fedegiu

Problema Con Pc Molto Lento - Potete Controllarmi Il Log?

18 messaggi in questa discussione

Salve, il mio PC dopo aver eliminato un virus, è diventato molto lento in tutte le prestazioni. Allego il log di HJT (ho prima fatto tutti i passaggi indicati nel forum Ccleaner, Combofix, MalwareBytes, Advanced Sytem Care).

Sono nuovo del forum e non sono molto esperto di PC, spero riusciate ad aiutarmi.

Grazie mille in anticipo

hijackthis.log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao fedegiu,

dovresti allegare i log di Combofix e Mbam, per piacere.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ciao,

Io non vedo nessuna anomalia evidente tranne questa riga del log

O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - [...]\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe

che mi pare dubbia più che altro per il percorso. Se riesci ad isolare il file SoftwareUpdService.exe puoi farlo controllare su virus total (https://www.virustotal.com/it/)

Modificato da gopher

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

non ho più i log di Combofix e Mbam eseguiti prima, ho conservato solo quello di hijackthis. va bene se li rifaccio adesso?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

grazie ma come faccio ad isolare il file sospetto?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao fedegiu

OTL

  • Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
  • Fare doppio clic sull'icona per eseguirlo
  • Quando appare la schermata di OTL, in alto nel box Output modificare in Minimal output.
  • Mettere un segno di spunta alle voci "LOP Check e Purity Check"
  • Nel box Custom scan fixes incolla le seguenti direttive:

      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Fare clic sul pulsante Run Scan situato in alto a sinistra. Non modificare le impostazioni se non istruiti a farlo. La scansione durera' un bel po' , abbiate pazienza.
    • Quando la scansione è completata, si apriranno due finestre notepad. OTL.Txt e Extras.Txt.
    • Questi sono salvati nella stessa posizione dove si trova OTL.
    • Si prega di copiare (Edit-> Seleziona tutto, Modifica-> Copia) il contenuto di questi file, uno alla volta, e postarli nella successiva risposta.
    • Potrebbero essere necessari due post.

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .

Non allegare i log, fai copia incolla del loro contenuto

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

non ho più i log di Combofix e Mbam eseguiti prima, ho conservato solo quello di hijackthis. va bene se li rifaccio adesso?

Mi sa che hai torto, sai? :)

In c:\Combofix.txt dovrebbe ancora esserci.

Mentre MBAM ha una opportuna linguetta nel programma dove vengono catalogati tutti i file di log del sistema.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao mr 4011, ci provo, ti allego i primi 2 log:

OTL logfile created on: 20/05/2013 21.32.06 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fede\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

479,48 Mb Total Physical Memory | 140,29 Mb Available Physical Memory | 29,26% Memory free

1,10 Gb Paging File | 0,49 Gb Available in Paging File | 44,93% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 186,26 Gb Total Space | 141,82 Gb Free Space | 76,14% Space Free | Partition Type: FAT32

Computer Name: OEM-2B12LUWM5GV | User Name: fede | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\fede\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programmi\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

PRC - C:\Programmi\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

PRC - C:\Programmi\IObit\Advanced SystemCare 6\Monitor.exe (IObit)

PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()

PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

PRC - C:\Programmi\Chiavetta Internet Olicard 200\ModemApplication.exe ()

PRC - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()

PRC - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()

PRC - C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)

PRC - C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

PRC - C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVAST Software\Avast\defs\13052000\algo.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\Programmi\AVAST Software\Avast\defs\13051801\algo.dll ()

MOD - C:\Programmi\IObit\Advanced SystemCare 6\madexcept_.bpl ()

MOD - C:\Programmi\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()

MOD - C:\Programmi\IObit\Advanced SystemCare 6\madbasic_.bpl ()

MOD - C:\Programmi\IObit\Advanced SystemCare 6\webres.dll ()

MOD - C:\Programmi\IObit\Advanced SystemCare 6\sqlite3.dll ()

MOD - C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()

MOD - C:\Programmi\Canon\ImageBrowser EX\ServerCommon.dll ()

MOD - C:\Programmi\Canon\ImageBrowser EX\ServerCommon.xmlserializers.dll ()

MOD - C:\Programmi\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()

MOD - C:\Programmi\Chiavetta Internet Olicard 200\ModemApplication.exe ()

MOD - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()

MOD - C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\WlanApp.dll ()

MOD - C:\WINDOWS\system32\msjetoledb40.dll ()

MOD - C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()

========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (AdvancedSystemCareService6) -- C:\Programmi\IObit\Advanced SystemCare 6\ASCService.exe (IObit)

SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (SoftwareUpd) -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)

SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)

SRV - (Olivetti Silverstone Modem Device Helper) -- C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe ()

SRV - (CCALib8) -- C:\Programmi\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (ANIWZCSdService) -- C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)

SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\fede\IMPOST~1\Temp\catchme.sys File not found

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()

DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS (Macrovision Europe Ltd)

DRV - (Olicard200net) -- C:\WINDOWS\system32\drivers\Olicard200Usbnet.sys (Olivetti)

DRV - (jrdusbser) -- C:\WINDOWS\system32\drivers\jrdusbser.sys (Olivetti)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)

DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EC2EADE5-7CD5-4252-BB98-0C359F21041B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{EC2EADE5-7CD5-4252-BB98-0C359F21041B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{EC2EADE5-7CD5-4252-BB98-0C359F21041B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " http://search.findeer.com"

FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programmi\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2013/05/13 21.52.50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/01/01 00.48.20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/01/01 00.48.22 | 000,000,000 | ---D | M]

