Accedi per seguire   
Seguaci 0
margheritalopa

Rilevazione Trojan (Risolto)

16 messaggi in questa discussione

Ciao a tutti,torno dopo un pò di tempo a chiedere nuovamente il vostro aiuto.

durante la scansione il mio antivirus ha rilevato la presenza di questo trojan: TR/Dldr.OpenConnection.JI che ho messo in quarantena ,ma non mi sento troppo tranquilla.

il mio antivirus è avira internet security 2012 e li mio os è window 7 64 bit.

qualcuno pyò suggerirmi cosa fare?Grazie :rolleyes:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla ben ritrovata :laving4:

Esegui quanto ti dico:

In primo luogo abbiamo bisogno di rendere file e cartelle visibili:

Andare su Start> Pannello di controllo> Opzioni cartella> Visualizzazione

Scegliere "Visualizza cartelle e file nascosti"

Deselezionare "Nascondi i file protetti di sistema" e "Nascondi le estensioni per i tipi di file conosciuti" .

Chiudere la finestra con OK

Download aswMBR da quì

  • Salva aswMBR.exe sul tuo Desktop
  • Doppio click su aswMBR.exe per eseguirlo
  • Click su Scan per iniziare la scansione come illustrato di seguito

aswMBR_Scan.jpg

Nota: Non prendere nessun provvedimento contro **Rootkit** fino a quando non ho esaminato il log Spesso ci sono falsi positivi

  • Una volta terminata la scansione click suSave log per salvare il log sul Desktop
    aswMBR_SaveLog.png
  • Copia/incolla il contenuto di aswMBR.txt nella tua prossima risposta.

  • Scarica OTL sul tuo desktop.
  • Doppio click sull'icona per eseguirlo. Assicurati che tutte le altre finestre sono chiuse per farlo funzionare senza interruzioni
  • Quando ti appare l'interfaccia del programma, nella sezione Output seleziona Minimal Output.
  • Metti un segno di spunta a LOP Check e Purity Check.
  • Click su Run Scan Non modificare le impostazioni salvo se istruito a farlo. La scansione durera' un po' di tempo, abbi pazienza
    • Quando la scansione è completata, si aprirnno due registri.OTL.Txt ad Extras.Txt.
      Nota:Questi log si possono trovare nella cartella OTL. in C:\ drive se l'apertura automatica dovesse fallire.
    • Copia (Copia/Incolla) il contenuto di questifile, uno per volta e postali nella tua prossima risposta.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Grazie mille Mr 4011 :rolleyes: penso di aver fatto tutto come mi hai suggerito!

ti allego i report e aspetto nuove istruzioni.

PS questa* istruzione che mi hai dato,devo riportarla alle impostazioni precedenti?

*(Deselezionare "Nascondi i file protetti di sistema" e "Nascondi le estensioni per i tipi di file conosciuti" .)

grazie ancora

OTL Extras logfile created on: 04/04/2012 15:58:28 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\margherita\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 72,52% Memory free

7,86 Gb Paging File | 6,59 Gb Available in Paging File | 83,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,99 Gb Total Space | 210,76 Gb Free Space | 73,70% Space Free | Partition Type: NTFS

Drive E: | 37,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 982,13 Mb Total Space | 257,11 Mb Free Space | 26,18% Space Free | Partition Type: FAT

Computer Name: SWEET-LAVINIA | User Name: margherita | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java 6 Update 26 (64-bit)

"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A6BCD460-2E8A-4FB0-83AB-E022008D2E64}" = Software di base della periferica HP Deskjet 1050 J410 series

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E74E5F27-87B5-4E2A-82D4-DB1C11A2FF9C}" = Studio per il miglioramento del prodotto HP Deskjet 1050 J410 series

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works

"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series ?

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007

"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007

"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007

"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{7B241DBB-A985-46B4-866B-DD59E0284032}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007

"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007

"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007

"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007

"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0410-1000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007

"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007

"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007

"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007

"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007

"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007

"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007

"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Italiano

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"3 Internet" = 3 Internet

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Any Video Converter_is1" = Any Video Converter 3.1.8

"Avira AntiVir Desktop" = Avira Internet Security 2012

"GDpoker JPC_is1" = GDpoker JPC 1.0.0

"Google Chrome" = Google Chrome

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"Identity Card" = Identity Card

"Inkscape" = Inkscape 0.48.1

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0

"LManager" = Launch Manager

"Mozilla Firefox 11.0 (x86 it)" = Mozilla Firefox 11.0 (x86 it)

"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano

"PartyPokerIt" = PartyPoker.it

"PokerStars.it" = PokerStars.it

"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver

"VLC media player" = VLC media player 1.1.11

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

di seguito asw MBR .txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-04 15:49:31

-----------------------------

15:49:31.952 OS Version: Windows x64 6.1.7601 Service Pack 1

15:49:31.952 Number of processors: 2 586 0x170A

15:49:31.953 ComputerName: SWEET-LAVINIA UserName: margherita

15:49:32.926 Initialize success

15:50:15.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:50:15.843 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

15:50:15.862 Disk 0 MBR read successfully

15:50:15.866 Disk 0 MBR scan

15:50:15.871 Disk 0 Windows 7 default MBR code

15:50:15.876 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63

15:50:15.894 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855

15:50:15.906 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292850 MB offset 25382700

15:50:15.921 Disk 0 scanning C:\Windows\system32\drivers

15:50:26.295 Service scanning

15:50:49.322 Modules scanning

15:50:49.337 Disk 0 trace - called modules:

15:50:49.365 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

15:50:49.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800576b060]

15:50:49.717 3 CLASSPNP.SYS[fffff88001b5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004754050]

15:50:49.725 Scan finished successfully

15:52:14.106 Disk 0 MBR has been saved successfully to "C:\Users\margherita\Desktop\MBR.dat"

15:52:14.113 The log file has been saved successfully to "C:\Users\margherita\Desktop\aswMBR.txt"

OTL.Txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla :thumbsup5:

Un piccolo particolare, la prossima volta copia/incolla tutti e due i log, anche due post vanno bene, Ok? :laving4:

772.png Backup del Registro con ERUNT

Questo strumento crea un backup completo del registro. Il backup deve essere eseguito per essere sicuri nel caso qualcosa vada storto di poter ripristinare il sistema senza nessunissimo problema . Non eliminare questi backup finché non si e' finito di lavorare.

