shampo

WinGirls
 Visualizza profilo  Vedi la sua attività

  • Numero contenuti

    200

  • Iscritto

  • Ultima visita

Tutti i contenuti di shampo

  1. Non Si Avvia Come Sempre Il Computer

    shampo ha risposto a shampo nel forum Windows 7

    scusa ma non riesco a trovare quello che mi dici,nella bios nn c è

  2. Sii Avvia Stranamente

    shampo ha aggiunto un topic in HiJackThis - Posta qui i Log

    a me quando si avvia viene cosi http://forum.eeepc.i...ic.php?id=13100 e va tutto rilento posto il mio file grazie Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:50:27, on 25/10/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/p/?LinkId=255141"]http://go.microsoft..../?LinkId=255141[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7811 bytes

  3. Non Si Avvia Come Sempre Il Computer

    shampo ha risposto a shampo nel forum Windows 7

    scusami ma non ho capito un tubo,se io spengo il pc e lo riaccendo dop un oretta mi parte normalmente se lo riaccendo domani mi fa quel problema

  4. Non Si Avvia Come Sempre Il Computer

    shampo ha risposto a shampo nel forum Windows 7

    a me quando si avvia viene cosi http://forum.eeepc.it/viewtopic.php?id=13100

  5. Non Si Avvia Come Sempre Il Computer

    shampo ha risposto a shampo nel forum Windows 7

    ho paura di si ma come procedere?

  6. Non Si Avvia Come Sempre Il Computer

    shampo ha risposto a shampo nel forum Windows 7

    la data e l ora funzionano,ho fatto anche il ripristino.niente per far avviare il pc devo cliccare f 2
  7. buonasera,vorrei ritagliare una sagoma di una foto per metterla su uno sfondo,programmi online ci sono ? grazie ciao
  8. buonasera,quando apro chrome mi trovo nella barra babylon,cerco di disistallarlo,ma non lo trovo,vi allego il post grazie Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:45, on 24/07/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Users\rosy\AppData\Roaming\cacaoweb\cacaoweb.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\SysWOW64\DllHost.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKCU\..\Run: [cacaoweb] "C:\Users\rosy\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer O4 - HKCU\..\Run: [Google Update] "C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8338 bytes
  9. scusate,vi riposto il mio logfile.perchè il pc fa fatica carica molto lentamente,e internet a volte non mi apre le pagine che succe de? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:49:29, on 31/07/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\eMule\emule.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\rosy\AppData\Local\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) grazieeeeee

  10. Aprire Le Porte Di Emule

    shampo ha aggiunto un topic in P2P e File Sharing

    buonasera,dopo tanto tempo sono andata ad aprire emule,ma le freccette rimangono gialle,altre volte sono andata nel mio router pirelli telecom.ad aprire le porte,oggi sono rientrata nella pagina del router http://192.168.1.1/ , ma mi sono ritrovata una pagina nuova e complicata ,dove devo andare per aprire le porte? grazie

  11. Aprire Le Porte Di Emule

    shampo ha risposto a shampo nel forum P2P e File Sharing

    Dettagli modem Dettagli Identificativi Modem Informazioni di dettaglio ad uso Telecom Italia Nome Alice Gate VoIP Versione hardware F10 Versione globale ciao
  12. non ci ho capito nulla,comunque grazie,sono riuscita a togliere babylon ciaoooo e grazie ancora
  13. ciao,scusa che significa HJT per Windows 7 non è molto indicato, meglio usare DDS.cosa dovrei fare,comunque grazie con adwcleaner sono riuscita a togliere babylon,cacao web nn lo vedo va tolto? eppoi scusa versione vecchia ma di cosa? di chrome? grazie ancora,posto il file....... SpyBot Search And Destroy non ha trovato niente # AdwCleaner v2.306 - Logfile creato il 25/07/2013 alle 14:31:41 # Aggiornamento 19/07/2013 by Xplode # Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits) # Utente : rosy - ROSY-PC # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\rosy\Desktop\adwcleaner.exe # Opzioni [Elimina] ***** [servizi] ***** ***** [File / Cartelle] ***** Cartella Eliminato : C:\Program Files (x86)\1ClickDownload Cartella Eliminato : C:\ProgramData\Tarma Installer Cartella Eliminato : C:\Users\rosy\AppData\Roaming\cacaoweb Cartella Eliminato : C:\Users\rosy\AppData\Roaming\DSite Cartella Eliminato : C:\Users\rosy\AppData\Roaming\Mozilla\Firefox\Profiles szygzfs.default\extensions\cacaoweb@cacaoweb.org Cartella Eliminato : C:\Users\rosy\AppData\Roaming\OpenCandy Cartella Eliminato : C:\Users\rosy\AppData\Roaming\pdfforge File Eliminato : C:\Users\rosy\Desktop\cacaoweb.exe ***** [Registro] ***** Chiave Eliminata : HKCU\Software\cacaoweb Chiave Eliminata : HKCU\Software\ChatZum Toolbar Chiave Eliminata : HKCU\Software\Conduit Chiave Eliminata : HKCU\Software\InstallCore Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Chiave Eliminata : HKCU\Software\SmartbarLog Chiave Eliminata : HKCU\Software\Softonic Chiave Eliminata : HKCU\Software\YahooPartnerToolbar Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57} Chiave Eliminata : HKLM\Software\ChatZum Toolbar Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chiave Eliminata : HKLM\Software\Offerbox Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Chiave Eliminata : HKLM\SOFTWARE\Software Chiave Eliminata : HKLM\SOFTWARE\Tarma Installer Valore Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb] Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [browser Internet] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registro Pulito. -\\ Mozilla Firefox v20.0.1 (it) File : C:\Users\rosy\AppData\Roaming\Mozilla\Firefox\Profiles szygzfs.default\prefs.js C:\Users\rosy\AppData\Roaming\Mozilla\Firefox\Profiles szygzfs.default\user.js ... Eliminato ! [OK] File Pulito. -\\ Google Chrome v28.0.1500.72 File : C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Preferences Eliminata [l.2929] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=7867001B[...] -\\ Opera v12.15.1748.0 File : C:\Users\rosy\AppData\Roaming\Opera\Opera\operaprefs.ini Eliminata : Home URL=hxxp://mystart.incredibar.com/mb201?a=6OyYnMDLqm&i=26 ************************* AdwCleaner[R1].txt - [6172 octets] - [25/07/2013 14:29:53] AdwCleaner[R2].txt - [6291 octets] - [25/07/2013 14:31:28] AdwCleaner[s1].txt - [343 octets] - [25/07/2013 14:30:15] AdwCleaner[s2].txt - [6083 octets] - [25/07/2013 14:31:41] ########## EOF - C:\AdwCleaner[s2].txt - [6143 octets] ##########
  14. ciao,ho un pc fisso con installato windows 7, da poco tempo quando lo accendo non si avvia.le luci sn tutte accese ma la schermata non parte,dopo vari tentativi,accendi spegni allora a fatica parte,poi quando vado a chiudere si blocca su arresto del sistema,che succede? ho fatto la scansione con spy bot e mi ha trovato SWETLM WIN 32 ZURFACE BHO li correggo e la volta dopo li ritrovo allego il mio log grazie hijackthis.log
  15. ciao,per ora funziona,grazie di tutto
  16. OTL logfile created on: 26/02/2013 22:00:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,31% Memory free 8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 460,57 Gb Total Space | 296,71 Gb Free Space | 64,42% Space Free | Partition Type: NTFS Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rosy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\pdf.dll () MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\libglesv2.dll () MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\libegl.dll () MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ffmpegsumo.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV:64bit: - (A5AGU) -- C:\Windows\SysNative\drivers\AGUx64.sys (Atheros Communications, Inc.) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57} IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=IT&install_date=20120603&user_guid=985E3F5A4D644327BD681BEF39B4761B&machine_id=423dba73537c70de0e33a7139f9c55ad&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rosy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rosy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/18 10:53:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/09/16 13:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Yahoo! Italia (Enabled) CHR - default_search_provider: search_url = http://it.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = http://it-sayt.ff.search.yahoo.com/gossip-it-sayt?output=fxjson&command={searchTerms} CHR - homepage: about:blank CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\gcswf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\ CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: TLRemove = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbdakecjcgadccddooobabgalbdfpdl\1.1.0_0\ CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\ CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: TLRemove = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbdakecjcgadccddooobabgalbdfpdl\1.1.0_0\ CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/02/10 20:01:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE42BE-D122-4A8E-9CCD-BAB2D224A855}: DhcpNameServer = 62.101.93.101 83.103.25.250 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/26 21:55:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rosy\Desktop\OTL.exe [2013/02/25 21:57:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/25 15:40:46 | 000,000,000 | ---D | C] -- C:\Windows emp [2013/02/25 15:32:51 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/02/20 21:54:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/02/20 21:54:09 | 000,000,000 | ---D | C] -- C:\JRT [2013/02/19 22:02:17 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\rosy\Desktop\JRT.exe [2013/02/18 23:27:03 | 000,000,000 | ---D | C] -- C:\40100a38779b122341 [2013/02/18 21:47:44 | 002,347,384 | ---- | C] (ESET) -- C:\Users\rosy\Desktop\esetsmartinstaller_enu.exe [2013/02/17 00:40:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/17 00:40:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/17 00:40:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/17 00:40:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/17 00:40:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/17 00:40:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/17 00:40:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/17 00:40:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/17 00:40:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/17 00:40:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/17 00:40:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/17 00:40:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/17 00:40:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/17 00:40:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/17 00:40:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/16 23:14:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/16 23:14:22 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/16 23:14:21 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/16 23:13:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/16 23:13:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/16 23:13:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/16 23:13:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/16 23:13:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/16 23:13:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/16 23:13:48 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/10 19:54:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/10 19:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/10 19:54:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/10 19:43:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/10 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (7) [2013/02/10 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (6) [2013/02/07 20:05:36 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/07 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLineRemove [2013/02/05 12:38:24 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/02/05 12:38:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/02/05 12:37:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/02/05 12:37:29 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/02/05 12:37:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/02/05 12:37:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/02/05 12:37:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/02/05 12:37:10 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/02/05 12:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/02/05 12:37:09 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/02/05 12:37:08 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/02/05 12:37:08 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/02/05 12:37:07 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/02/05 12:37:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/02/05 12:36:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/02/05 12:36:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/02/05 12:36:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/02/05 12:32:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/02/05 12:32:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/02/05 12:32:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/02/05 12:32:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/02/05 12:32:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/02/05 12:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/02/05 12:32:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/02/05 12:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/02/05 12:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/02/05 12:32:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/02/05 12:32:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/02/05 12:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/02/05 12:32:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/02/05 12:32:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/05 12:32:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/02/05 12:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/02/05 