[2011/01/01 00.49.50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Extensions

[2011/01/01 00.49.50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions

[2011/01/04 18.03.22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/05/09 21.48.14 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\extensions\ascsurfingprotection@iobit.com

[2011/09/12 22.35.46 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF

[2010/11/28 14.39.14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/03 08.31.12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll

[2011/09/03 02.19.20 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml

[2011/09/03 02.58.06 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml

[2011/09/03 02.58.06 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml

[2011/09/03 02.58.06 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml

[2011/09/03 02.58.06 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2001/08/31 20.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Programmi\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)

O4 - HKLM..\Run: [iSUSPM] C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [sepang Olivetti ModemListener] C:\Programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe ()

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe ()

O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Programmi\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)

O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ImageBrowser EX Agent.lnk = C:\Programmi\Canon\ImageBrowser EX\MFManager.exe ()

O4 - Startup: C:\Documents and Settings\fede\Menu Avvio\Programmi\Esecuzione automatica\Sommario di OneNote.onetoc2 ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{944F2CCE-1453-4343-8F19-61BE9B2F2876}: DhcpNameServer = 151.99.125.2 151.99.125.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0BC74CE-68FC-41B0-B1F7-E7669C3E25F9}: NameServer = 213.230.129.10 213.230.155.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8355D42-5C94-475B-BF7C-F1FF56CA0128}: DhcpNameServer = 151.99.125.2 151.99.125.3

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter ext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/12 08.58.54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32 ssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 21.29.52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe

[2013/05/14 21.09.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fede\Recent

[2013/05/13 21.54.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\avast! Free Antivirus

[2013/05/13 21.54.30 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/13 21.54.30 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/13 21.54.28 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/13 21.54.27 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/13 21.54.27 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/13 21.54.25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/13 21.54.24 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/13 21.52.45 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/10 20.37.53 | 000,000,000 | -HSD | C] -- C:\Recycled

[2013/05/09 21.59.31 | 000,023,360 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2013/05/09 21.48.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2013/05/09 21.48.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\AppData

[2013/05/09 21.48.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\Dati applicazioni\IObit

[2013/05/09 21.48.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit

[2013/05/09 21.48.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Advanced SystemCare 6

[2013/05/09 21.47.50 | 000,000,000 | ---D | C] -- C:\Programmi\IObit

[2013/05/09 21.36.40 | 005,067,045 | R--- | C] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe

[2013/05/09 21.36.09 | 022,404,848 | ---- | C] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe

[2013/05/08 21.09.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fede\Dati applicazioni\Malwarebytes

[2013/05/08 21.09.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware

[2013/05/08 21.09.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes

[2013/05/08 21.09.04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/05/08 21.09.04 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware

[2013/05/08 20.52.52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/05/08 20.52.52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/05/08 20.52.51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/05/08 20.52.51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/05/08 20.51.53 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/05/07 23.26.27 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/05/07 22.27.00 | 000,000,000 | -HSD | C] -- C:\FOUND.011

[2013/05/06 21.31.25 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 21.29.18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe

[2013/05/20 21.04.26 | 000,001,126 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineUA.job

[2013/05/20 20.56.18 | 000,000,978 | ---- | M] () -- C:\WINDOWS asks\Adobe Flash Player Updater.job

[2013/05/20 20.20.02 | 000,000,304 | -H-- | M] () -- C:\WINDOWS asks\avast! Emergency Update.job

[2013/05/20 20.16.56 | 000,001,122 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineCore.job

[2013/05/20 20.16.54 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME

[2013/05/20 20.16.50 | 000,000,258 | ---- | M] () -- C:\WINDOWS asks\ASC6_PerformanceMonitor.job

[2013/05/20 20.16.44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/20 20.16.42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/20 20.16.40 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/19 14.40.28 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/19 13.59.08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/19 13.59.08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/05/19 13.48.10 | 000,482,590 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat

[2013/05/19 13.48.10 | 000,436,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/05/19 13.48.10 | 000,081,194 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat

[2013/05/19 13.48.10 | 000,069,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/05/19 13.43.42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/13 21.54.34 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/13 21.54.26 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/05/10 21.07.52 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2013/05/10 20.32.10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2013/05/09 21.48.08 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk

[2013/05/09 21.48.08 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk

[2013/05/09 13.25.08 | 022,404,848 | ---- | M] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe

[2013/05/09 10.59.10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2013/05/09 10.59.10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2013/05/09 10.59.10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/09 10.59.10 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

[2013/05/09 10.59.10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2013/05/09 10.59.10 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2013/05/09 10.59.10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/09 10.59.08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2013/05/09 10.58.38 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/05/09 10.58.28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2013/05/08 21.09.10 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/07 13.12.42 | 005,067,045 | R--- | M] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe

[2013/05/07 06.27.18 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/05/06 21.15.02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\housecall.guid.cache

[2013/05/06 13.45.44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe

[2013/04/30 22.00.32 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/19 13.24.23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2013/05/13 21.54.32 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2013/05/13 21.54.29 | 000,000,304 | -H-- | C] () -- C:\WINDOWS asks\avast! Emergency Update.job

[2013/05/13 21.54.26 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys

[2013/05/13 21.54.26 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys

[2013/05/10 21.05.12 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2013/05/10 21.05.11 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader 8.lnk

[2013/05/10 20.32.09 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2013/05/09 21.49.45 | 000,000,258 | ---- | C] () -- C:\WINDOWS asks\ASC6_PerformanceMonitor.job

