e antispyware , in quanto interferiscono con gli strumenti di rimozione.
Se non siete sicuri su come effettuare questa operazione, fare riferimento al nostro argomento: disabilitare le applicazioni di sicurezza
====================================================
 
Fare doppio clic su ComboFix.exe e seguire le istruzioni.
  • Come parte del suo processo, ComboFix verificare se il ripristino di Microsoft Windows Console è installato. Con infezioni da malware che sono come lo sono oggi, è fortemente raccomandato di avere questo pre-installato sul computer prima di eseguire qualsiasi rimozione di malware. Essa vi permetterà di avviare in uno speciale di recupero / riparazione modalità che ci permetterà di aiutare più facilmente il vostro computer dovrebbe avere un problema dopo un tentativo di rimozione di malware.
     
  • Seguire le istruzioni per consentire ComboFix per scaricare e installare la Console di ripristino di Microsoft Windows, e, quando richiesto, accetta di End-User License Agreement per installare la Recovery Console di Microsoft Windows.
** Si prega di notare:. Se il Console di ripristino di Microsoft Windows è già installato, ComboFix continuerà le sue procedure di rimozione di malware
 
Immagine inserita
 
Una volta che il ripristino di Microsoft Windows Console viene installato utilizzando ComboFix, si dovrebbe vedere il seguente messaggio:
 
Immagine inserita
 
Fare clic su Sì, per continuare la scansione alla ricerca di malware.
Al termine, si deve produrre un registro per voi. Si prega di includere il C:\ComboFix.txt nella risposta successiva per un'ulteriore revisione.
 

#15 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 04 June 2013 - 07:06 AM

ciao a tutti e in particolare a mr 4011 che mi sta aiutando. scusate per il periodo di assenza ma sono diventato papà per la seconda volta e non sono riuscito a seguire il forum.
Abbiate un pò di pazienza, appena trovo 1 ora faccio il passaggio con combofix e invio il registro.
Una domanda: dove viene generato il file .txt da combofix? su C: , sul desktop o dove?
grazie saluti

#16 Pike

Pike

    Illuminato

  • Vice Admin
  • 7665 Messaggi:
  • Sesso:

Inviato 04 June 2013 - 07:21 AM

In C:
Congratulazioni per la recente nascita :)

#17 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 24 June 2013 - 07:01 AM

finalmente sono riuscito a riaccandere il pc.
ho eseguito combofix però il file che mi ha generato in c: non mi sembra un file txt, mi sembra una cartella. Ho provato ad allegarlo ma mi dice che è impossibile perchè non ci sono le autorizzazioni necessarie ad aprire il file
Come posso fare?
Quando riuscirò ad avere qualche risposta ai problemi?
grazie per la collaborazione e per la pazienza ma non ho più il tempo che avevo prima per il pc

#18 fedegiu

fedegiu

    Iniziato

  • Utenti
  • Pip
  • 11 Messaggi:
  • Sesso:

Inviato 28 June 2013 - 06:27 AM

ciao a tutti.
Per favore c'è qualcuno che può darmi qualche risposta in modo da finire tutti i controlli del caso?
E' un po' che non sento più nessuno....
grazie






0 utente(i) stanno leggendo questa discussione

utenti, ospiti, utenti anonimi

Coded for IP.Board 3.2 by Scott Jones of the TheDanzorLabs - Web Design and Development