Accedi per seguire   
Seguaci 0
shampo

Il Pc Fa Fatica Ad Accendersi E Spengersi

40 messaggi in questa discussione

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.5 (02.18.2013:1)

OS: Windows 7 Home Premium x64

Ran by rosy on 20/02/2013 at 21:54:18,69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77}

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2570973293-931428272-2817982780-1000\software\microsoft\internet explorer\searchurl\\Default

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload

Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater

Successfully deleted: [Registry Key] hkey_current_user\software\im

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller

Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com

Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\rosy\appdata\local\smartbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/02/2013 at 22:06:41,49

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Shampo

Ripeti questa procedura nei dettagli

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

DDS::
mStart Page = hxxp://search.chatzum.com/

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

Fammi sapere poi come va il tuo pc e se ci sono, quli problemi riscontri

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ho risposto ma nn arrivano i messaggi o nn li vedo io

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao per puro caso ho visto la tua risposta,perchè ho inviato il messaggio e mi è apparsa,altrimenti quando apro è ferma a questa risposta Inviato 17 February 2013 - 17:11 PM

scusami,ma mi ci sta buttando di fuori,mi si apre il file e non mi fa fare il copia incolla,se vado nella cartella mi copia quello che ti ho inviato,rifaccio un altra prova,grrrrrrrrrrr

ciao grazie e la tua risposta mi da parole strane non so se copiandola te le da anche a te vedi

Inviato 21 Febbraio 2013 - 08:00

Ciao Shampo ripeti This PROCEDURA nia dettagli apri il Blocco note copia il testo following e salvalo, chiamandolo cfscript

DDS ::

MStart Pagina = hxxp : / / search . chatzum . COM /col il mouse trascina il file di CFScript.txt sull'icona rossa di ComboFix Lascia Lavorare il Programma delle Nazioni Unite Finito Verra Creato ComboFix.txt log nuovo, postaloFammi Sapere poi come va il Tuo pc e se ci Sono, Quli problemi riscontri

cfscript08oy6.gif

Modificato da shampo

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

rieccomi questo è il nuovo

ComboFix 13-02-24.01 - rosy 25/02/2013 15:35:03.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2887 [GMT 1:00]

Eseguito da: C:\Users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe

Opzioni usate :: C:\Users\rosy\Desktop\cfscript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

((((((((((((((((((((((((( Files Creati Da 2013-01-25 al 2013-02-25 )))))))))))))))))))))))))))))))))))

2013-02-25 14:40:46 . 2013-02-25 14:40:46 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-02-22 19:32:45 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3FFB722-E950-4F7E-931C-300DCDF74E3E}\mpengine.dll

2013-02-20 20:54:16 . 2013-02-20 20:54:16 -------- d-----w- C:\Windows\ERUNT

2013-02-20 20:54:09 . 2013-02-20 20:54:09 -------- d-----w- C:\JRT

2013-02-18 22:27:03 . 2013-02-18 22:27:13 -------- d-----w- C:\40100a38779b122341

2013-02-16 23:42:36 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 23:42:36 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 22:14:24 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe

2013-02-16 22:14:22 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-16 22:14:21 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-16 22:14:11 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys

2013-02-16 22:13:56 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll

2013-02-16 22:13:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-16 22:13:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-16 22:13:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-16 22:13:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-16 22:13:54 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-16 22:13:49 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-02-16 22:13:48 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

2013-02-07 18:28:47 . 2013-02-13 22:13:00 -------- d-----w- C:\Program Files (x86)\TimeLineRemove

2013-02-05 11:38:24 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll

2013-02-05 11:38:23 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-02-05 11:36:59 . 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\system32\pegi-fi.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:41 23552 ----a-w- C:\Windows\SysWow64\oflc.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:40 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:36 51712 ----a-w- C:\Windows\SysWow64\esrb.rs

2013-02-05 11:36:58 . 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\system32\oflc.rs

2013-02-05 11:36:58 . 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\system32\cero.rs

2013-02-05 11:36:58 . 2012-12-07 10:46:36 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2013-02-05 11:26:20 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe

2013-02-05 11:26:00 . 2013-02-05 11:26:00 -------- d-----w- C:\Users\rosy\AppData\Local\Apps

2013-02-05 11:25:57 . 2013-02-05 11:37:39 -------- d-----w- C:\Users\rosy\AppData\Local\Deployment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-16 23:42:52 . 2012-06-03 22:19:07 70004024 ----a-w- C:\Windows\system32\MRT.exe

2013-02-13 19:22:41 . 2012-06-03 19:18:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-13 19:22:41 . 2012-06-03 19:18:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 00:28:58 . 2012-06-03 09:49:12 273840 ------w- C:\Windows\system32\MpSigStub.exe

2013-01-04 04:43:21 . 2013-02-16 22:13:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 . 2012-12-20 19:06:20 46080 ----a-w- C:\Windows\system32\atmlib.dll

2012-12-16 14:45:03 . 2012-12-20 19:06:19 367616 ----a-w- C:\Windows\system32\atmfd.dll

2012-12-16 14:13:28 . 2012-12-20 19:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 . 2012-12-20 19:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 15:49:28 . 2012-06-03 21:30:56 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R3 PAC207;Trust 100K Series Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 11:17:10 686592]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 11:42:54 52736]

R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-03 10:38:46 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2009-08-18 00:36:20 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368]

S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\system32\DRIVERS\AGUx64.sys [2007-03-27 16:06:48 1021440]

Contenuto della cartella 'Scheduled Tasks'

2013-02-25 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:18:30 . 2013-02-13 19:22:42]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53]

2013-02-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

- C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

- C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:57:11 444752 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com

mLocal Page = C:\Windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 62.101.93.101 83.103.25.250

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

rieccomi questo è il nuovo

ComboFix 13-02-24.01 - rosy 25/02/2013 15:35:03.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2887 [GMT 1:00]

Eseguito da: C:\Users\rosy\Desktop\Nuova cartella (7)\ComboFix.exe

Opzioni usate :: C:\Users\rosy\Desktop\cfscript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

((((((((((((((((((((((((( Files Creati Da 2013-01-25 al 2013-02-25 )))))))))))))))))))))))))))))))))))

2013-02-25 14:40:46 . 2013-02-25 14:40:46 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-02-22 19:32:45 . 2013-02-08 00:28:29 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3FFB722-E950-4F7E-931C-300DCDF74E3E}\mpengine.dll

2013-02-20 20:54:16 . 2013-02-20 20:54:16 -------- d-----w- C:\Windows\ERUNT

2013-02-20 20:54:09 . 2013-02-20 20:54:09 -------- d-----w- C:\JRT

2013-02-18 22:27:03 . 2013-02-18 22:27:13 -------- d-----w- C:\40100a38779b122341

2013-02-16 23:42:36 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 23:42:36 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 22:14:24 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe

2013-02-16 22:14:22 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-16 22:14:21 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-16 22:14:11 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys

2013-02-16 22:13:56 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll

2013-02-16 22:13:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-16 22:13:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-16 22:13:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-16 22:13:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-16 22:13:54 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-16 22:13:49 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-02-16 22:13:48 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

2013-02-07 18:28:47 . 2013-02-13 22:13:00 -------- d-----w- C:\Program Files (x86)\TimeLineRemove

2013-02-05 11:38:24 . 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\system32\win32spl.dll

2013-02-05 11:38:23 . 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-02-05 11:36:59 . 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\system32\pegi-fi.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:41 23552 ----a-w- C:\Windows\SysWow64\oflc.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:40 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs

2013-02-05 11:36:59 . 2012-12-07 10:46:36 51712 ----a-w- C:\Windows\SysWow64\esrb.rs

2013-02-05 11:36:58 . 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\system32\oflc.rs

2013-02-05 11:36:58 . 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\system32\cero.rs

2013-02-05 11:36:58 . 2012-12-07 10:46:36 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2013-02-05 11:26:20 . 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\system32\taskhost.exe

2013-02-05 11:26:00 . 2013-02-05 11:26:00 -------- d-----w- C:\Users\rosy\AppData\Local\Apps

2013-02-05 11:25:57 . 2013-02-05 11:37:39 -------- d-----w- C:\Users\rosy\AppData\Local\Deployment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-16 23:42:52 . 2012-06-03 22:19:07 70004024 ----a-w- C:\Windows\system32\MRT.exe

2013-02-13 19:22:41 . 2012-06-03 19:18:29 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-13 19:22:41 . 2012-06-03 19:18:29 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 00:28:58 . 2012-06-03 09:49:12 273840 ------w- C:\Windows\system32\MpSigStub.exe

2013-01-04 04:43:21 . 2013-02-16 22:13:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 . 2012-12-20 19:06:20 46080 ----a-w- C:\Windows\system32\atmlib.dll

2012-12-16 14:45:03 . 2012-12-20 19:06:19 367616 ----a-w- C:\Windows\system32\atmfd.dll

2012-12-16 14:13:28 . 2012-12-20 19:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 . 2012-12-20 19:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 15:49:28 . 2012-06-03 21:30:56 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R3 PAC207;Trust 100K Series Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 11:17:10 686592]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 11:42:54 52736]

R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-03 10:38:46 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2009-08-18 00:36:20 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368]

S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\system32\DRIVERS\AGUx64.sys [2007-03-27 16:06:48 1021440]

Contenuto della cartella 'Scheduled Tasks'

2013-02-25 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:18:30 . 2013-02-13 19:22:42]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03 10:00:58 . 2012-06-03 10:00:53]

2013-02-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

- C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28]

2013-02-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

- C:\Users\rosy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07 19:09:31 . 2012-09-15 13:30:28]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:57:11 444752 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com

mLocal Page = C:\Windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 62.101.93.101 83.103.25.250

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ok shampo

Avviare OTL.exe .

  • Copia e incolla il testo scritto all'interno del box quote in analisi personalizzate/correzioni .

:Files
ipconfig /flushdns /c

:Commands
[EMPTYFLASH]
[RESETHOST]
[CREATERESTOREPOINT]
[REBOOT]

    [*] Quindi fare clic su Fix Run situato nella parte superiore.

    [*] Lasciare che il programma esegua senza ostacoli il suo lavoro, quando avra' terminato, si riavviera' in automatico. In caso contrario, si prega di riavviare il sistema manualmente.

    Postare il log che viene rilasciato [/List]

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

OTL logfile created on: 26/02/2013 22:00:23 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rosy\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,31% Memory free

8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 460,57 Gb Total Space | 296,71 Gb Free Space | 64,42% Space Free | Partition Type: NTFS

Computer Name: ROSY-PC | User Name: rosy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\rosy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\pdf.dll ()

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\libglesv2.dll ()

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\libegl.dll ()

MOD - C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ffmpegsumo.dll ()

MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV:64bit: - (A5AGU) -- C:\Windows\SysNative\drivers\AGUx64.sys (Atheros Communications, Inc.)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it

IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}

IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=IT&install_date=20120603&user_guid=985E3F5A4D644327BD681BEF39B4761B&machine_id=423dba73537c70de0e33a7139f9c55ad&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rosy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rosy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/18 10:53:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

[2012/09/16 13:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Yahoo! Italia (Enabled)

CHR - default_search_provider: search_url = http://it.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR - default_search_provider: suggest_url = http://it-sayt.ff.search.yahoo.com/gossip-it-sayt?output=fxjson&command={searchTerms}

CHR - homepage: about:blank

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rosy\AppData\Local\Google\Chrome\Application\26.0.1403.0\gcswf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\

CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: TLRemove = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbdakecjcgadccddooobabgalbdfpdl\1.1.0_0\

CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: Fancy Gaming Simplifier = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\

CHR - Extension: YouTube = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Ricerca Google = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: TLRemove = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbdakecjcgadccddooobabgalbdfpdl\1.1.0_0\

CHR - Extension: avast! WebRep = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\rosy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/10 20:01:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE42BE-D122-4A8E-9CCD-BAB2D224A855}: DhcpNameServer = 62.101.93.101 83.103.25.250

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 21:55:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rosy\Desktop\OTL.exe

[2013/02/25 21:57:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/02/25 15:40:46 | 000,000,000 | ---D | C] -- C:\Windows emp

[2013/02/25 15:32:51 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/02/20 21:54:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/02/20 21:54:09 | 000,000,000 | ---D | C] -- C:\JRT

[2013/02/19 22:02:17 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\rosy\Desktop\JRT.exe

[2013/02/18 23:27:03 | 000,000,000 | ---D | C] -- C:\40100a38779b122341

[2013/02/18 21:47:44 | 002,347,384 | ---- | C] (ESET) -- C:\Users\rosy\Desktop\esetsmartinstaller_enu.exe

[2013/02/17 00:40:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/02/17 00:40:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/02/17 00:40:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/02/17 00:40:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/02/17 00:40:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/02/17 00:40:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/02/17 00:40:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/02/17 00:40:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/02/17 00:40:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/02/17 00:40:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/02/17 00:40:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/02/17 00:40:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/02/17 00:40:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/02/17 00:40:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/02/17 00:40:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/02/16 23:14:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/02/16 23:14:22 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/02/16 23:14:21 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/02/16 23:13:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/02/16 23:13:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/02/16 23:13:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/02/16 23:13:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/02/16 23:13:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/02/16 23:13:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/02/16 23:13:48 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013/02/10 19:54:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/02/10 19:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/02/10 19:54:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/02/10 19:43:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/02/10 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (7)

[2013/02/10 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (6)

[2013/02/07 20:05:36 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/02/07 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLineRemove

[2013/02/05 12:38:24 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/02/05 12:38:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/02/05 12:37:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/02/05 12:37:29 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/02/05 12:37:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/02/05 12:37:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/02/05 12:37:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/02/05 12:37:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/02/05 12:37:11 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/02/05 12:37:11 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/02/05 12:37:11 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/02/05 12:37:10 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/02/05 12:37:10 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/02/05 12:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/02/05 12:37:10 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/02/05 12:37:09 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/02/05 12:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/02/05 12:37:08 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/02/05 12:37:08 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/02/05 12:37:07 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/02/05 12:37:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/02/05 12:36:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/02/05 12:36:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/02/05 12:36:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/02/05 12:36:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/02/05 12:36:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/02/05 12:32:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/02/05 12:32:42 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/02/05 12:32:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/02/05 12:32:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/02/05 12:32:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/02/05 12:32:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/02/05 12:32:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/02/05 12:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/02/05 12:32:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/02/05 12:32:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/02/05 12:32:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/02/05 12:32:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/02/05 12:32:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/02/05 12:32:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/02/05 12:32:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/02/05 12:32:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/02/05 12:32:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/02/05 12:32:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/02/05 12:32:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/02/05 12:32:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/02/05 12:32:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/02/05 12:32:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/02/05 12:32:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/02/05 12:32:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/02/05 12:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/02/05 12:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/02/05 12:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/02/05 12:32:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/02/05 12:32:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/02/05 12:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/02/05 12:32:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/02/05 12:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/02/05 12:32:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/02/05 12:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/02/05 12:32:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/02/05 12:32:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/02/05 12:26:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative askhost.exe

[2013/02/05 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Apps

[2013/02/05 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\rosy\AppData\Local\Deployment

[2013/02/05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\rosy\Desktop\Nuova cartella (2)

========== Files - Modified Within 30 Days ==========

[2013/02/26 21:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rosy\Desktop\OTL.exe

[2013/02/26 21:40:00 | 000,001,146 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineUA.job

[2013/02/26 21:22:00 | 000,000,978 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2013/02/26 21:19:01 | 000,001,156 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

[2013/02/26 21:19:00 | 000,001,104 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

[2013/02/26 20:46:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/26 20:46:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/26 20:39:26 | 000,001,142 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineCore.job

[2013/02/26 20:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/26 20:38:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/23 12:42:56 | 001,549,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/23 12:42:56 | 000,701,188 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2013/02/23 12:42:56 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/23 12:42:56 | 000,128,534 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2013/02/23 12:42:56 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/21 20:06:13 | 000,241,510 | ---- | M] () -- C:\Users\rosy\Desktop\foto 2.JPG

[2013/02/21 20:06:07 | 000,146,217 | ---- | M] () -- C:\Users\rosy\Desktop\foto 1.JPG

[2013/02/21 20:04:02 | 000,037,212 | ---- | M] () -- C:\Users\rosy\Desktop\VICARIO.pdf

[2013/02/19 22:04:38 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\rosy\Desktop\JRT.exe

[2013/02/18 21:47:45 | 002,347,384 | ---- | M] (ESET) -- C:\Users\rosy\Desktop\esetsmartinstaller_enu.exe

[2013/02/18 21:14:10 | 000,490,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/13 23:10:37 | 000,000,580 | ---- | M] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh

[2013/02/13 20:22:41 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/02/13 20:22:41 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/02/10 20:01:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/02/07 20:10:16 | 000,002,366 | ---- | M] () -- C:\Users\rosy\Desktop\Google Chrome.lnk

[2013/02/05 14:06:08 | 000,205,892 | ---- | M] () -- C:\Users\rosy\Desktop\902086243.PDF

[2013/02/05 12:09:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Files Created - No Company Name ==========

[2013/02/21 20:06:12 | 000,241,510 | ---- | C] () -- C:\Users\rosy\Desktop\foto 2.JPG

[2013/02/21 20:06:07 | 000,146,217 | ---- | C] () -- C:\Users\rosy\Desktop\foto 1.JPG

[2013/02/21 20:04:00 | 000,037,212 | ---- | C] () -- C:\Users\rosy\Desktop\VICARIO.pdf

[2013/02/10 19:54:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/02/10 19:54:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/02/10 19:54:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/02/10 19:54:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/02/10 19:54:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/02/07 20:09:32 | 000,001,156 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000UA.job

[2013/02/07 20:09:31 | 000,001,104 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-2570973293-931428272-2817982780-1000Core.job

[2013/02/07 20:05:36 | 000,002,366 | ---- | C] () -- C:\Users\rosy\Desktop\Google Chrome.lnk

[2013/02/05 14:05:37 | 000,205,892 | ---- | C] () -- C:\Users\rosy\Desktop\902086243.PDF

[2012/11/11 16:44:02 | 000,000,543 | ---- | C] () -- C:\Windows\EvvivaRG.ini

[2012/11/11 16:43:56 | 000,000,598 | ---- | C] () -- C:\Windows\NEXTRG.INI

[2012/11/11 16:42:39 | 000,000,302 | ---- | C] () -- C:\Windows\FinsonLiveUpdate.ini

[2012/11/11 16:34:06 | 000,000,061 | ---- | C] () -- C:\Windows\FINSON.INI

[2012/09/16 13:15:12 | 000,000,001 | ---- | C] () -- C:\Users\rosy\AppData\Local\llftool.4.25.agreement

[2012/08/03 14:01:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2012/08/01 15:12:56 | 000,000,580 | ---- | C] () -- C:\Users\rosy\AppData\Roaming\mainhst.zgh

[2012/06/11 13:45:21 | 001,568,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/03 21:21:54 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2012/06/03 20:26:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/06/03 00:26:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtRFull\L

[2012/06/27 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\PhotoSi\MyComposer\{1EDC5705-2662-4044-AA11-B295EBF28ED6}\Data\Products\ShirtVFull\L

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

ciao

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao shampo :)

Fammi sapere come va il tuo PC, e se ci sono altri problemi da risolvere

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao,per ora funziona,grazie di tutto

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao shampo

Sembra che i tuoi REGISTRI ORA SONO PULITi :) Quindi, consentimi di fare un paio di cose per poter terminare la disinfezione :)

Questa infezione sembra essere stata ripulita, ma non posso dare garanzie assolute. Per precauzione, vorrei andare avanti e consigliarti di cambiare tutte le password siccome questo è particolarmente importante dopo un'infezione.

  • Fare clic su START e esegui
  • Ora scrivi Combofix /uninstall nel runbox e fai clic su OK . Si noti che lo spazio tra la X e / , bisogna che ci sia.

CF-Uninstall.png

Unistall AdwCleaner

  • Doppio click adwcleaner.exe per eseguire lo strumento.
  • Fare clic su Disinstalla.
  • Confermare con sì.

Pulire con OTL:

  • Fare doppio clic su OTL.exe per avviare il programma.
  • Chiudere tutti gli altri programmi tranne OTL siccome questo passaggio richiede un riavvio
  • Nella schermata principale, premere il tasto clenup
  • Di ' per la richiesta e quindi consentire al programma di riavviare il computer.

Tutti i log creati per l'utilizzo nel forum e i tool rimanenti, che non sono ancora stati rimossi possono essere cancellati in modo che non ingombrino il vostro desktop.

Ecco alcuni suggerimenti per ridurre il rischio di infezione da spyware in futuro:

Rendi Internet Explorer più sicuro

Questo può essere fatto seguendo queste semplici istruzioni.:

  • Da Internet Explorer fare clic su Strumenti, dal menu quindi fare clic su Opzioni Internet .
  • Fare clic una volta sulla scheda sicurezza
  • Fare clic una volta sull'icona di Internet per evidenziarlo.
  • Fare clic una volta sul Livello personalizzato .
  • Cambiare Scarica controlli ActiveX firmati in Chiedi conferma
  • Cambiare Download dei controlli ActiveX senza firma in Disabilitato
  • Cambiare Inizializza ed esegui gli script dei controlli ActiveX non contrassegnati come sicuri in Disabilitato
  • Cambiare Installazione oggetti del desktop in Chiedi conferma
  • Cambiare l'esecuzione di programmi e file in un IFRAME in Chiedi conferma
  • Cambiare Esplora sottoframe in domini diversi in Chiedi conferma
  • Quando tutte le impostazioni sono state effettuate, fare clic su OK .
  • Se viene chiesto se si desidera o no salvare le impostazioni, premere il tasto.
  • Successivamente premere Applica e quindi OK per uscire dalla pagina Proprietà di Internet.

Rendi Mozilla Firefox più sicuro - Questo può essere fatto con l'aggiunta di questi add-ons:

NoScript

AdBlockPlus

Eliminare i punti di ripristino del sistema:

Questo è un buon momento per cancellare i punti di ripristino esistenti e stabilire un nuovo punto di ripristino pulito:

  • Da Start> Tutti i programmi> Accessori> Utilità di sistema> Ripristino configurazione di sistema
  • Seleziona Crea un punto di ripristino , clicca Ok,.
  • Quindi, da Start> Esegui digitare cleanmgr
  • scegliere il disco di root (di solito C:)
  • Dopo che viene calcolato quanto spazio si risparmia si aprirà una nuova finestra
  • Selezionare Altre opzioni nella parte superiore della finestra
  • Scegliere l'opzione pulizia dei punti di ripristino quindi OK .
  • Tornare alla scheda pulizia del disco
  • Mettere un segno di spunta in tutto - tranne comprimere i file vecchi (lasciare l'opzione deselezionata)
  • Fare clic su Ok , quindi fare clic su si

Questo rimuoverà tutti i punti di ripristino tranne quello nuovo appena creato e i file non necessari

Attivare gli aggiornamenti automatici:

  1. Fare clic su Start , fare clic su Esegui, scrivere sysdm.cpl , e quindi premere INVIO.
  2. Fare clic su Aggiornamenti automatici , e quindi fare clic per selezionare una delle seguenti opzioni. Si consiglia di selezionare Automatico (impostazione consigliata)

Scarica automaticamente gli aggiornamenti consigliati per il computer e installali

Se si sceglie questa impostazione, fare clic per selezionare il giorno e l'ora in cui si vuole installare gli aggiornamenti pianificati. È possibile pianificare gli aggiornamenti automatici per ogni momento della giornata. Ricorda che il tuo computer deve essere acceso al momento previsto per gli aggiornamenti da installare. Dopo aver impostato questa opzione si di rileva quando si è online e si utilizza la connessione Internet per trovare gli aggiornamenti sul sito Web Windows Update o il sito Web Microsoft Update per applicarli al computer. Gli aggiornamenti vengono scaricati automaticamente in background, e questi non vengono notificati o interrotti durante questo processo. Viene visualizzata un'icona nell'area di notifica della barra delle applicazioni quando gli aggiornamenti vengono scaricati. Si può puntare l'icona per visualizzare lo stato del download. Per mettere in pausa o riprendere il download, fare clic destro sull'icona, quindi fare clic su Pausa o Riprendi. Una volta completato il download, viene visualizzato un altro messaggio nell'area di notifica in modo da poter esaminare gli aggiornamenti che sono in programma per l'installazione. Se si sceglie di non installare in quel momento, Windows avvia l'installazione sul vostro programma pianificato.

oppure si può visitare il sito http://www.windowsupdate.com regolarmente. In questo modo il computer ha sempre gli ultimi aggiornamenti di sicurezza disponibili installati sul computer. Se ci sono nuovi aggiornamenti da installare, installarli immediatamente, riavviare il computer e rivisitare il sito fino a quando non ci sono più aggiornamenti critici.

Programmi antispyware:

Vi consiglio il download e l'installazione di alcuni o di tutti i seguenti programmi (tutti gratuiti)

  • WinPatrol Come monitor di sicurezza robusta, WinPatrol avvisa l'utente di eventuali Redirect, attacchi di malware e modifiche importanti apportate al computer senza il vostro permesso. WinPatrol prende un'istantanea delle risorse critiche del sistema e avvisa l'utente di eventuali cambiamenti che possono verificarsi senza la vostra conoscenza.

  • Malwarebytes 'Anti-Malware - Malwarebytes' Anti-Malware è un potente anti-malware. È totalmente gratuito, ma per la protezione in tempo reale si dovrà pagare una piccola tassa. E' stato usato questo tool per aiutarti a pulire il computer e si consiglia di mantenerlo e utilizzarlo spesso.

AntiVirus:

Installa un buon antivirus e tienilo costantemente aggiornato. Ti suggerisco di installare uno dei due AV elencati di seguito

Avira

Avast

Microsoft Essentials

firewall

L' Utilizzo di un firewall di terze parti vi permetterà di dare/negare l'accesso alle applicazioni che vogliono andare on-line. Senza un firewall il computer puo' essere violato . Semplicemente utilizzando un firewall nella sua configurazione di default può ridurre il rischio notevolmente. Un tutorial sui firewall può essere trovato qui (In Inglese).

** Ci sono firewall elencati in questo tutorial che possono essere scaricati e utilizzati, ma io personalmente raccomando l'uso di uno dei due riportati di seguito:

Online Armor Free

Agnitum Outpost Firewall Free

Si prega di rispondere a questo thread una volta terminate le procedure, se siete soddisfatti non vergognatevi a farmelo sapere

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0