[2013/05/09 21.48.06 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk

[2013/05/09 21.48.06 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk

[2013/05/08 21.09.09 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/08 20.52.52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/05/08 20.52.52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/05/08 20.52.52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/05/08 20.52.52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/05/08 20.52.51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/05/07 23.19.15 | 502,845,440 | -HS- | C] () -- C:\hiberfil.sys

[2013/05/06 21.15.01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\housecall.guid.cache

[2013/01/27 21.37.28 | 000,502,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat

[2012/04/03 21.38.48 | 000,000,171 | ---- | C] () -- C:\WINDOWS\disney.ini

[2012/04/03 21.38.15 | 000,000,193 | ---- | C] () -- C:\WINDOWS\disneysy.ini

[2012/02/20 21.37.39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/09/02 23.27.32 | 000,000,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2011/07/19 22.02.41 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun

[2011/02/10 21.18.52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fede\Ÿ9Ÿ9

[2010/11/12 13.37.01 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/11/12 23.00.38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 15.16.32 | 001,510,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/20 12.53.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk

[2011/09/14 23.26.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software

[2013/01/13 09.27.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Canon_Inc_IC

[2013/05/09 21.48.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit

[2013/05/09 21.48.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2010/11/12 09.03.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\InterTrust

[2010/11/20 12.53.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\Autodesk

[2010/12/27 21.49.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\OLYMPUS

[2011/02/09 21.41.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\ElevatedDiagnostics

[2013/01/04 16.26.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\PerformerSoft

[2013/01/13 09.28.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\canon

[2013/01/13 09.31.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\Canon_Inc_IC

[2013/05/09 21.48.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fede\Dati applicazioni\IObit

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\FLAG.ID

[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\IT.ID

[2000/02/22 13.21.44 | 000,000,007 | ---- | M] () -- C:\XPSP1.ID

[2010/11/12 08.44.44 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS

[2003/01/24 10.49.36 | 000,441,001 | ---- | M] () -- C:\TXTSETUP.SIF

[2002/08/29 01.06.04 | 000,246,960 | ---- | M] () -- C:\$LDR$

[2013/05/20 20.16.38 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys

[2001/08/31 20.00.00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010/11/12 09.29.20 | 000,251,600 | RHS- | M] () -- C:\ntldr

[2010/11/12 09.29.20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2012/12/26 15.48.02 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/12 08.58.54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/11/12 08.58.54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/11/12 08.58.54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/11/12 08.58.54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/03 23.00.12 | 000,261,312 | RHS- | M] () -- C:\cmldr

[2010/11/12 09.32.42 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2013/05/20 20.16.40 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/10 20.32.10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

< %systemroot%\Fonts\*.com >

[2006/04/18 15.39.28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14.53.56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15.39.28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14.58.52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2010/11/12 08.58.44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 11.50.04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

[2008/07/06 13.06.10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/10/26 19.56.12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

[2007/10/20 18.21.50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2013/05/09 10.58.38 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2010/11/12 08.55.10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

[2010/11/12 08.55.10 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010/11/12 08.55.10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2010/11/12 09.37.18 | 000,000,181 | -HS- | M] () -- C:\Documents and Settings\fede\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2010/11/12 09.20.02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\fede\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2013/05/06 13.45.44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\fede\Desktop\HijackThis.exe

[2013/05/09 13.25.08 | 022,404,848 | ---- | M] (IObit ) -- C:\Documents and Settings\fede\Desktop\asc-setup.exe

[2013/05/07 13.12.42 | 005,067,045 | R--- | M] (Swearware) -- C:\Documents and Settings\fede\Desktop\ComboFix.exe

[2013/05/20 21.29.18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fede\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32 est\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-05-19 11:53:32

< End of report >

OTL Extras logfile created on: 20/05/2013 21.32.06 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fede\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

479,48 Mb Total Physical Memory | 140,29 Mb Available Physical Memory | 29,26% Memory free

1,10 Gb Paging File | 0,49 Gb Available in Paging File | 44,93% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi

Drive C: | 186,26 Gb Total Space | 141,82 Gb Free Space | 76,14% Space Free | Partition Type: FAT32

Computer Name: OEM-2B12LUWM5GV | User Name: fede | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" = C:\Programmi\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 -- (Adobe Systems Incorporated)

"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Programmi\Microsoft Office\Office12\groove.exe" = C:\Programmi\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Programmi\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmi\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programmi\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" = C:\Programmi\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe:*:Enabled:D-Link AirPlus Utility -- (D-Link)

"C:\Programmi\Internet Explorer\iexplore.exe" = C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5783F2D7-0201-0410-0002-0060B0CE6BBA}" = AutoCAD 2004

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12

"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007

"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007

"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007

"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007

"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007

"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007

"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007

"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007

"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007

"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007

"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker

"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200

"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"Autodesk Express Viewer" = Autodesk Express Viewer

"avast" = avast! Free Antivirus

"AviSynth" = AviSynth 2.5

"CameraWindowDC" = Canon Utilities CameraWindow DC 8

"CCleaner" = CCleaner

"CdaC13Ba" = SafeCast Shared Components

"Chiavetta Internet Olicard 200_is1" = Chiavetta Internet Olicard 200

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"ie8" = Windows Internet Explorer 8

"ImageBrowser EX" = Canon Utilities ImageBrowser EX

"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.75.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 6.0.2 (x86 it)" = Mozilla Firefox 6.0.2 (x86 it)

"PhotoStitch" = Canon Utilities PhotoStitch

"Shop for HP Supplies" = Shop for HP Supplies

"VLC media player" = VLC media player 1.1.11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR gestione archivi

"XviD4PSP5" = XviD4PSP 5.0

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 15/03/2013 6.01.17 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 6.01.20 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 7.40.32 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 15/03/2013 7.40.32 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 21/03/2013 7.14.18 | Computer Name = OEM-2B12LUWM5GV | Source = Application Error | ID = 1000

Description = Applicazione che ha provocato l'errore ANIWZCSdS.exe, versione 1.0.3.7034,

modulo che ha provocato l'errore user32.dll, versione 5.1.2600.5512, indirizzo

errore 0x00014acd.