  • Si prega di scaricare erunt-setup.exe e salvarlo sul desktop.
  • Doppio click su erunt-setup.exe. Se si usa windows vista, si prega di fare click destro e dal menu' scegliere "Esegui come Amministratore".
  • Seguire le istruzioni per installare ERUNT.
  • Confermate l'installazione nella posizione di default. (C:\Windows\ERUNT)
  • Rispondi positivamente alle richieste se si vuole creare una icona sul desktop e nel menu' di avvio
  • Avvia ERUNT quando l'installazione è terminata. Controllare tutti gli elementi da sottoporre a backup nel percorso predefinito e fare clic su OK.
  • Chiudere il programma quando il backup del registro e' completato.

Esegui OTL.exe

  • Copia/incolla il seguente testo scritto all'interno del box code, in Custom Scans/Fixes situato nella parte inferiore dell'interfaccia di OTL


:Services

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{0e7da45c-36cd-11e1-b542-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{0e7da45c-36cd-11e1-b542-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{116a2dfa-f008-11df-94ed-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{116a2dfa-f008-11df-94ed-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1ee79e5a-d6c5-11e0-b225-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee79e5a-d6c5-11e0-b225-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{22f7bf28-3aa4-11e0-94b8-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{22f7bf28-3aa4-11e0-94b8-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{23db92fa-8f6b-11e0-84da-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{23db92fa-8f6b-11e0-84da-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2f0e8a7b-ee84-11df-942b-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{2f0e8a7b-ee84-11df-942b-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44715f7b-d876-11e0-a1d4-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{44715f7b-d876-11e0-a1d4-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{493d5029-b221-11df-a020-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{493d5029-b221-11df-a020-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{54c70724-830a-11e0-91f8-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{54c70724-830a-11e0-91f8-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5848af25-d9d5-11df-bbcd-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{5848af25-d9d5-11df-bbcd-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7a26e658-9100-11e0-9573-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{7a26e658-9100-11e0-9573-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8186519a-c65a-11df-be68-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{8186519a-c65a-11df-be68-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8eecf569-ab88-11df-8953-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{8eecf569-ab88-11df-8953-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8fb7eb08-d6e8-11df-a7f3-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{8fb7eb08-d6e8-11df-a7f3-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8fb7eb18-d6e8-11df-a7f3-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{8fb7eb18-d6e8-11df-a7f3-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8fb7eb47-d6e8-11df-a7f3-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{8fb7eb47-d6e8-11df-a7f3-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9b029f22-e51e-11df-bb1d-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{9b029f22-e51e-11df-bb1d-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9dd11b6b-0b8d-11e0-8ede-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{9dd11b6b-0b8d-11e0-8ede-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{abe4e702-9cf2-11df-9572-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{abe4e702-9cf2-11df-9572-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c1627ee0-9d59-11df-bc53-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{c1627ee0-9d59-11df-bc53-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c6ab2d2f-abc8-11df-b9a5-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{c6ab2d2f-abc8-11df-b9a5-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c9b9a2f5-e45a-11df-94d9-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{c9b9a2f5-e45a-11df-94d9-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{daea2f61-add5-11df-b7a6-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{daea2f61-add5-11df-b7a6-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{de3e9be9-aaf3-11df-b75c-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{de3e9be9-aaf3-11df-b75c-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f33cb8f9-bdc8-11df-ad40-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{f33cb8f9-bdc8-11df-ad40-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fac63d7b-d7bf-11e0-a183-705ab6cf562d}\Shell - "" = AutoRun
O33 - MountPoints2\{fac63d7b-d7bf-11e0-a183-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot][/Code]

Fare clic sul pulsante Fix Run in alto

  • Lascia che il programma esegua il suo lavoro senza ostacoli, il riavvio sara' in automatico
  • Quindi esegui una nuova scansione e posta un[u][b] nuovo log OTL[/b][/u] (non selezionare le caselle accanto Verifica LOP o purity questa volta)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla :thumbsup5:

Un piccolo particolare, la prossima volta copia/incolla tutti e due i log, anche due post vanno bene, Ok? :laving4:

chiedo scusa per il pasticcio :laving4:

OTL logfile created on: 04/04/2012 19:59:49 - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\margherita\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,68% Memory free

7,86 Gb Paging File | 6,40 Gb Available in Paging File | 81,43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,99 Gb Total Space | 210,84 Gb Free Space | 73,73% Space Free | Partition Type: NTFS

Drive E: | 37,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 982,13 Mb Total Space | 257,11 Mb Free Space | 26,18% Space Free | Partition Type: FAT

Computer Name: SWEET-LAVINIA | User Name: margherita | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\3 Internet\3 Internet.exe ()

PRC - C:\Users\margherita\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

PRC - C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Windows\PLFSetI.exe ()

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Windows\ERUNT\AUTOBACK.EXE ()

PRC - C:\Windows\ERUNT\ERUNT.EXE ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\3 Internet\3 Internet.exe ()

MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\PLFSetI.exe ()

MOD - C:\Program Files (x86)\3 Internet\SMSPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\DialUpPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\DetectDev.dll ()

MOD - C:\Program Files (x86)\3 Internet\atcomm.dll ()

MOD - C:\Program Files (x86)\3 Internet\DeviceMgrPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\DeviceMgrUIPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\LocaleMgrPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\NotifyServicePlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\ConfigFilePlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\NetInfoPlugin.dll ()

MOD - C:\Program Files (x86)\3 Internet\NDISAPI.dll ()

MOD - C:\Program Files (x86)\3 Internet\DeviceOperate.dll ()

MOD - C:\Program Files (x86)\3 Internet\XCodec.dll ()

MOD - C:\Program Files (x86)\3 Internet\isaputrace.dll ()

MOD - C:\Program Files (x86)\3 Internet\FileManager.dll ()

MOD - C:\Windows\ERUNT\AUTOBACK.EXE ()

MOD - C:\Windows\ERUNT\ERUNT.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)

DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530241

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT391

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-IT Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323

FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.8.2

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/11 17:37:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2012/03/18 18:12:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins

[2010/07/31 18:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\margherita\AppData\Roaming\mozilla\Extensions

[2012/04/03 11:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\margherita\AppData\Roaming\mozilla\Firefox\Profiles\naywc65e.default\extensions

[2010/12/31 13:44:43 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\margherita\AppData\Roaming\mozilla\Firefox\Profiles\naywc65e.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

[2012/03/03 09:44:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\margherita\AppData\Roaming\mozilla\Firefox\Profiles\naywc65e.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/01/13 13:43:01 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\margherita\AppData\Roaming\mozilla\Firefox\Profiles\naywc65e.default\extensions\toolbar@ask.com

[2011/04/01 20:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/08/01 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/01 12:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/03 23:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2012/04/03 14:29:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 11\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011/12/11 17:37:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\MARGHERITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAYWC65E.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\MARGHERITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAYWC65E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\MARGHERITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAYWC65E.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI

() (No name found) -- C:\USERS\MARGHERITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAYWC65E.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI

[2011/05/02 20:34:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/02/03 23:44:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml

[2010/01/01 10:00:00 | 000,000,825 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml

[2010/01/01 10:00:00 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml

[2010/01/01 10:00:00 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: WOT = C:\Users\margherita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\margherita\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programmi\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programmi\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - Startup: C:\Users\margherita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Windows\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157

O9 - Extra Button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\margherita\Desktop\PartyPoker.it.lnk ()

O9 - Extra 'Tools' menuitem : PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - C:\Users\margherita\Desktop\PartyPoker.it.lnk ()

O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{339DE494-CA83-41A3-930F-484A2C309451}: NameServer = 62.13.173.92 62.13.173.93

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42010752-BD6A-4CF4-8ACB-FF791D7897FD}: DhcpNameServer = 62.13.173.92 62.13.173.93

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/05/29 03:48:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{539fa658-7e73-11e1-b53e-705ab6cf562d}\Shell - "" = AutoRun

O33 - MountPoints2\{539fa658-7e73-11e1-b53e-705ab6cf562d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 19:45:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/04 19:42:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/04 19:40:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/04/04 19:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/04/04 19:37:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\margherita\Desktop\erunt-setup.exe

[2012/04/04 18:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Internet

[2012/04/04 18:31:37 | 000,216,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys

[2012/04/04 18:31:37 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys

[2012/04/04 18:31:37 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys

[2012/04/04 18:31:37 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys

[2012/04/04 15:53:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\margherita\Desktop\OTL.exe

[2012/04/04 15:46:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\margherita\Desktop\aswMBR.exe

[2012/04/03 14:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/04/03 14:29:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/04/03 14:29:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/04/03 14:29:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/04/01 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/04/01 20:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/04/01 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/04/01 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/03/21 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\margherita\AppData\Local\{A646A983-FB7B-4F08-B215-57CCB4F82786}

[2012/03/21 20:15:39 | 000,000,000 | ---D | C] -- C:\Users\margherita\AppData\Local\{E99A3AD7-65F9-47DC-B8CE-71E81BF395C8}

[2012/03/19 15:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB_video_device

[2012/03/14 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\margherita\Documents\4eyeGrab_BDA_20091202

[2012/03/14 19:24:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/03/14 19:24:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/03/14 19:24:22 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/03/14 10:48:27 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/03/14 10:47:38 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012/03/14 10:47:38 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2012/03/14 10:47:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/03/14 10:47:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/03/14 10:47:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

========== Files - Modified Within 30 Days ==========

[2012/04/04 19:54:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/04 19:54:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/04 19:50:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/04 19:47:13 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/04 19:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/04 19:46:51 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/04 19:41:11 | 000,001,010 | ---- | M] () -- C:\Users\margherita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/04/04 19:40:54 | 000,000,830 | ---- | M] () -- C:\Users\margherita\Desktop\NTREGOPT.lnk

[2012/04/04 19:40:54 | 000,000,811 | ---- | M] () -- C:\Users\margherita\Desktop\ERUNT.lnk

[2012/04/04 19:37:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\margherita\Desktop\erunt-setup.exe

[2012/04/04 19:14:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job

[2012/04/04 18:34:23 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/04 18:34:23 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2012/04/04 18:34:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/04 18:34:23 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2012/04/04 18:34:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/04 18:31:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\3 Internet.lnk

[2012/04/04 15:53:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\margherita\Desktop\OTL.exe

[2012/04/04 15:52:14 | 000,000,512 | ---- | M] () -- C:\Users\margherita\Desktop\MBR.dat

[2012/04/04 15:46:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\margherita\Desktop\aswMBR.exe

[2012/04/03 14:54:15 | 000,002,308 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/04/03 14:28:48 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/04/03 14:28:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/04/03 14:28:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/04/03 14:28:47 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/04/01 20:03:09 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/04/01 20:00:54 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/24 22:47:37 | 000,003,862 | ---- | M] () -- C:\Users\margherita\Documents\cc_20120324_214734.reg

[2012/03/18 18:59:07 | 000,019,968 | ---- | M] () -- C:\Users\margherita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/18 18:48:24 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf

[2012/03/14 19:27:54 | 000,344,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/04 19:41:11 | 000,001,010 | ---- | C] () -- C:\Users\margherita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/04/04 19:40:54 | 000,000,830 | ---- | C] () -- C:\Users\margherita\Desktop\NTREGOPT.lnk

[2012/04/04 19:40:54 | 000,000,811 | ---- | C] () -- C:\Users\margherita\Desktop\ERUNT.lnk

[2012/04/04 18:31:42 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\3 Internet.lnk

[2012/04/04 15:52:14 | 000,000,512 | ---- | C] () -- C:\Users\margherita\Desktop\MBR.dat

[2012/04/01 20:00:54 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/24 22:47:36 | 000,003,862 | ---- | C] () -- C:\Users\margherita\Documents\cc_20120324_214734.reg

[2011/10/19 23:09:55 | 000,007,597 | ---- | C] () -- C:\Users\margherita\AppData\Local\Resmon.ResmonCfg

[2011/10/19 16:04:26 | 000,451,072 | ---- | C] () -- C:\Windows\emunist.exe

[2011/10/19 16:04:26 | 000,001,354 | ---- | C] () -- C:\Windows\TVEpaDrv.ini

[2011/09/27 23:44:10 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys

[2011/09/27 23:44:10 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys

[2011/09/27 23:44:10 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

[2011/09/27 23:44:10 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys

[2011/09/27 23:44:10 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys

[2011/09/27 23:44:09 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini

[2011/09/25 14:12:09 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

[2011/09/25 14:12:09 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini

[2011/07/20 20:27:06 | 000,000,517 | ---- | C] () -- C:\Users\margherita\AppData\Roaming\mainhst.zgh

[2011/06/14 23:45:32 | 000,000,000 | ---- | C] () -- C:\Users\margherita\AppData\Local\{7B264555-D55D-4E9E-B457-0D93BEE5F08B}

[2011/02/04 22:45:21 | 000,019,968 | ---- | C] () -- C:\Users\margherita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/04 22:44:05 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/02/04 22:44:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/02/04 22:44:03 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/02/04 22:44:03 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/02/04 22:44:03 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/10/07 18:24:36 | 000,000,638 | ---- | C] () -- C:\Users\margherita\AppData\Roaming\wklnhst.dat

[2010/09/16 21:23:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/11 19:36:38 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2010/07/31 18:23:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla :laving4:

Esegui Combofix

scarica Combofix [http://download.bleepingcomputer.com/sUBs/ComboFix.exe] sul desktop (guida)http://forum.wininizio.it/index.php?showtopic=98188

devi rinominare il file prima di salvarlo sul desktop in abc.exe

(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall

Premi OK

(se usi vista start > tutti i programmi accessori > esegui

se tutto va bene parte il programma che potrebbe impiegare molto

attendi pazientemente il termine delle operazioni e posta il report C:\ComboFix.txt.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao, Mr 4011 :rolleyes: ti posto il log di combofix

non riesco ad allegare, per cui ho fatto copia /incolla.

Grazie ancora per l'aiuto :anna:

ComboFix 12-04-05.06 - margherita 05/04/2012 15:34:01.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4026.2612 [GMT 2:00]

Eseguito da: c:\users\margherita\Desktop\abc.exe

Opzioni usate :: /killall

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2012-03-05 al 2012-04-05 )))))))))))))))))))))))))))))))))))

.

.

2012-04-05 13:42 . 2012-04-05 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-04 17:45 . 2012-04-04 17:45 -------- d-----w- C:\_OTL

2012-04-04 17:40 . 2012-04-04 17:41 -------- d-----w- c:\windows\ERUNT

2012-04-04 16:31 . 2009-09-10 13:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2012-04-04 16:31 . 2009-09-04 13:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2012-04-04 16:31 . 2009-07-24 13:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys

2012-04-04 16:31 . 2007-08-09 02:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2012-04-03 12:29 . 2012-04-03 12:29 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-03 07:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A7FF707-7B56-40D2-B3C9-B8DACD6CFF12}\mpengine.dll

2012-04-01 18:00 . 2012-04-01 18:00 -------- d-----w- c:\program files\iPod

2012-04-01 18:00 . 2012-04-01 18:00 -------- d-----w- c:\program files\iTunes

2012-04-01 18:00 . 2012-04-01 18:00 -------- d-----w- c:\program files (x86)\iTunes

2012-03-19 13:08 . 2012-03-19 13:08 -------- d-----w- c:\program files (x86)\USB_video_device

2012-03-14 17:24 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 17:24 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 17:24 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 08:48 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 08:48 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 08:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 08:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 08:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 08:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 08:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 08:47 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 12:28 . 2010-08-01 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-23 08:18 . 2010-09-28 15:08 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-19 04:56 . 2011-05-22 07:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 18:08 . 2011-12-17 14:32 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_12.58.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-03 04:04 . 2012-04-05 13:46 83114 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-04-05 11:24 46960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-05 13:46 46960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-07-31 22:32 . 2012-04-05 13:46 19790 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3919998075-3939336108-1583896329-1000_UserData.bin

+ 2012-04-05 13:44 . 2012-04-05 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-05 11:23 . 2012-04-05 11:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-05 11:23 . 2012-04-05 11:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-05 13:44 . 2012-04-05 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-04-05 10:42 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-05 13:43 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-10-23 23:19 . 2012-04-05 13:43 4293186 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3919998075-3939336108-1583896329-1000-8192.dat

- 2010-10-23 23:19 . 2012-04-05 10:42 4293186 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3919998075-3939336108-1583896329-1000-8192.dat

+ 2010-10-23 23:19 . 2012-04-05 13:43 1457528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3919998075-3939336108-1583896329-1000-12288.dat

- 2010-10-23 23:19 . 2012-04-05 10:42 1457528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3919998075-3939336108-1583896329-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-04 19:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-11 296056]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\margherita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\windows\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-31 135664]

R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-31 135664]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-12-16 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-16 342480]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-16 463824]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-31 16:26]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-31 16:26]

.

2012-04-05 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-09-08 09:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]

"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]

.

------- Scansione supplementare -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360810f105l0494z1i5t4502d74p

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\users\margherita\Desktop\PartyPoker.it.lnk

IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\users\margherita\AppData\Roaming\Mozilla\Firefox\Profiles\naywc65e.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/webhp?hl=it&tab=ww

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-3919998075-3939336108-1583896329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3919998075-3939336108-1583896329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

c:\program files (x86)\CDBurnerXP\NMSAccessU.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Ora fine scansione: 2012-04-05 15:59:11 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-04-05 13:59

ComboFix2.txt 2012-04-05 13:20

.

Pre-Run: 226.026.348.544 byte disponibili

Post-Run: 225.728.548.864 byte disponibili

.

- - End Of File - - BC2B63C55ABEA70817FE546DFE96A277

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla come va il pc?

Si prega di scaricare . Malwarebytes 'Anti-Malware sul desktop

  • Doppio - click su mbam - setup .exe e seguire le istruzioni per installare il programma .
  • Alla fine dell'installazione, di default, un segno di spunta è posizionato accanto a Aggiorna Malwarebytes 'Anti -Malware e Avvia Malwarebytes ' Anti - Malware , quindi cliccare Fine .
  • Se un viene trovato un aggiornamento , verrà scaricato e installato .
  • Una volta che il programma e' stato caricato , selezionare Eseguire scansione rapida , poi cliccare Scan .
  • Quando la scansione è completa , cliccare OK , poi Mostra Risultati per visualizzare i risultati .
  • Siate sicuri che tutto sia selezionato , quindi cliccare Remove Selected .
  • Quando completato il tutto , si aprirà un log in blocco note .
  • I log possono essere trovati qui :
    C : \ Documents e Settings \ nome utente \ Dati Applicazioni \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \ log [data] txt .
    O in
    C: \ Programmi \ Malwarebytes ' Anti - Malware \ Logs \ log - data . txt
  • Posta il log nella tua prossima risposta

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao, il pc mi sembra vada bene :rolleyes:

pensi che sia tutto a posto adesso?

grazie ancora,allego il report

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Versione database: v2012.04.05.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

margherita :: SWEET-LAVINIA [amministratore]

05/04/2012 17:50:06

mbam-log-2012-04-05 (17-50-06).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 203746

Tempo impiegato: 4 minuti, 33 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

kokkamilla, hai fatto una scansione veloce..

fai una scansione completa

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla :thumbsup5:

Va bene così Pike, non mi serve la scansione completa di malwarebytes, devo solo vedere se in posizioni strategiche trova qualcosa, se esiste qualcosa di piu' adesso me la trova il mio amico :laving4:

ESET Online Scanner

Esegui una scansione con ESET OnlineScan

Nota: Se si utilizza Windows Vista / 7, aprire il browser cliccando col tasto destro sulla sua icona e selezionare 'Esegui come amministratore' per eseguire questa analisi

*Note

Si consiglia di disabilitare programmi antivirus e programmi antispyware durante l'esecuzione della scansione di modo che non ci siano conflitti e abbreviare i tempi di scansione.

Si prega di non navigare, mentre la protezione è disabilitata!

Una volta che la scansione è terminata ricordarsi di riattivare antivirus insieme con i vostri programmi antispyware..

  1. Tenere premuto il tasto Ctrl e fate clic sul link seguente per aprire OnlineScan ESET in una nuova finestra.
    ESET OnlineScan
  2. Click su esetOnline.png .
  3. Solo per i browser alternativi: (Gli utenti di Microsoft Internet Explorer possono saltare questi passaggi )

    1. Click su esetSmartInstall.png per installare ESET Smart Installer. Salvalo sul desktop.
    2. Doppio click sull' esetSmartInstallDesktopIcon.png icona sul tuo desktop.
    3. [*]Check esetAcceptTerms.png

      [*]Click su esetStart.png.

      [*]Accept qualsiasi avviso di sicurezza del tuo browser.

      [*]Check esetScanArchives.png

      [*]Assicurarsi che l'opzione "Rimuovi minacce individuate" è selezionato

      [*]Premere sul pulsante Start .

      [*]ESET scaricherà gli aggiornamenti da sé,

      Iniziare la scansione del computer. Si prega di essere pazienti in quanto ciò potrebbe richiedere un certo tempo

      [*]Quando la scansione sarà completa, premere esetListThreats.png

      [*]Premere esetExport.png, e salvare il file sul tuo desktop usando un unico nome MyEsetScan. Alternativamente per il log, guarda in C:\Program Files\ESET\ESET Online Scanner\log.txt. Includi il contenuto di questo report nella tua prossima risposta.

      [*]Premi il pulsante Back.

      [*]Seleziona Disinstalla applicazione e premi esetFinish.png

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Questo è il il log di eset :rolleyes:

grazie per l'aiuto :anna:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a809e362196e65449820267a1955f077

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-06 07:53:26

# local_time=2012-04-06 09:53:26 (+0100, ora legale Europa occidentale)

# country="Italy"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 9559796 9559796 0 0

# compatibility_mode=5893 16776573 100 94 44093 85318421 0 0

# compatibility_mode=8192 67108863 100 0 35979 35979 0 0

# scanned=157050

# found=1

# cleaned=1

# scan_time=10235

C:\Users\margherita\Downloads\cnet_Camera-(Suyin driver)_Acer CrystalEye webcam_5_8_31_500-WHQL_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a809e362196e65449820267a1955f077

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-07 09:28:01

# local_time=2012-04-07 11:28:01 (+0100, ora legale Europa occidentale)

# country="Italy"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 9652040 9652040 0 0

# compatibility_mode=5893 16776573 100 94 136337 85410665 0 0

# compatibility_mode=8192 67108863 100 0 128223 128223 0 0

# scanned=156645

# found=0

# cleaned=0

# scan_time=10066

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Kokkamilla

Segui quanto ti dico:

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe

● posiziona il tool sul Desktop

● chiudi tutti i programmi attivi

● avvia il tool con un doppio click

● clicca sul pulsante CleanUp!

● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Note - riguardo al programma:

OTC by OldTimer va eseguito solamente nel caso tu abbia utilizzato in precedenza particolari programmi che richiedono una particolare procedura di disinstallazione, come ComboFix, FindAWF, GMER, RSIT e TDSS Killer.

● per eseguire correttamente OTC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

Disattiva il Ripristino Configurazione di Sistema

clicca sul pulsante Start

● tasto destro del mouse sull'icona Computer

● seleziona, dal menù a tendina, la voce Proprietà

● clicca, nel menù a sinistra, su Protezione sistema; compare un avviso relativo al Controllo Account Utente: clicca su Continua

● deseleziona la casella di controllo visualizzata accanto al Disco Locale C:

● clicca sul pulsante OK

● conferma la modifica apportata, cliccando sul pulsante Applica e OK

Ripeti, e spunta la casella di controllo accanto al disco C, per riattivare il RCS

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe

● posiziona il tool sul Desktop

termina tutti i programmi attivi, comprese le pagine Internet

● clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

● clicca, in basso a sinistra, sul pulsante Start

scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi

● attendi pazientemente il termine delle operazioni

● clicca, in basso a destra, sul pulsante Exit

● una volta terminate le operazioni, chiudi il programma

Come va il tuo PC

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ciao Mr 4011, :) ho fatto le ultime operazioni e il riavvio è stato di una lunghezza estenuante,comunque sembra vada tutto bene,e i progammi funzionano regolarmente. Più tardi avrò modo di provare il pc un pò meglio,ti farò sapere Grazie mille per l'aiuto :anna:

PS nel frattempo ho fatto una nuova scansione con avira e sembra tutto ok allego il report

Avira Internet Security 2012

Data del file di report: domenica 8 aprile 2012 15:31

Ricerca di 3597466 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.

I servizi online sono disponibili.

Concesso in licenza a : Margherita Lopatriello

Numero di serie : xxxxxx.xxxxx.xxxxxx.xxxx

Piattaforma : Windows 7 x64

Versione di Windows : (Service Pack 1) [6.1.7601]

Modalità di avvio : Booting eseguito regolarmente

Nome utente : SYSTEM

Nome computer : SWEET-LAVINIA

Informazioni sulla versione:

BUILD.DAT : 12.0.0.186 48676 Bytes 03/02/2012 18:22:00

AVSCAN.EXE : 12.1.0.20 492496 Bytes 15/02/2012 18:08:05

AVSCAN.DLL : 12.1.0.18 63440 Bytes 15/02/2012 18:08:05

LUKE.DLL : 12.1.0.19 68304 Bytes 15/02/2012 18:08:05

AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15/02/2012 18:08:05

AVREG.DLL : 12.1.0.36 229128 Bytes 05/04/2012 14:48:12

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 09:07:39

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 08:05:42

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 14:49:51

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 12:01:28

VBASE005.VDF : 7.11.26.45 2048 Bytes 28/03/2012 12:01:29

VBASE006.VDF : 7.11.26.46 2048 Bytes 28/03/2012 12:01:29

VBASE007.VDF : 7.11.26.47 2048 Bytes 28/03/2012 12:01:29

VBASE008.VDF : 7.11.26.48 2048 Bytes 28/03/2012 12:01:30

VBASE009.VDF : 7.11.26.49 2048 Bytes 28/03/2012 12:01:30

VBASE010.VDF : 7.11.26.50 2048 Bytes 28/03/2012 12:01:30

VBASE011.VDF : 7.11.26.51 2048 Bytes 28/03/2012 12:01:30

VBASE012.VDF : 7.11.26.52 2048 Bytes 28/03/2012 12:01:30

VBASE013.VDF : 7.11.26.53 2048 Bytes 28/03/2012 12:01:30

VBASE014.VDF : 7.11.26.107 221696 Bytes 30/03/2012 10:15:17

VBASE015.VDF : 7.11.26.179 224768 Bytes 02/04/2012 16:50:48

VBASE016.VDF : 7.11.26.241 142336 Bytes 04/04/2012 14:06:38

VBASE017.VDF : 7.11.26.242 2048 Bytes 04/04/2012 14:06:38

VBASE018.VDF : 7.11.26.243 2048 Bytes 04/04/2012 14:06:38

VBASE019.VDF : 7.11.26.244 2048 Bytes 04/04/2012 14:06:38

VBASE020.VDF : 7.11.26.245 2048 Bytes 04/04/2012 14:06:38

VBASE021.VDF : 7.11.26.246 2048 Bytes 04/04/2012 14:06:39

VBASE022.VDF : 7.11.26.247 2048 Bytes 04/04/2012 14:06:39

VBASE023.VDF : 7.11.26.248 2048 Bytes 04/04/2012 14:06:39

VBASE024.VDF : 7.11.26.249 2048 Bytes 04/04/2012 14:06:39

VBASE025.VDF : 7.11.26.250 2048 Bytes 04/04/2012 14:06:39

VBASE026.VDF : 7.11.26.251 2048 Bytes 04/04/2012 14:06:40

VBASE027.VDF : 7.11.26.252 2048 Bytes 04/04/2012 14:06:40

VBASE028.VDF : 7.11.26.253 2048 Bytes 04/04/2012 14:06:41

VBASE029.VDF : 7.11.26.254 2048 Bytes 04/04/2012 14:06:41

VBASE030.VDF : 7.11.26.255 2048 Bytes 04/04/2012 14:06:41

VBASE031.VDF : 7.11.27.38 201216 Bytes 06/04/2012 17:57:59

Motore : 8.2.10.38

AEVDF.DLL : 8.1.2.2 106868 Bytes 01/12/2011 16:55:36

AESCRIPT.DLL : 8.1.4.16 446842 Bytes 04/04/2012 16:32:46

AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 16:39:38

AESBX.DLL : 8.2.5.5 606579 Bytes 12/03/2012 12:43:10

AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 21:16:06

AEPACK.DLL : 8.2.16.9 807287 Bytes 30/03/2012 17:58:04

AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04/04/2012 16:32:45

AEHEUR.DLL : 8.1.4.12 4604278 Bytes 04/04/2012 16:32:45

AEHELP.DLL : 8.1.19.1 254327 Bytes 02/04/2012 16:50:54

AEGEN.DLL : 8.1.5.23 409973 Bytes 07/03/2012 18:37:46

AEEXP.DLL : 8.1.0.28 82292 Bytes 04/04/2012 16:32:46

AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 21:46:01

AECORE.DLL : 8.1.25.6 201078 Bytes 15/03/2012 14:30:42

AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 21:46:01

AVWINLL.DLL : 12.1.0.17 27344 Bytes 16/12/2011 08:43:47

AVPREF.DLL : 12.1.0.17 51920 Bytes 16/12/2011 08:43:46

AVREP.DLL : 12.1.0.17 179920 Bytes 16/12/2011 08:43:46

AVARKT.DLL : 12.1.0.23 209360 Bytes 15/02/2012 18:08:05

AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 16/12/2011 08:43:44

SQLITE3.DLL : 3.7.0.0 398288 Bytes 16/12/2011 08:43:59

AVSMTP.DLL : 12.1.0.17 63440 Bytes 16/12/2011 08:43:47

NETNT.DLL : 12.1.0.17 17104 Bytes 16/12/2011 08:43:56

RCIMAGE.DLL : 12.1.0.13 4821200 Bytes 14/12/2011 23:20:06

RCTEXT.DLL : 12.1.0.16 98768 Bytes 14/12/2011 23:20:06

Impostazioni di configurazione per la scansione attuale:

Nome del job................................: Scansione completa del sistema

File di configurazione......................: C:\program files (x86)\avira\antivir desktop\sysscan.avp

Report......................................: standard

Azione primaria.............................: interattivo

Azione secondaria...........................: ignora

Scansione dei record master di avvio........: Attivo

Scansiona record di avvio...................: Attivo

Record di avvio.............................: C:,

Scansione dei programmi attivi..............: Attivo

Processo esteso di scansione................: Attivo

Scansiona la registrazione..................: Attivo

Cerca Rootkits..............................: Attivo

Controllo di integrità dei file di sistema..: Non attivo

Modalità di scansione file..................: Tutti i file

Scansione degli archivi.....................: Attivo

Limita la profondità di ricorsione..........: 20

Archivio estensioni Smart...................: Attivo

Macro euristico.............................: Attivo

File euristico..............................: avanzato

Categorie irregolari delle minacce..........: +APPL,+PCK,+PFS,+SPR,

Avvio della scansione: domenica 8 aprile 2012 15:31

Avvio della scansione dei record master di avvio:

Record master di avvio dell'Hard Disk 0

[iNFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:

Record di avvio 'C:\'

[iNFO] Nessun virus è stato trovato!

È stata avviata la scansione per accertare la presenza di oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:

Scansione processo 'avscan.exe' - '85' modulo(i) scansionato(i)

Scansione processo 'avcenter.exe' - '95' modulo(i) scansionato(i)

Scansione processo 'plugin-container.exe' - '82' modulo(i) scansionato(i)

Scansione processo 'firefox.exe' - '127' modulo(i) scansionato(i)

Scansione processo '3 Internet.exe' - '78' modulo(i) scansionato(i)

Scansione processo 'jusched.exe' - '25' modulo(i) scansionato(i)

Scansione processo 'iTunesHelper.exe' - '72' modulo(i) scansionato(i)

Scansione processo 'avgnt.exe' - '87' modulo(i) scansionato(i)

Scansione processo 'realsched.exe' - '38' modulo(i) scansionato(i)

Scansione processo 'Updater.exe' - '33' modulo(i) scansionato(i)

Scansione processo 'EgisUpdate.exe' - '37' modulo(i) scansionato(i)

Scansione processo 'LManager.exe' - '55' modulo(i) scansionato(i)

Scansione processo 'distnoted.exe' - '33' modulo(i) scansionato(i)

Scansione processo 'ubd.exe' - '77' modulo(i) scansionato(i)

Scansione processo 'GoogleToolbarNotifier.exe' - '55' modulo(i) scansionato(i)

Scansione processo 'PLFSetI.exe' - '39' modulo(i) scansionato(i)

Scansione processo 'mwlDaemon.exe' - '69' modulo(i) scansionato(i)

Scansione processo 'IAAnotif.exe' - '39' modulo(i) scansionato(i)

Scansione processo 'AVWEBGRD.EXE' - '41' modulo(i) scansionato(i)

Scansione processo 'avmailc.exe' - '42' modulo(i) scansionato(i)

Scansione processo 'IAANTMon.exe' - '36' modulo(i) scansionato(i)

Scansione processo 'UpdaterService.exe' - '23' modulo(i) scansionato(i)

Scansione processo 'SchedulerSvc.exe' - '41' modulo(i) scansionato(i)

Scansione processo 'NMSAccessU.exe' - '18' modulo(i) scansionato(i)

Scansione processo 'MWLService.exe' - '42' modulo(i) scansionato(i)

Scansione processo 'GregHSRW.exe' - '27' modulo(i) scansionato(i)

Scansione processo 'AppleMobileDeviceService.exe' - '65' modulo(i) scansionato(i)

Scansione processo 'avguard.exe' - '73' modulo(i) scansionato(i)

Scansione processo 'avfwsvc.exe' - '57' modulo(i) scansionato(i)

Scansione processo 'armsvc.exe' - '24' modulo(i) scansionato(i)

Scansione processo 'sched.exe' - '44' modulo(i) scansionato(i)

Avvio della scansione dei file eseguibili (registro):

Il registro è stato scansionato ( 1331 file ).

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\' <Acer>

C:\Users\margherita\Downloads\Firefox Setup 9.0.1.exe

--> Object

[AVVISO] Impossibile leggere il file!

[AVVISO] Impossibile leggere il file!

C:\Windows\SoftwareDistribution\Download\b1b8fc3f04cd4bb426ec86cb7356eaaea8ebd802

[0] Tipo di archivio: Portable Executable Resource

--> object

[1] Tipo di archivio: CAB (Microsoft)

--> WriterProdLang.7z

[2] Tipo di archivio: 7-Zip

--> WriterProdLang.cab

[3] Tipo di archivio: CAB (Microsoft)

--> writerprodlang.msi

[AVVISO] Impossibile leggere il file!

--> object

[1] Tipo di archivio: CAB (Microsoft)

--> LanguageSelector64.7z

[2] Tipo di archivio: 7-Zip

--> LanguageSelector64.cab

[3] Tipo di archivio: CAB (Microsoft)

--> LanguageSelector64.msi

[AVVISO] Impossibile leggere il file!

C:\Windows\SoftwareDistribution\Download\87d9089bcf15ca4625c9ed0da4cd4ab4\BIT1E5E.tmp

[0] Tipo di archivio: CAB SFX (self extracting)

--> silverlight.7z

[AVVISO] Impossibile leggere il file!

Fine della scansione: domenica 8 aprile 2012 16:44

Tempo impiegato: 1:12:57 Ora(e)

La scansione è stata completamente eseguita.

31030 Directory scansionate

589717 I file sono stati scansionati

0 Rilevati virus e/o programmi indesiderati

0 I file sono stati classificati come sospetti

0 I file sono stati eliminati

0 I virus o i programmi indesiderati sono stati riparati

0 File spostati in quarantena

0 File rinominati

0 Impossibile scansionare i file

589717 File non infetti

3757 Archivi scansionati

5 Avvisi

0 Note

665722 Oggetti scansionati durante la scansione dei rootkit

0 Sono stati rilevati oggetti nascosti

Modificato da Mr 4011
Rimosso numero seriale

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Va benissimo KoKKamilla, a questo punto posso dichiarare il 3d risolto.

Prima di chiudere ricordati di re-invisibilizzare file e cartelle:

Da Start> Pannello di controllo> Opzioni cartella> Visualizzazione

Scegliere "Visualizza cartelle e file nascosti"

Spuntare "Nascondi i file protetti di sistema" e "Nascondi le estensioni per i tipi di file conosciuti" .

Chiudere la finestra con OK

Esegui periodicamente le scansioni e gli aggiornamenti di windows update, per qualsiasi evenienza noi siamo qui'.

Ciao Kokkamilla, spero di non rivederti piu' in questa sezione :laughing:

Rispondi a questo post

Se entro 24 ore non ricevo una risposta, chiudo il topic

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

'.

Ciao Kokkamilla, spero di non rivederti piu' in questa sezione :laughing:

Grazie di tutto Mr 401 :anna:,spero veramente anch'io di non dover tornare qui per qualche virus,

anche se so che posso contare sempre su di voi :thumbsup5:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
Ospite
Questa discussione è chiusa.
Accedi per seguire   
Seguaci 0