12:32:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/02/05 12:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/02/05 12:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/02/05 12:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/02/05 12:32:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/05 12:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/02/05 12:26:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative askhost.exe [2013/02/05 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Apps [2013/02/05 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Deployment [2013/02/05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (2) ========== Files - Modified Within 30 Days ========== [2013/02/26 21:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rosy\Desktop\OTL.exe [2013/02/26 21:40:00 | 000,001,146 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineUA.job [2013/02/26 21:22:00 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job [2013/02/26 21:19:01 | 000,001,156 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job [2013/02/26 21:19:00 | 000,001,104 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job [2013/02/26 20:46:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/26 20:46:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/26 20:39:26 | 000,001,142 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineCore.job [2013/02/26 20:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/26 20:38:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2013/02/23 12:42:56 | 001,549,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/23 12:42:56 | 000,701,188 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/02/23 12:42:56 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/23 12:42:56 | 000,128,534 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/02/23 12:42:56 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/21 20:06:13 | 000,241,510 | ---- | M] () -- C:\Users\rosy\Desktop\foto 2.JPG [2013/02/21 20:06:07 | 000,146,217 | ---- | M] () -- C:\Users\rosy\Desktop\foto 1.JPG [2013/02/21 20:04:02 | 000,037,212 | ---- | M] () -- C:\Users\rosy\Desktop\VICARIO.pdf [2013/02/19 22:04:38 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\rosy\Desktop\JRT.exe [2013/02/18 21:47:45 | 002,347,384 | ---- | M] (ESET) -- C:\Users\rosy\Desktop\esetsmartinstaller_enu.exe [2013/02/18 21:14:10 | 000,490,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 23:10:37 | 000,000,580 | ---- | M] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh [2013/02/13 20:22:41 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/13 20:22:41 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/10 20:01:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/07 20:10:16 | 000,002,366 | ---- | M] () -- C:\Users\rosy\Desktop\Google Chrome.lnk [2013/02/05 14:06:08 | 000,205,892 | ---- | M] () -- C:\Users\rosy\Desktop\902086243.PDF [2013/02/05 12:09:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2013/02/21 20:06:12 | 000,241,510 | ---- | C] () -- C:\Users\rosy\Desktop\foto 2.JPG [2013/02/21 20:06:07 | 000,146,217 | ---- | C] () -- C:\Users\rosy\Desktop\foto 1.JPG [2013/02/21 20:04:00 | 000,037,212 | ---- | C] () -- C:\Users\rosy\Desktop\VICARIO.pdf [2013/02/10 19:54:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/10 19:54:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/10 19:54:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/10 19:54:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/10 19:54:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/07 20:09:32 | 000,001,156 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job [2013/02/07 20:09:31 | 000,001,104 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job [2013/02/07 20:05:36 | 000,002,366 | ---- | C] () -- C:\Users\rosy\Desktop\Google Chrome.lnk [2013/02/05 14:05:37 | 000,205,892 | ---- | C] () -- C:\Users\rosy\Desktop\902086243.PDF [2012/11/11 16:44:02 | 000,000,543 | ---- | C] () -- C:\Windows\EvvivaRG.ini [2012/11/11 16:43:56 | 000,000,598 | ---- | C] () -- C:\Windows\NEXTRG.INI [2012/11/11 16:42:39 | 000,000,302 | ---- | C] () -- C:\Windows\FinsonLiveUpdate.ini [2012/11/11 16:34:06 | 000,000,061 | ---- | C] () -- C:\Windows\FINSON.INI [2012/09/16 13:15:12 | 000,000,001 | ---- | C] () -- C:\Users\rosy\AppData\Local\llftool.4.25.agreement [2012/08/03 14:01:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/08/01 15:12:56 | 000,000,580 | ---- | C] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh [2012/06/11 13:45:21 | 001,568,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/03 21:21:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012/06/03 20:26:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/06/03 00:26:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtRFull\L [2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtVFull\L [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > ciao
  17. se non rispondo non mi fa vedere niente
  19. rr
  20. rieccomi questo è il nuovo ComboFix 13-02-24.01 - rosy 25/02/2013 15:35:03.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2887 [GMT 1:00] Eseguito da: C:\Users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe Opzioni usate :: C:\Users\rosy\Desktop\cfscript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino ((((((((((((((((((((((((( Files Creati Da 2013-01-25 al 2013-02-25 ))))))))))))))))))))))))))))))))))) 2013-02-25 14:40:46 . 2013-02-25 14:40:46 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-02-22 19:32:45 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3FFB722-E950-4F7E-931C-300DCDF74E3E}\mpengine.dll 2013-02-20 20:54:16 . 2013-02-20 20:54:16 -------- d-----w- C:\Windows\ERUNT 2013-02-20 20:54:09 . 2013-02-20 20:54:09 -------- d-----w- C:\JRT 2013-02-18 22:27:03 . 2013-02-18 22:27:13 -------- d-----w- C:\40100a38779b122341 2013-02-16 23:42:36 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:42:36 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 22:14:24 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-02-16 22:14:22 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-16 22:14:21 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-16 22:14:11 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys 2013-02-16 22:13:56 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll 2013-02-16 22:13:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-16 22:13:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-16 22:13:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-16 22:13:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-16 22:13:54 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-16 22:13:49 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-02-16 22:13:48 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2013-02-07 18:28:47 . 2013-02-13 22:13:00 -------- d-----w- C:\Program Files (x86)\TimeLineRemove 2013-02-05 11:38:24 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll 2013-02-05 11:38:23 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-02-05 11:36:59 . 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\system32\pegi-fi.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:41 23552 ----a-w- C:\Windows\SysWow64\oflc.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:40 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:36 51712 ----a-w- C:\Windows\SysWow64\esrb.rs 2013-02-05 11:36:58 . 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\system32\oflc.rs 2013-02-05 11:36:58 . 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\system32\cero.rs 2013-02-05 11:36:58 . 2012-12-07 10:46:36 55296 ----a-w- C:\Windows\SysWow64\cero.rs 2013-02-05 11:26:20 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe 2013-02-05 11:26:00 . 2013-02-05 11:26:00 -------- d-----w- C:\Users\rosy\AppData\Local\Apps 2013-02-05 11:25:57 . 2013-02-05 11:37:39 -------- d-----w- C:\Users\rosy\AppData\Local\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-02-16 23:42:52 . 2012-06-03 22:19:07 70004024 ----a-w- C:\Windows\system32\MRT.exe 2013-02-13 19:22:41 . 2012-06-03 19:18:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-13 19:22:41 . 2012-06-03 19:18:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 00:28:58 . 2012-06-03 09:49:12 273840 ------w- C:\Windows\system32\MpSigStub.exe 2013-01-04 04:43:21 . 2013-02-16 22:13:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 . 2012-12-20 19:06:20 46080 ----a-w- C:\Windows\system32\atmlib.dll 2012-12-16 14:45:03 . 2012-12-20 19:06:19 367616 ----a-w- C:\Windows\system32\atmfd.dll 2012-12-16 14:13:28 . 2012-12-20 19:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 . 2012-12-20 19:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 15:49:28 . 2012-06-03 21:30:56 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576] R3 PAC207;Trust 100K Series Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 11:17:10 686592] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 11:42:54 52736] R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-03 10:38:46 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2009-08-18 00:36:20 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368] S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\system32\DRIVERS\AGUx64.sys [2007-03-27 16:06:48 1021440] Contenuto della cartella 'Scheduled Tasks' 2013-02-25 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:18:30 . 2013-02-13 19:22:42] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53] 2013-02-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job - C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job - C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:57:11 444752 ----a-w- C:\Windows\System32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll ------- Scansione supplementare ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.google.com mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
  21. rieccomi questo è il nuovo ComboFix 13-02-24.01 - rosy 25/02/2013 15:35:03.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2887 [GMT 1:00] Eseguito da: C:\Users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe Opzioni usate :: C:\Users\rosy\Desktop\cfscript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Creato nuovo punto di ripristino ((((((((((((((((((((((((( Files Creati Da 2013-01-25 al 2013-02-25 ))))))))))))))))))))))))))))))))))) 2013-02-25 14:40:46 . 2013-02-25 14:40:46 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-02-22 19:32:45 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3FFB722-E950-4F7E-931C-300DCDF74E3E}\mpengine.dll 2013-02-20 20:54:16 . 2013-02-20 20:54:16 -------- d-----w- C:\Windows\ERUNT 2013-02-20 20:54:09 . 2013-02-20 20:54:09 -------- d-----w- C:\JRT 2013-02-18 22:27:03 . 2013-02-18 22:27:13 -------- d-----w- C:\40100a38779b122341 2013-02-16 23:42:36 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 23:42:36 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-16 22:14:24 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-02-16 22:14:22 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-16 22:14:21 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-16 22:14:11 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys 2013-02-16 22:13:56 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll 2013-02-16 22:13:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-16 22:13:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-16 22:13:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-16 22:13:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-16 22:13:54 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-16 22:13:49 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-02-16 22:13:48 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2013-02-07 18:28:47 . 2013-02-13 22:13:00 -------- d-----w- C:\Program Files (x86)\TimeLineRemove 2013-02-05 11:38:24 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll 2013-02-05 11:38:23 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-02-05 11:36:59 . 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\system32\pegi-fi.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:41 23552 ----a-w- C:\Windows\SysWow64\oflc.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:40 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs 2013-02-05 11:36:59 . 2012-12-07 10:46:36 51712 ----a-w- C:\Windows\SysWow64\esrb.rs 2013-02-05 11:36:58 . 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\system32\oflc.rs 2013-02-05 11:36:58 . 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\system32\cero.rs 2013-02-05 11:36:58 . 2012-12-07 10:46:36 55296 ----a-w- C:\Windows\SysWow64\cero.rs 2013-02-05 11:26:20 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe 2013-02-05 11:26:00 . 2013-02-05 11:26:00 -------- d-----w- C:\Users\rosy\AppData\Local\Apps 2013-02-05 11:25:57 . 2013-02-05 11:37:39 -------- d-----w- C:\Users\rosy\AppData\Local\Deployment . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-02-16 23:42:52 . 2012-06-03 22:19:07 70004024 ----a-w- C:\Windows\system32\MRT.exe 2013-02-13 19:22:41 . 2012-06-03 19:18:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-13 19:22:41 . 2012-06-03 19:18:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 00:28:58 . 2012-06-03 09:49:12 273840 ------w- C:\Windows\system32\MpSigStub.exe 2013-01-04 04:43:21 . 2013-02-16 22:13:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 . 2012-12-20 19:06:20 46080 ----a-w- C:\Windows\system32\atmlib.dll 2012-12-16 14:45:03 . 2012-12-20 19:06:19 367616 ----a-w- C:\Windows\system32\atmfd.dll 2012-12-16 14:13:28 . 2012-12-20 19:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 . 2012-12-20 19:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 15:49:28 . 2012-06-03 21:30:56 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576] R3 PAC207;Trust 100K Series Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 11:17:10 686592] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 11:42:54 52736] R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-03 10:38:46 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2009-08-18 00:36:20 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368] S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\system32\DRIVERS\AGUx64.sys [2007-03-27 16:06:48 1021440] Contenuto della cartella 'Scheduled Tasks' 2013-02-25 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:18:30 . 2013-02-13 19:22:42] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53] 2013-02-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job - C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28] 2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job - C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-05 01:57:11 444752 ----a-w- C:\Windows\System32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll ------- Scansione supplementare ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.google.com mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
  22. ciao per puro caso ho visto la tua risposta,perchè ho inviato il messaggio e mi è apparsa,altrimenti quando apro è ferma a questa risposta Inviato 17 February 2013 - 17:11 PM scusami,ma mi ci sta buttando di fuori,mi si apre il file e non mi fa fare il copia incolla,se vado nella cartella mi copia quello che ti ho inviato,rifaccio un altra prova,grrrrrrrrrrr ciao grazie e la tua risposta mi da parole strane non so se copiandola te le da anche a te vedi Inviato 21 Febbraio 2013 - 08:00 Ciao Shampo ripeti This PROCEDURA nia dettagli apri il Blocco note copia il testo following e salvalo, chiamandolo cfscript DDS :: MStart Pagina = hxxp : / / search . chatzum . COM /col il mouse trascina il file di CFScript.txt sull'icona rossa di ComboFix Lascia Lavorare il Programma delle Nazioni Unite Finito Verra Creato ComboFix.txt log nuovo, postaloFammi Sapere poi come va il Tuo pc e se ci Sono, Quli problemi riscontri
  23. ho risposto ma nn arrivano i messaggi o nn li vedo io
  24. Junkware Removal Tool (JRT) by Thisisu Version: 4.6.5 (02.18.2013:1) OS: Windows 7 Home Premium x64 Ran by rosy on 20/02/2013 at 21:54:18,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2570973293-931428272-2817982780-1000\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater Successfully deleted: [Registry Key] hkey_current_user\software\im Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\rosy\appdata\local\smartbar" Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro" ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20/02/2013 at 22:06:41,49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  25. a scusa ho postato 2 volte nn mi funzionava,ok seguo il suggerimento,grazie ciao