Error - 08/04/2013 15.29.12 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 09/04/2013 13.46.57 | Computer Name = OEM-2B12LUWM5GV | Source = MsiInstaller | ID = 11719

Description = Prodotto: OLYMPUS Master -- Errore 1719. Impossibile accedere al servizio

Windows Installer. Ciò può verificarsi se Windows Installer non è installato correttamente.

Contattare il personale di assistenza.

Error - 09/04/2013 14.59.29 | Computer Name = OEM-2B12LUWM5GV | Source = Application Hang | ID = 1002

Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo

in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/04/2013 14.50.15 | Computer Name = OEM-2B12LUWM5GV | Source = MsiInstaller | ID = 11719

Description = Prodotto: OLYMPUS Master -- Errore 1719. Impossibile accedere al servizio

Windows Installer. Ciò può verificarsi se Windows Installer non è installato correttamente.

Contattare il personale di assistenza.

Error - 06/05/2013 14.52.45 | Computer Name = OEM-2B12LUWM5GV | Source = Application Error | ID = 1000

Description = Applicazione che ha provocato l'errore ANIWZCSdS.exe, versione 1.0.3.7034,

modulo che ha provocato l'errore user32.dll, versione 5.1.2600.5512, indirizzo

errore 0x00014acd.

[ System Events ]

Error - 13/05/2013 15.14.15 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 14/05/2013 15.10.06 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 14/05/2013 15.16.22 | Computer Name = OEM-2B12LUWM5GV | Source = Windows Update Agent | ID = 16

Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio

Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base

alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire

una connessione.

Error - 15/05/2013 14.50.21 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 19/05/2013 6.21.26 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 19/05/2013 6.22.21 | Computer Name = OEM-2B12LUWM5GV | Source = Windows Update Agent | ID = 16

Description = Impossibile stabilire la connessione. Impossibile connettersi al servizio

Aggiornamenti automatici e quindi scaricare e installare gli aggiornamenti in base

alla pianificazione impostata. Verranno effettuati altri tentativi di stabilire

una connessione.

Error - 19/05/2013 6.33.02 | Computer Name = OEM-2B12LUWM5GV | Source = DCOM | ID = 10010

Description = Il server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} non si è registrato

con DCOM entro il tempo d'attesa richiesto.

Error - 19/05/2013 8.42.37 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 20/05/2013 14.18.26 | Computer Name = OEM-2B12LUWM5GV | Source = Service Control Manager | ID = 7022

Description = Servizio Servizio di rilevamento dispositivi HP CUE bloccato in partenza.

Error - 20/05/2013 15.03.40 | Computer Name = OEM-2B12LUWM5GV | Source = DCOM | ID = 10010

Description = Il server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} non si è registrato

con DCOM entro il tempo d'attesa richiesto.

< End of report >

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao mr 4011, questo è l'altro log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-05-20 22:19:34

-----------------------------

22:19:34.640 OS Version: Windows 5.1.2600 Service Pack 3

22:19:34.640 Number of processors: 2 586 0x209

22:19:34.687 ComputerName: OEM-2B12LUWM5GV UserName: fede

22:19:37.515 Initialize success

22:19:42.375 AVAST engine defs: 13052000

22:19:55.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

22:19:55.265 Disk 0 Vendor: SAMSUNG_SP2014N VC100-33 Size: 190782MB BusType: 3

22:19:55.406 Disk 0 MBR read successfully

22:19:55.421 Disk 0 MBR scan

22:19:55.593 Disk 0 Windows XP default MBR code

22:19:55.609 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 190779 MB offset 63

22:19:55.656 Disk 0 scanning sectors +390716865

22:19:55.687 Disk 0 scanning C:\WINDOWS\system32\drivers

22:20:18.015 Service scanning

22:20:30.765 Modules scanning

22:20:55.984 Disk 0 trace - called modules:

22:20:56.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

22:20:56.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853cdab8]

22:20:56.062 3 CLASSPNP.SYS[f7856fd7] -> nt!IofCallDriver -> \Device\0000005e[0x853d0a40]

22:20:56.078 5 ACPI.sys[f77cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x853d0b58]

22:20:56.984 AVAST engine scan C:\WINDOWS

22:21:06.687 AVAST engine scan C:\WINDOWS\system32

22:24:03.703 AVAST engine scan C:\WINDOWS\system32\drivers

22:24:19.718 AVAST engine scan C:\Documents and Settings\fede

22:25:27.093 AVAST engine scan C:\Documents and Settings\All Users

22:25:40.500 Scan finished successfully

22:28:19.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fede\Desktop\MBR.dat"

22:28:19.546 The log file has been saved successfully to "C:\Documents and Settings\fede\Desktop\aswMBR.txt"

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao Pike.

il log di combofix non l'ho trovato, ti allego l'altro e grazie

Malwarebytes Anti-Malware (Prova) 1.75.0.1300

www.malwarebytes.org

Versione database: v2013.05.13.08

Windows XP Service Pack 3 x86 FAT32

Internet Explorer 8.0.6001.18702

fede :: OEM-2B12LUWM5GV [amministratore]

Protezione: Attivata

14/05/2013 21.16.54

mbam-log-2013-05-14 (21-16-54).txt

Tipo di scansione: Scansione completa (C:\|)

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 53018

Tempo impiegato: 18 minuti, 27 secondi [interrotto]

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Fedegiu

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

thisisujrt.gif Scarica Junkware Removal Tool sul desktop.

  • Arrestare il software di protezione ora per evitare potenziali conflitti
  • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
  • Lo strumento si apre e avvia la scansione del sistema.
  • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
  • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
  • Post i contenuti di JRT.txt nel messaggio successivo

  • Scarica RogueKiller e salvalo sul desktop
  • Chiudi tutti gli altri programmi
  • Avvia RogueKiller.exe
  • Attendere mentre la Prescansione termina
  • Click su Scan
    RGKRScan.png
  • Attendere la fine della scansione
  • Un report sarà creato sul desktop.
  • Click su Delete
    RGKRDelete.png
  • Successivamente cliccare su ShortcutsFix
    RGKRShortcutsFix.png
  • Un'altro log sarà creato sul desktop.

Posta tutti gli RKreport.txt posizionati sul tuo desktop.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao mr 4011.

Intanto grazie. Ho seguito le tue istruzioni, ora ti allego i log.

Però non ho trovato sul desktop il secondo report che avrebbe dovuto generarmi in automatico roguekiller dopo "ripara collegamenti". Ne ho trovato uno (quarantine Report) sulla sua cartella, non so se è quello giusto, io te lo posto ugualmente. Ho provato anche a cliccare io su report e mi dice "impossibile trovare RkReport[2]

# AdwCleaner v2.301 - Logfile creato il 24/05/2013 alle 19:41:20

# Aggiornamento 16/05/2013 by Xplode

# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)

# Utente : fede - OEM-2B12LUWM5GV

# Modalità Avvio : Modalità Normale

# Eseguito da : C:\Documents and Settings\fede\Desktop\adwcleaner.exe

# Opzioni [Elimina]

***** [servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\fede\Dati applicazioni\file scout

Cartella Eliminato : C:\Documents and Settings\fede\Dati applicazioni\PerformerSoft

Cartella Eliminato : C:\Documents and Settings\fede\Impostazioni locali\Dati applicazioni\PackageAware

Cartella Eliminato : C:\Programmi\file scout

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Softonic

Chiave Eliminata : HKLM\Software\Iminent

Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v6.0.2 (it)

File : C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\prefs.js

C:\Documents and Settings\fede\Dati applicazioni\Mozilla\Firefox\Profiles\plbn07t0.default\user.js ... Eliminato !

[OK] File Pulito.

*************************

AdwCleaner[s1].txt - [1376 octets] - [24/05/2013 19:41:20]

########## EOF - C:\AdwCleaner[s1].txt - [1436 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by fede on 24/05/2013 at 19.47.15,56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\fede\Dati applicazioni\mozilla\firefox\profiles\plbn07t0.default\prefs.js

user_pref("browser.startup.homepage", " hxxp://search.findeer.com");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/05/2013 at 19.52.58,37

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : fede [Admin rights]

Mode : Scan -- Date : 05/24/2013 20:03:24

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] AGRSMMSG.EXE -- C:\WINDOWS\AGRSMMSG.exe [7] -> Chiuso [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Trovato

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

[Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys [-] --> Trovato

[Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys [-] --> Trovato

[Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys [-] --> Trovato

[Faked.Drv][FILE] bthusb.sys : C:\WINDOWS\system32\drivers\bthusb.sys [-] --> Trovato

[Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys [-] --> Trovato

[Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys [-] --> Trovato

[Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys [-] --> Trovato

[Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys [-] --> Trovato

[Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys [-] --> Trovato

[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys [-] --> Trovato

[Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys [-] --> Trovato

[Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys [-] --> Trovato

[Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys [-] --> Trovato

[Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys [-] --> Trovato

[Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys [-] --> Trovato

[Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys [-] --> Trovato

[Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys [-] --> Trovato

[Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys [-] --> Trovato

[Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys [-] --> Trovato

[Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys [-] --> Trovato

[Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys [-] --> Trovato

[Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys [-] --> Trovato

[Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys [-] --> Trovato

[Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys [-] --> Trovato

[Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys [-] --> Trovato

[Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys [-] --> Trovato

[Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys [-] --> Trovato

[Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys [-] --> Trovato

[Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys [-] --> Trovato

[Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys [-] --> Trovato

[Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys [-] --> Trovato

[Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys [-] --> Trovato

[Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys [-] --> Trovato

[Faked.Drv][FILE] atinbtxx.sys : C:\WINDOWS\system32\drivers\atinbtxx.sys [-] --> Trovato

[Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys [-] --> Trovato

[Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys [-] --> Trovato

[Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys [-] --> Trovato

[Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys [-] --> Trovato

[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys [-] --> Trovato

[Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys [-] --> Trovato

[Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys [-] --> Trovato

[Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys [-] --> Trovato

[Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys [-] --> Trovato

[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys [-] --> Trovato

[Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys [-] --> Trovato

[Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys [-] --> Trovato

[Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys [-] --> Trovato

[Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys [-] --> Trovato

[Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys [-] --> Trovato

[Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys [-] --> Trovato

[Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys [-] --> Trovato

[Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys [-] --> Trovato

[Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys [-] --> Trovato

[Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys [-] --> Trovato

[Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys [-] --> Trovato

[Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys [-] --> Trovato

[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys [-] --> Trovato

[Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys [-] --> Trovato

[Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys [-] --> Trovato

[Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys [-] --> Trovato

[Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys [-] --> Trovato

[Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys [-] --> Trovato

[Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys [-] --> Trovato

[Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys [-] --> Trovato

[Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys [-] --> Trovato

[Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys [-] --> Trovato

[Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys [-] --> Trovato

[Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys [-] --> Trovato

[Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys [-] --> Trovato

[Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys [-] --> Trovato

[Faked.Drv][FILE] amdagp.sys : C:\WINDOWS\system32\drivers\amdagp.sys [-] --> Trovato

[Faked.Drv][FILE] alim1541.sys : C:\WINDOWS\system32\drivers\alim1541.sys [-] --> Trovato

[Faked.Drv][FILE] agpcpq.sys : C:\WINDOWS\system32\drivers\agpcpq.sys [-] --> Trovato

[Faked.Drv][FILE] agp440.sys : C:\WINDOWS\system32\drivers\agp440.sys [-] --> Trovato

[Faked.Drv][FILE] hidusb.sys : C:\WINDOWS\system32\drivers\hidusb.sys [-] --> Trovato

[Faked.Drv][FILE] mouhid.sys : C:\WINDOWS\system32\drivers\mouhid.sys [-] --> Trovato

[Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys [-] --> Trovato

[Faked.Drv][FILE] Dr71WU.sys : C:\WINDOWS\system32\drivers\Dr71WU.sys [-] --> Trovato

[Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys [-] --> Trovato

[Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys [-] --> Trovato

[Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys [-] --> Trovato

[Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys [-] --> Trovato

[Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys [-] --> Trovato

[Faked.Drv][FILE] usbccgp.sys : C:\WINDOWS\system32\drivers\usbccgp.sys [-] --> Trovato

[Faked.Drv][FILE] usbprint.sys : C:\WINDOWS\system32\drivers\usbprint.sys [-] --> Trovato

[Faked.Drv][FILE] CDAC15BA.SYS : C:\WINDOWS\system32\drivers\CDAC15BA.SYS [-] --> Trovato

[Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys [-] --> Trovato

[Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys [-] --> Trovato

[Faked.Drv][FILE] usbscan.sys : C:\WINDOWS\system32\drivers\usbscan.sys [-] --> Trovato

[Faked.Drv][FILE] CDRBSDRV.SYS : C:\WINDOWS\system32\drivers\CDRBSDRV.SYS [-] --> Trovato

[Faked.Drv][FILE] HPZius12.sys : C:\WINDOWS\system32\drivers\HPZius12.sys [-] --> Trovato

[Faked.Drv][FILE] HPZid412.sys : C:\WINDOWS\system32\drivers\HPZid412.sys [-] --> Trovato

[Faked.Drv][FILE] HPZipr12.sys : C:\WINDOWS\system32\drivers\HPZipr12.sys [-] --> Trovato

[Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys [-] --> Trovato

[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys [-] --> Trovato

[Faked.Drv][FILE] aswRvrt.sys : C:\WINDOWS\system32\drivers\aswRvrt.sys [-] --> Trovato

[Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys [-] --> Trovato

[Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys [-] --> Trovato

[Faked.Drv][FILE] mbam.sys : C:\WINDOWS\system32\drivers\mbam.sys [-] --> Trovato

[Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys [-] --> Trovato

[Faked.Drv][FILE] jrdusbser.sys : C:\WINDOWS\system32\drivers\jrdusbser.sys [-] --> Trovato

[Faked.Drv][FILE] Olicard200Usbnet.sys : C:\WINDOWS\system32\drivers\Olicard200Usbnet.sys [-] --> Trovato

[Faked.Drv][FILE] kbdhid.sys : C:\WINDOWS\system32\drivers\kbdhid.sys [-] --> Trovato

[Faked.Drv][FILE] aswSnx.sys : C:\WINDOWS\system32\drivers\aswSnx.sys [-] --> Trovato

[Faked.Drv][FILE] aswTdi.sys : C:\WINDOWS\system32\drivers\aswTdi.sys [-] --> Trovato

[Faked.Drv][FILE] Rtlnic51.sys : C:\WINDOWS\system32\drivers\Rtlnic51.sys [-] --> Trovato

[Faked.Drv][FILE] sisgrp.sys : C:\WINDOWS\system32\drivers\sisgrp.sys [-] --> Trovato

[Faked.Drv][FILE] srvkp.sys : C:\WINDOWS\system32\drivers\srvkp.sys [-] --> Trovato

[Faked.Drv][FILE] aswRdr.sys : C:\WINDOWS\system32\drivers\aswRdr.sys [-] --> Trovato

[Faked.Drv][FILE] aswSP.sys : C:\WINDOWS\system32\drivers\aswSP.sys [-] --> Trovato

[Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys [-] --> Trovato

[Faked.Drv][FILE] aswFsBlk.sys : C:\WINDOWS\system32\drivers\aswFsBlk.sys [-] --> Trovato

[Faked.Drv][FILE] TrueSight.sys : C:\WINDOWS\system32\drivers\TrueSight.sys [-] --> Trovato

[Faked.Drv][FILE] SISAGPX.SYS : C:\WINDOWS\system32\drivers\SISAGPX.SYS [-] --> Trovato

[Faked.Drv][FILE] ALCXSENS.SYS : C:\WINDOWS\system32\drivers\ALCXSENS.SYS [-] --> Trovato

[Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys [-] --> Trovato

[Faked.Drv][FILE] wstcodec.sys : C:\WINDOWS\system32\drivers\wstcodec.sys [-] --> Trovato

[Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys [-] --> Trovato

[Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys [-] --> Trovato

[Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys [-] --> Trovato

[Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys [-] --> Trovato

[Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys [-] --> Trovato

[Faked.Drv][FILE] usbstor.sys : C:\WINDOWS\system32\drivers\usbstor.sys [-] --> Trovato

[Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys [-] --> Trovato

[Faked.Drv][FILE] usbohci.sys : C:\WINDOWS\system32\drivers\usbohci.sys [-] --> Trovato

[Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys [-] --> Trovato

[Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys [-] --> Trovato

[Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys [-] --> Trovato

[Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys [-] --> Trovato

[Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys [-] --> Trovato

[Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys [-] --> Trovato

[Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys [-] --> Trovato

[Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys [-] --> Trovato

[Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys [-] --> Trovato

[Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys [-] --> Trovato

[Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys [-] --> Trovato

[Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys [-] --> Trovato

[Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys [-] --> Trovato

[Faked.Drv][FILE] streamip.sys : C:\WINDOWS\system32\drivers\streamip.sys [-] --> Trovato

[Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys [-] --> Trovato

[Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys [-] --> Trovato

[Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys [-] --> Trovato

[Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys [-] --> Trovato

[Faked.Drv][FILE] slip.sys : C:\WINDOWS\system32\drivers\slip.sys [-] --> Trovato

[Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys [-] --> Trovato

[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys [-] --> Trovato

[Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys [-] --> Trovato

[Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys [-] --> Trovato

[Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys [-] --> Trovato

[Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys [-] --> Trovato

[Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys [-] --> Trovato

[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys [-] --> Trovato

[Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys [-] --> Trovato

[Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys [-] --> Trovato

[Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys [-] --> Trovato

[Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys [-] --> Trovato

[Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys [-] --> Trovato

[Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys [-] --> Trovato

[Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys [-] --> Trovato

[Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys [-] --> Trovato

[Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys [-] --> Trovato

[Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys [-] --> Trovato

[Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys [-] --> Trovato

[Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys [-] --> Trovato

[Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys [-] --> Trovato

[Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys [-] --> Trovato

[Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys [-] --> Trovato

[Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys [-] --> Trovato

[Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys [-] --> Trovato

[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys [-] --> Trovato

[Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys [-] --> Trovato

[Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys [-] --> Trovato

[Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys [-] --> Trovato

[Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys [-] --> Trovato

[Faked.Drv][FILE] ndisip.sys : C:\WINDOWS\system32\drivers\ndisip.sys [-] --> Trovato

[Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys [-] --> Trovato

[Faked.Drv][FILE] nabtsfec.sys : C:\WINDOWS\system32\drivers\nabtsfec.sys [-] --> Trovato

[Faked.Drv][FILE] mstee.sys : C:\WINDOWS\system32\drivers\mstee.sys [-] --> Trovato

[Faked.Drv][FILE] mspqm.sys : C:\WINDOWS\system32\drivers\mspqm.sys [-] --> Trovato

[Faked.Drv][FILE] mspclock.sys : C:\WINDOWS\system32\drivers\mspclock.sys [-] --> Trovato

[Faked.Drv][FILE] mskssrv.sys : C:\WINDOWS\system32\drivers\mskssrv.sys [-] --> Trovato

[Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys [-] --> Trovato

[Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys [-] --> Trovato

[Faked.Drv][FILE] msdv.sys : C:\WINDOWS\system32\drivers\msdv.sys [-] --> Trovato

[Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys [-] --> Trovato

[Faked.Drv][FILE] mpe.sys : C:\WINDOWS\system32\drivers\mpe.sys [-] --> Trovato

[Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys [-] --> Trovato

[Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys [-] --> Trovato

[Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys [-] --> Trovato

[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys [-] --> Trovato

[Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys [-] --> Trovato

[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> Trovato

[Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys [-] --> Trovato

[Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys [-] --> Trovato

[Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys [-] --> Trovato

[Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys [-] --> Trovato

[Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys [-] --> Trovato

[Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys [-] --> Trovato

[Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys [-] --> Trovato

[Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys [-] --> Trovato

[Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys [-] --> Trovato

[Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys [-] --> Trovato

[Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys [-] --> Trovato

[Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys [-] --> Trovato

[Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys [-] --> Trovato

[Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys [-] --> Trovato

[Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys [-] --> Trovato

[Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys [-] --> Trovato

[Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys [-] --> Trovato

[Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys [-] --> Trovato

[Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys [-] --> Trovato

[Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys [-] --> Trovato

[Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys [-] --> Trovato

[Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys [-] --> Trovato

[Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys [-] --> Trovato

[Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys [-] --> Trovato

[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> Trovato

[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys [-] --> Trovato

[Faked.Drv][FILE] ccdecode.sys : C:\WINDOWS\system32\drivers\ccdecode.sys [-] --> Trovato

[Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys [-] --> Trovato

[Faked.Drv][FILE] bdasup.sys : C:\WINDOWS\system32\drivers\bdasup.sys [-] --> Trovato

[Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys [-] --> Trovato

[Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys [-] --> Trovato

[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys [-] --> Trovato

[Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys [-] --> Trovato

[Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys [-] --> Trovato

[Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys [-] --> Trovato

[Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys [-] --> Trovato

[Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys [-] --> Trovato

[Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys [-] --> Trovato

[Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys [-] --> Trovato

[Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys [-] --> Trovato

[Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys [-] --> Trovato

[Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys [-] --> Trovato

[Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys [-] --> Trovato

[Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys [-] --> Trovato

[Faked.Drv][FILE] viaagp.sys : C:\WINDOWS\system32\drivers\viaagp.sys [-] --> Trovato

[Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys [-] --> Trovato

[Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys [-] --> Trovato

[Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys [-] --> Trovato

[Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys [-] --> Trovato

[Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys [-] --> Trovato

[Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys [-] --> Trovato

[Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys [-] --> Trovato

[Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys [-] --> Trovato

[Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys [-] --> Trovato

[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys [-] --> Trovato

[Faked.Drv][FILE] sisagp.sys : C:\WINDOWS\system32\drivers\sisagp.sys [-] --> Trovato

[Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys [-] --> Trovato

[Faked.Drv][FILE] sffp_mmc.sys : C:\WINDOWS\system32\drivers\sffp_mmc.sys [-] --> Trovato

[Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys [-] --> Trovato

[Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys [-] --> Trovato

[Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys [-] --> Trovato

[Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys [-] --> Trovato

[Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys [-] --> Trovato

[Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys [-] --> Trovato

[Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys [-] --> Trovato

[Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys [-] --> Trovato

[Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys [-] --> Trovato

[Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys [-] --> Trovato

[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys [-] --> Trovato

[Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys [-] --> Trovato

[Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys [-] --> Trovato

[Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys [-] --> Trovato

[Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys [-] --> Trovato

[Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys [-] --> Trovato

[Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys [-] --> Trovato

[Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys [-] --> Trovato

[Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys [-] --> Trovato

[Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys [-] --> Trovato

[Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys [-] --> Trovato

[Faked.Drv][FILE] hdaudbus.sys : C:\WINDOWS\system32\drivers\hdaudbus.sys [-] --> Trovato

[Faked.Drv][FILE] gagp30kx.sys : C:\WINDOWS\system32\drivers\gagp30kx.sys [-] --> Trovato

[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys [-] --> Trovato

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2014N +++++

--- User ---

[MBR] f9d0deff7e5060156e7432f321cb3de7

[bSP] e041aa5b3fc6215d0ac8bccbe91dbf09 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05242013_02d2003.txt >>

RKreport[1]_S_05242013_02d2003.txt

Time : 24/05/2013 20:03:24

--------------------------

[AGRSMMSG.EXE.vir] -> C:\WINDOWS\AGRSMMSG.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao fedegiu

Leggere attentamente queste istruzioni per familiarizare con questo strumento

Fare riferimento a Questa Guida

Scarica ComboFix da una delle seguenti posizioni:

Link 1

Link 2

 

* IMPORTANTE-Salva ComboFix.exe sul Desktop

================================================== ==

disattivare antivirus e antispyware , in quanto interferiscono con gli strumenti di rimozione.

Se non siete sicuri su come effettuare questa operazione, fare riferimento al nostro argomento: disabilitare le applicazioni di sicurezza

====================================================

 

Fare doppio clic su ComboFix.exe e seguire le istruzioni.

  • Come parte del suo processo, ComboFix verificare se il ripristino di Microsoft Windows Console è installato. Con infezioni da malware che sono come lo sono oggi, è fortemente raccomandato di avere questo pre-installato sul computer prima di eseguire qualsiasi rimozione di malware. Essa vi permetterà di avviare in uno speciale di recupero / riparazione modalità che ci permetterà di aiutare più facilmente il vostro computer dovrebbe avere un problema dopo un tentativo di rimozione di malware.

     

  • Seguire le istruzioni per consentire ComboFix per scaricare e installare la Console di ripristino di Microsoft Windows, e, quando richiesto, accetta di End-User License Agreement per installare la Recovery Console di Microsoft Windows.

** Si prega di notare:. Se il Console di ripristino di Microsoft Windows è già installato, ComboFix continuerà le sue procedure di rimozione di malware

 

RC_update.png

 

Una volta che il ripristino di Microsoft Windows Console viene installato utilizzando ComboFix, si dovrebbe vedere il seguente messaggio:

 

cfRC_screen_2.png

 

Fare clic su Sì, per continuare la scansione alla ricerca di malware.

Al termine, si deve produrre un registro per voi. Si prega di includere il C:\ComboFix.txt nella risposta successiva per un'ulteriore revisione.

 

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao a tutti e in particolare a mr 4011 che mi sta aiutando. scusate per il periodo di assenza ma sono diventato papà per la seconda volta e non sono riuscito a seguire il forum.

Abbiate un pò di pazienza, appena trovo 1 ora faccio il passaggio con combofix e invio il registro.

Una domanda: dove viene generato il file .txt da combofix? su C: , sul desktop o dove?

grazie saluti

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

In C:

Congratulazioni per la recente nascita :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

finalmente sono riuscito a riaccandere il pc.

ho eseguito combofix però il file che mi ha generato in c: non mi sembra un file txt, mi sembra una cartella. Ho provato ad allegarlo ma mi dice che è impossibile perchè non ci sono le autorizzazioni necessarie ad aprire il file

Come posso fare?

Quando riuscirò ad avere qualche risposta ai problemi?

grazie per la collaborazione e per la pazienza ma non ho più il tempo che avevo prima per il pc

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao a tutti.

Per favore c'è qualcuno che può darmi qualche risposta in modo da finire tutti i controlli del caso?

E' un po' che non sento più nessuno....

grazie

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora