Condividi:        

Pagine pubblicitarie che si aprono da sole file log allegato

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

Pagine pubblicitarie che si aprono da sole file log allegato

Postdi Rob968 » 19/11/12 22:44

Ciao, ho il problema che mi si aprono pagine pubblicitarie inerenti al sito che visito. Ho eseguito la scansione con hijackthis, di seguito il file log. Qualcuno mi potrebbe gentilmente aiutare spiegandomi cosa fare? Grazie in anticipo.

--------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.37.56, on 19/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\VEXPLite\MONLITE.EXE
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLite\viritsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwork.com/?sp=addr&q=

{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=addr&q=

{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q=

{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7

\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST

Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File

comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo

Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7

\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32

\eDStoolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo

Print\EPTBL.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST

Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Roberto B\Impostazioni locali\Dati

applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} -

http://www.directxtras.com/speaksforits ... s_mary.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} -

http://www.directxtras.com/speaksforits ... s_sapi.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) -

http://www.directxtras.com/speaksforits ... plugin.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F61B858-045D-4251-86FF-0C7B0F4D4924}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{742667C3-C6FD-432A-BB89-D0FBEDD4B580}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{88348453-AD73-494E-B7AD-A8011A4C7856}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E0D99F-A3AF-4F43-8020-ED96D0896F3A}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =

176.31.229.24,176.31.229.25
O17 - HKLM\System\CS3\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =

176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1

\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering

Technology\ePerformance\MemCheck.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File

comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance

Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Roberto B\Impostazioni

locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Roberto B\Impostazioni locali\Dati

applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Programmi\Sony\Sony PC Companion\PCCService.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 11552 bytes
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Sponsor
 

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 20/11/12 13:57

Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
● a sinistra, metti la spunta accanto ad ogni singola voce che ti indicherò sotto (non spuntare tutte le voce , solo quelle riportate sotto, mi raccomando)
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su
Queste sono le voci da fixare:

O17 - HKLM\System\CCS\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F61B858-045D-4251-86FF-0C7B0F4D4924}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{742667C3-C6FD-432A-BB89-D0FBEDD4B580}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{88348453-AD73-494E-B7AD-A8011A4C7856}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E0D99F-A3AF-4F43-8020-ED96D0896F3A}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =
176.31.229.24,176.31.229.25
O17 - HKLM\System\CS3\Services\Tcpip\..\{48B88CCE-E011-4097-9337-68E4F5CB55F6}: NameServer =
176.31.229.24,176.31.229.25

● se riscontrassi problemi (impossibilità di leggere il file Hosts, finestra di Notepad vuota), recati al percorso:
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 32 Bit)
C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 64 Bit)
e clicca con il tasto destro del mouse sul file in questione, scegliendo la voce Esegui come amministratore

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce: quando inserisci un dispositivo esterno, dovrai avviarla "manualmente" dalle Risorse del computer
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 21/11/12 16:31

Ciao, grazie mille per le indicazioni. Ho eseguito Combofix ma per errore da dove mi è stato scaricato da Chrome, cioè da D/downloads. Va bene lo stesso o devo rieseguirlo dopo averlo spostato sul Desktop? Ora mi trovo una cartella in C che visualizza le unità disco e l'hardware connesso al computer e un file in in C:/windows/Prefetch, li devo lasciare?
Ecco comunque il file log:

c:\qoobox\Quarantine
c:\qoobox\Test
c:\qoobox\TestC
c:\qoobox\LastRun
c:\qoobox\BackEnv
c:\qoobox\Quarantine\Registry_backups
c:\qoobox\Quarantine\catchme.log
c:\qoobox\Quarantine\C
c:\qoobox\Quarantine\Registry_backups\tcpip.reg
c:\qoobox\Quarantine\C\Documents and Settings
c:\qoobox\Quarantine\C\WINDOWS
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\config.xml.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\categories.xml.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\country.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\history.db.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\profile.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\update.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\update.xml.vir
c:\qoobox\Quarantine\C\WINDOWS\IsUn0410.exe.vir
c:\qoobox\Quarantine\C\WINDOWS\system32
c:\qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000011_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
c:\qoobox\LastRun\Gateway
c:\qoobox\BackEnv\Profiles.Folder.dat
c:\qoobox\BackEnv\Profiles.Folder.folder.dat
c:\qoobox\BackEnv\AppData.folder.dat
c:\qoobox\BackEnv\Templates.folder.dat
c:\qoobox\BackEnv\Personal.folder.dat
c:\qoobox\BackEnv\LocalSettings.folder.dat
c:\qoobox\BackEnv\LocalAppData.folder.dat
c:\qoobox\BackEnv\Programs.folder.dat
c:\qoobox\BackEnv\StartMenu.folder.dat
c:\qoobox\BackEnv\StartUp.folder.dat
c:\qoobox\BackEnv\Cache.folder.dat
c:\qoobox\BackEnv\Desktop.folder.dat
c:\qoobox\BackEnv\Favorites.folder.dat
c:\qoobox\BackEnv\Pictures.folder.dat
c:\qoobox\BackEnv\Cookies.folder.dat
c:\qoobox\BackEnv\NetHood.folder.dat
c:\qoobox\BackEnv\PrintHood.folder.dat
c:\qoobox\BackEnv\Recent.folder.dat
c:\qoobox\BackEnv\SendTo.folder.dat
c:\qoobox\BackEnv\History.folder.dat
c:\qoobox\BackEnv\Music.folder.dat
c:\qoobox\BackEnv\SysPath.dat
c:\qoobox\BackEnv\SetPath.bat
c:\qoobox\BackEnv\VikPev00
--------------------------------------------
Grazie, ciao
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 21/11/12 16:55

Noto ora che il problema persiste, da tripadvisor si è aperta automaticamente la pagina di e-dreams :-(
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 21/11/12 17:06

Devi pazientare un attimo. So come rimuovere l'infezione, ma non mi hai allegato il log di ComboFix.
O meglio, non lo trovi li.

prova questo comando, da start esegui:
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Altrimenti, dovremo agire diversametne.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 21/11/12 18:35

Ciao, lo ho allegato due messaggi sopra, non so se mi sbaglio e non è quello o forse hai letto solo l'ultimo mio post...
Grazie, ciao
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 22/11/12 14:04

Non è quello.
Fai come sopra!
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 22/11/12 16:59

Ciao, ecco quello che mi è uscito col comando che mi hai scritto:
c:\qoobox\Quarantine
c:\qoobox\Test
c:\qoobox\TestC
c:\qoobox\LastRun
c:\qoobox\BackEnv
c:\qoobox\Quarantine\Registry_backups
c:\qoobox\Quarantine\catchme.log
c:\qoobox\Quarantine\C
c:\qoobox\Quarantine\Registry_backups\tcpip.reg
c:\qoobox\Quarantine\C\Documents and Settings
c:\qoobox\Quarantine\C\WINDOWS
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\config.xml.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\categories.xml.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\country.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\history.db.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\profile.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\update.sxe.vir
c:\qoobox\Quarantine\C\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\http_app.offerbox.com\update.xml.vir
c:\qoobox\Quarantine\C\WINDOWS\IsUn0410.exe.vir
c:\qoobox\Quarantine\C\WINDOWS\system32
c:\qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\_000011_.tmp.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
c:\qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
c:\qoobox\LastRun\Gateway
c:\qoobox\BackEnv\Profiles.Folder.dat
c:\qoobox\BackEnv\Profiles.Folder.folder.dat
c:\qoobox\BackEnv\AppData.folder.dat
c:\qoobox\BackEnv\Templates.folder.dat
c:\qoobox\BackEnv\Personal.folder.dat
c:\qoobox\BackEnv\LocalSettings.folder.dat
c:\qoobox\BackEnv\LocalAppData.folder.dat
c:\qoobox\BackEnv\Programs.folder.dat
c:\qoobox\BackEnv\StartMenu.folder.dat
c:\qoobox\BackEnv\StartUp.folder.dat
c:\qoobox\BackEnv\Cache.folder.dat
c:\qoobox\BackEnv\Desktop.folder.dat
c:\qoobox\BackEnv\Favorites.folder.dat
c:\qoobox\BackEnv\Pictures.folder.dat
c:\qoobox\BackEnv\Cookies.folder.dat
c:\qoobox\BackEnv\NetHood.folder.dat
c:\qoobox\BackEnv\PrintHood.folder.dat
c:\qoobox\BackEnv\Recent.folder.dat
c:\qoobox\BackEnv\SendTo.folder.dat
c:\qoobox\BackEnv\History.folder.dat
c:\qoobox\BackEnv\Music.folder.dat
c:\qoobox\BackEnv\SysPath.dat
c:\qoobox\BackEnv\SetPath.bat
c:\qoobox\BackEnv\VikPev00
---------------------------------------------------------
Mi pare molto simile a quello che avevo già postato... va bene?
Grazie, ciao
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 22/11/12 17:24

Ma in Disco Locale C: non c'è proprio il file ComboFix?
Hai provato la funzione Cerca di Windows?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 22/11/12 18:57

Ciao, no non c'è il file ComboFix, avevo provato anche la funzione Cerca di Windows. Ho provato a rifare la scansione con ComboFix ed ho notato che l'autoscan dopo avere fatto 50 stage passa ad eliminazione cartelle e smette di lavorare alla cartella:
C:\Documentsandsettings\RobertoB\DataApplicazioni\OfferBox. Era successo anche la volta scorsa e dopo 25-30 min di inattività ho riavviato io il pc pensando che avesse finito. Forse non ha generato il file log perchè in realtà non ha finito e si è bloccato? La suddetta cartella esiste ancora e ne contiene un'altra: http_app.offerbox.com che a sua volta contiene una cartella vuota sdch.
Cosa posso fare? Grazie, ciao!
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 22/11/12 19:52

Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe
● posiziona il tool scaricato sul Desktop
● doppio click sull'icona del programma per avviarlo
● metti il segno di spunta a Scan All Users
● clicca sul bottone Quick Scan
● attendi pazientemente la fine della scansione
● alla fine della scansione, verranno generati 2 logs: allegali
OTListIt.txt (aperto)
Extra.txt (minimizzato)
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 22/11/12 22:19

Ecco i report di OTL:
-----------------
OTL logfile created on: 22/11/2012 21.55.02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roberto B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

894,60 Mb Total Physical Memory | 410,07 Mb Available Physical Memory | 45,84% Memory free
2,11 Gb Paging File | 1,55 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): C:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 34,56 Gb Total Space | 9,30 Gb Free Space | 26,90% Space Free | Partition Type: FAT32
Drive D: | 35,06 Gb Total Space | 5,71 Gb Free Space | 16,28% Space Free | Partition Type: FAT32

Computer Name: ROBERTO | User Name: Roberto B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 21.52.52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto B\desktop\OTL.exe
PRC - [2012/11/20 10.45.56 | 000,335,872 | ---- | M] (TG Soft S.a.s. - www.tgsoft.it) -- C:\VEXPLite\MONLITE.EXE
PRC - [2012/11/20 10.45.56 | 000,086,016 | ---- | M] (TG Soft Sas www.tgsoft.it) -- C:\VEXPLite\VIRITSVC.EXE
PRC - [2012/10/31 23.15.10 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
PRC - [2012/10/30 23.51.00 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23.51.00 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/28 17.22.34 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe
PRC - [2012/09/24 19.59.34 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09.04.54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2011/12/16 17.44.48 | 000,762,368 | ---- | M] (PService) -- C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
PRC - [2009/03/05 16.07.20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 04.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/18 11.37.30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/06/28 17.01.32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006/05/18 16.52.06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe
PRC - [2006/05/11 15.22.48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/22 10.19.56 | 002,032,640 | ---- | M] () -- C:\Programmi\AVAST Software\Avast\defs\12112200\algo.dll
MOD - [2012/11/14 09.35.06 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38a190d849769ca2a9b174bd7253913c\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/14 09.34.02 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 09.05.04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 08.42.06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ff31894f\mscorlib.dll
MOD - [2012/11/14 08.42.00 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_702afd97\system.drawing.dll
MOD - [2012/11/14 08.41.32 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7af4041e\system.windows.forms.dll
MOD - [2012/11/14 08.41.14 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1d607033\system.dll
MOD - [2012/11/14 08.41.00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/14 08.40.54 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/11/14 08.40.50 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/14 08.40.42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/14 08.39.56 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/14 08.38.46 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/14 08.33.14 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 08.32.48 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/14 08.31.40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/10/31 23.15.06 | 012,455,448 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 23.15.06 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 23.15.04 | 004,007,448 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 23.13.36 | 000,274,984 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 23.13.36 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 23.13.34 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/06/13 08.31.54 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/02/04 17.48.30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/02/12 13.36.34 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/04/14 04.13.44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/14 15.23.04 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/09/14 15.23.04 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/09/14 15.22.26 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006/09/14 15.22.26 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_it_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006/07/20 20.58.00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/07/18 11.37.30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006/06/28 17.01.32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2005/10/20 17.20.24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 13.18.54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2002/03/13 16.46.46 | 000,053,248 | ---- | M] () -- C:\VEXPLite\zlib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/11/20 10.45.56 | 000,086,016 | ---- | M] (TG Soft Sas www.tgsoft.it) [Auto | Running] -- C:\VEXPLite\VIRITSVC.EXE -- (viritsvclite)
SRV - [2012/10/30 23.51.00 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/28 17.22.34 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 13.28.36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/09 11.11.42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 13.38.28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programmi\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/12/16 17.44.46 | 000,164,352 | ---- | M] (PowerOfferService) [Auto | Stopped] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\PosService\Pos.exe -- (PowerOffer Service)
SRV - [2011/12/16 17.44.46 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe -- (ServUpdater)
SRV - [2006/06/28 17.01.32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006/05/18 16.52.06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/11 15.22.48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2005/11/14 01.06.04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ROBERT~1\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | System | Stopped] -- -- (ASPI32)
DRV - [2012/11/22 19.08.32 | 000,085,784 | ---- | M] (TG Soft S.a.s.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIRAGTLT.sys -- (VIRAGTLT)
DRV - [2012/10/30 23.51.58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23.51.58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23.51.58 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 23.51.58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23.51.58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 23.51.56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 23.51.56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/02 14.38.24 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/02 14.38.24 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/06 10.00.00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/08/29 16.56.18 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2006/07/24 02.15.04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/06/30 10.40.40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/06/08 17.54.24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006/06/06 18.36.30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006/06/02 13.59.54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/06/02 13.59.52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/06/02 13.59.50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/05/17 18.32.38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/05/10 12.46.00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/07 05.49.36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/04 06.31.04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/04 06.31.02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/13 01.20.54 | 000,008,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EPINDD.SYS -- (epindd)
DRV - [2005/10/24 10.20.52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16.53.24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16.52.30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/26 14.42.00 | 000,043,968 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eusk3usb.sys -- (eusk3usb)
DRV - [2005/01/13 14.46.16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15.47.14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/03 22.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..: 'Cerca...'
FF - prefs.js..browser.startup.homepage: ' http://search.findeer.com'
FF - prefs.js..browser.startup.homepage: "http://search.findeer.com/"
FF - prefs.js..browser.startup.homepage: "http://search.findeer.com/"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=4908429603014344&o=APN10645&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmi\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Programmi\Virtual Earth 3D\ [2007/07/08 13.25.52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Programmi\Virtual Earth 3D\ [2007/07/08 13.25.52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Programmi\Virtual Earth 3D\ [2007/07/08 13.25.52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2011/08/16 12.27.44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/03/07 15.00.50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/03/07 15.00.50 | 000,000,000 | ---D | M]

[2011/03/07 15.01.36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roberto B\Dati applicazioni\Mozilla\Extensions
[2011/03/07 15.01.36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roberto B\Dati applicazioni\Mozilla\Firefox\Profiles\gpljeash.default\extensions
[2011/03/14 21.15.36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roberto B\Dati applicazioni\Mozilla\Firefox\Profiles\gpljeash.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/13 19.17.18 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Roberto B\Dati applicazioni\Mozilla\Firefox\Profiles\gpljeash.default\searchplugins\Search_Results.xml
[2012/11/16 23.02.24 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\Roberto B\Dati applicazioni\Mozilla\Firefox\Profiles\gpljeash.default\searchplugins\findeer.xml
[2011/03/07 15.00.50 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/06/13 00.29.40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMMI\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/07/09 11.11.42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2012/04/03 09.39.32 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml
[2012/04/03 09.39.32 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/04/03 09.39.32 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2012/04/03 09.39.32 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2012/04/03 09.39.32 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2012/07/09 11.11.36 | 000,000,817 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2012/11/13 19.17.18 | 000,002,687 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage: http://www.google.it/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Programmi\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Programmi\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Programmi\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: TV = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Ricerca Google = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Voice Search = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/02/28 11.08.32 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O4 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [VIRITIE] C:\VEXPLite\inst_virit_ie.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..Trusted Domains: telecomitalia.it ([areaclienti187] https in Siti attendibili)
O15 - HKU\S-1-5-21-2361716533-1758747366-760091935-1005\..Trusted Domains: telecomitalia.it ([web.ebill-a] https in Siti attendibili)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/ ... arth3D.cab (SentinelVE3D Class)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/ ... arth3D.cab (SentinelProxy Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} http://www.directxtras.com/speaksforits ... s_mary.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} http://www.directxtras.com/speaksforits ... s_sapi.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} http://www.directxtras.com/speaksforits ... plugin.cab (SpeechControl Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F61B858-045D-4251-86FF-0C7B0F4D4924}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/22 21.52.45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roberto B\Desktop\OTL.exe
[2012/11/22 18.13.16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/22 18.08.13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Roberto B\Recent
[2012/11/21 15.43.07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/21 15.43.07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/21 15.43.07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/21 15.43.07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/21 15.40.24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/21 15.40.06 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/21 15.38.23 | 005,005,176 | R--- | C] (Swearware) -- C:\Documents and Settings\Roberto B\Desktop\ComboFix.exe
[2012/11/16 23.02.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\AppData
[2012/11/16 23.02.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\PowerOffer
[2012/11/14 08.29.35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/13 19.21.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\AppData
[2012/11/13 19.21.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\Dati applicazioni\searchresultstb
[2012/11/13 19.17.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2012/11/09 17.29.38 | 000,000,000 | ---D | C] -- C:\Programmi\Cambridge
[2012/10/30 21.21.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\Dati applicazioni\f2fIntermediate
[2012/10/30 20.58.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\Desktop\Termofluidodinamica
[2012/10/28 17.28.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\Sun
[2012/10/28 17.23.40 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2007/04/12 22.41.36 | 000,368,640 | ---- | C] (X2 Studios, Ltd.) -- C:\Programmi\LiquidIcon102.exe

========== Files - Modified Within 30 Days ==========

[2012/11/22 21.52.52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto B\Desktop\OTL.exe
[2012/11/22 21.08.02 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/22 20.49.08 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/22 19.23.02 | 000,001,226 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2361716533-1758747366-760091935-1005Core1cd9a789ac61eca.job
[2012/11/22 19.08.32 | 000,085,784 | ---- | M] (TG Soft S.a.s.) -- C:\WINDOWS\System32\drivers\VIRAGTLT.sys
[2012/11/22 18.36.00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/22 18.36.00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/11/22 18.35.50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/22 18.35.44 | 938,127,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 18.12.34 | 005,005,176 | R--- | M] (Swearware) -- C:\Documents and Settings\Roberto B\Desktop\ComboFix.exe
[2012/11/19 08.49.14 | 000,002,933 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/16 18.08.50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/15 22.39.06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/14 08.48.54 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/14 08.32.04 | 000,511,304 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/11/14 08.32.04 | 000,460,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/14 08.32.04 | 000,094,992 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/11/14 08.32.04 | 000,080,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/09 17.36.56 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\Roberto B\Desktop\face2face Intermediate.lnk
[2012/11/08 21.19.36 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 23.51.58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/30 23.51.58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/30 23.51.58 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/30 23.51.58 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/30 23.51.58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/30 23.51.58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/30 23.51.56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/30 23.51.56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/30 23.51.08 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/30 23.51.00 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/11/21 15.43.07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/21 15.43.07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/21 15.43.07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/21 15.43.07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/21 15.43.07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/14 08.57.15 | 000,001,146 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/14 08.57.15 | 000,001,142 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 17.36.54 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\Roberto B\Desktop\face2face Intermediate.lnk
[2012/11/09 17.36.53 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\Roberto B\Menu Avvio\Programmi\face2face Intermediate.lnk
[2012/07/12 11.04.40 | 000,102,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2012/02/15 08.12.38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/20 09.06.51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/07/18 19.59.10 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun
[2011/04/12 22.46.21 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2011/03/07 15.01.03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/14 14.15.44 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Roberto B\Dati applicazioni\$_hpcst$.hpc
[2006/11/20 18.52.15 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/13 22.20.43 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== ZeroAccess Check ==========

[2005/04/15 12.51.28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/11/20 23.09.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NtiDvdCopy
[2006/12/17 15.47.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2007/04/16 09.36.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2007/05/24 20.50.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
[2008/05/07 23.35.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
[2009/02/09 22.06.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2009/02/09 22.16.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2010/01/31 11.31.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
[2011/08/16 12.27.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/03/22 20.12.30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{50DB8392-5787-4044-B241-1E1694663ECB}
[2012/04/09 10.29.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Sony
[2012/07/26 19.18.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/08/13 10.26.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Ask
[2012/11/13 19.17.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2006/11/20 23.23.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\Nvu
[2006/12/17 15.46.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\PC Suite
[2006/12/17 15.47.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\Nokia
[2006/12/17 18.24.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\Datalayer
[2008/02/22 20.37.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\FMA
[2008/09/27 13.27.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\Picajet.com
[2008/11/16 00.16.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\SecondLife
[2009/02/09 22.54.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\EPSON
[2009/07/23 21.39.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\ImgBurn
[2009/10/10 16.43.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\CoSoSys
[2010/01/30 16.47.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\GlarySoft
[2010/01/31 12.23.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\TeamViewer
[2012/01/15 13.31.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\SumatraPDF
[2012/05/08 20.37.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\OfferBox
[2012/10/30 21.21.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\f2fIntermediate
[2012/11/13 19.21.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\searchresultstb

========== Purity Check ==========



< End of report >
-----------------------------------------------------------------
segue in altro post
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 22/11/12 22:20

Continua post precedente:
OTL Extras logfile created on: 22/11/2012 21.55.02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roberto B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

894,60 Mb Total Physical Memory | 410,07 Mb Available Physical Memory | 45,84% Memory free
2,11 Gb Paging File | 1,55 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): C:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 34,56 Gb Total Space | 9,30 Gb Free Space | 26,90% Space Free | Partition Type: FAT32
Drive D: | 35,06 Gb Total Space | 5,71 Gb Free Space | 16,28% Space Free | Partition Type: FAT32

Computer Name: ROBERTO | User Name: Roberto B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"13122:TCP" = 13122:TCP:*:Enabled:BitCometBeta 13122 TCP
"13122:UDP" = 13122:UDP:*:Enabled:BitCometBeta 13122 UDP
"39759:TCP" = 39759:TCP:*:Enabled:emule tcp
"23259:UDP" = 23259:UDP:*:Enabled:emule udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Messenger\MSMSGS.EXE" = C:\Programmi\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\eMule0.47c\emule.exe" = C:\Programmi\eMule0.47c\emule.exe:*:Enabled:eMule
"C:\Programmi\FCM\FCM.exe" = C:\Programmi\FCM\FCM.exe:*:Enabled:Fantacalcio Manager -- (Andrea De Togni)
"C:\Documents and Settings\Roberto B\Desktop\emule.exe" = C:\Documents and Settings\Roberto B\Desktop\emule.exe:*:Enabled:eMule
"C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programmi\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programmi\File comuni\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programmi\StreamerOne\StreamerOne.exe" = C:\Programmi\StreamerOne\StreamerOne.exe:*:Enabled:StreamerOne
"C:\Programmi\Internet Explorer\IEXPLORE.EXE" = C:\Programmi\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programmi\BitComet\BitComet.exe" = C:\Programmi\BitComet\BitComet.exe:*:Enabled:BitCometBeta - a BitTorrent Client
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Emule\emule.exe" = D:\Emule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\TeamViewer\Version5\TeamViewer.exe" = C:\Programmi\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programmi\Java\JRE6\BIN\java.exe" = C:\Programmi\Java\JRE6\BIN\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programmi\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programmi\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Documents and Settings\All Users\Documenti\UltraTorrent\UltraTorrent.exe" = C:\Documents and Settings\All Users\Documenti\UltraTorrent\UltraTorrent.exe:*:Enabled:UltraTorrent
"C:\Programmi\UltraTorrent\UltraTorrent.exe" = C:\Programmi\UltraTorrent\UltraTorrent.exe:*:Enabled:UltraTorrent
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programmi\Skype\Phone\Skype.exe" = C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5ABD3EA-35EF-426B-AD12-DE546A307608}}_is1" = Fantacalcio Manager 2006
"{BC3E116C-2E5F-4655-B177-CBBA5AC5CA4C}" = face2face Intermediate
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{FFD3A6CD-8674-483A-B9D4-6A82401B7788}" = OpenOffice.org 2.0
"7-Zip" = 7-Zip 9.07 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"eMule" = eMule
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Guida utente" = EPSON Stylus Office BX300F_TX300F Manuale
"F0951E989107BC262F335A7560754F211A5A0534" = Pacchetto driver Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Glary Utilities_is1" = Glary Utilities Pro 2.48.0.1568
"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3077
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000
"Messenger Plus!" = Messenger Plus! 6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 it)" = Mozilla Firefox 12.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"SumatraPDF" = SumatraPDF 1.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Update Engine" = Sony Ericsson Update Engine
"VideoPad" = VideoPad Video Editor
"Virgilio Foto Editor_is1" = Virgilio Foto Editor 1.0.0.525
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2361716533-1758747366-760091935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Soap" = Soap

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2012 03.45.19 | Computer Name = ROBERTO | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 19/11/2012 03.53.04 | Computer Name = ROBERTO | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 19/11/2012 03.54.41 | Computer Name = ROBERTO | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 19/11/2012 06.03.50 | Computer Name = ROBERTO | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 19/11/2012 06.05.28 | Computer Name = ROBERTO | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 21/11/2012 10.48.59 | Computer Name = ROBERTO | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: The server name or address could not be resolved

Error - 21/11/2012 11.07.17 | Computer Name = ROBERTO | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 22/11/2012 05.39.13 | Computer Name = ROBERTO | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 22/11/2012 13.19.12 | Computer Name = ROBERTO | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
a causa del seguente errore: A connection with the server could not be established


Error - 22/11/2012 13.36.19 | Computer Name = ROBERTO | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

[ System Events ]
Error - 18/11/2012 07.15.10 | Computer Name = ROBERTO | Source = W32Time | ID = 39452701
Description = Il time provider NtpClient è configurato per acquisire l'ora da una
o più origini dell'ora, ma nessuna origine dell'ora è accessibile attualmente e non
verrà eseguito alcun tentativo di contattare un'origine per 14 minuti. NtpClient
non dispone di alcuna origine di ora esatta.

Error - 19/11/2012 03.45.12 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 19/11/2012 03.54.34 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 19/11/2012 06.03.46 | Computer Name = ROBERTO | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file ''
sul volume 'HarddiskVolume2'. Il monitoraggio del volume è stato interrotto.

Error - 19/11/2012 06.05.20 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 19/11/2012 06.05.20 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 21/11/2012 10.44.50 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio LockServ. Questo evento si è
già verificato 1 volta(e).

Error - 21/11/2012 11.08.53 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 22/11/2012 13.14.21 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio LockServ. Questo evento si è
già verificato 1 volta(e).

Error - 22/11/2012 13.37.47 | Computer Name = ROBERTO | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.


< End of report >
---------------------------------------
Ciao
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 23/11/12 14:13

Metti OTL.exe sul desktop. Avvialo e copia/incolla il codice sottostante nel Custom Scans/Fixes.

:OTL
PRC - [2011/12/16 17.44.48 | 000,762,368 | ---- | M] (PService) -- C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/12/16 17.44.46 | 000,164,352 | ---- | M] (PowerOfferService) [Auto | Stopped] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\PosService\Pos.exe -- (PowerOffer Service)
SRV - [2011/12/16 17.44.46 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe -- (ServUpdater)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ROBERT~1\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | System | Stopped] -- -- (ASPI32)
O4 - HKLM..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe (PLauncher)
C:\Documents and Settings\Roberto B\Dati applicazioni\searchresultstb
[2012/05/08 20.37.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\OfferBox
[2012/11/13 19.21.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto B\Dati applicazioni\searchresultstb

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Clicca su Run Fix e dai Ok. Potrebbe essere richiesto un riavvio, accetta.
Si aprirà un report salvalo ed allegalo.

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● termina tutti i programmi aperti
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
allega il log che compare al riavvio
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 23/11/12 15:50

Ciao, ecco i due logs:
All processes killed
========== OTL ==========
No active process named PService.exe was found!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service PowerOffer Service stopped successfully!
Service PowerOffer Service deleted successfully!
File C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\PosService\Pos.exe not found.
Service ServUpdater stopped successfully!
Service ServUpdater deleted successfully!
File C:\Documents and Settings\Roberto B\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service upperdev stopped successfully!
Service upperdev deleted successfully!
File system32\DRIVERS\usbser_lowerflt.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service PCASp50 stopped successfully!
Service PCASp50 deleted successfully!
File System32\Drivers\PCASp50.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ROBERT~1\IMPOST~1\Temp\catchme.sys not found.
Service BTWUSB stopped successfully!
Service BTWUSB deleted successfully!
File System32\Drivers\btwusb.sys not found.
Service BTWDNDIS stopped successfully!
Service BTWDNDIS deleted successfully!
File system32\DRIVERS\btwdndis.sys not found.
Service ASPI32 stopped successfully!
Service ASPI32 deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully.
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe moved successfully.
Folder C:\Documents and Settings\Roberto B\Dati applicazioni\OfferBox\ not found.
Folder C:\Documents and Settings\Roberto B\Dati applicazioni\searchresultstb\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 29814571 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Roberto B
->Temp folder emptied: 147456 bytes
->Temporary Internet Files folder emptied: 1277952 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6840396 bytes
->Flash cache emptied: 535 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb


[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Roberto B
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Roberto B
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11232012_152440

Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast_\Webshlock.txt moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_aac.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
-----------------------------------------------------------------------------------------

# AdwCleaner v2.008 - Logfile creato il 23/11/2012 alle 15:35:08
# Aggiornamento 17/11/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Roberto B - ROBERTO
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Roberto B\desktop\AdwCleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Ask
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
Cartella Eliminato : C:\Documents and Settings\Roberto B\Dati applicazioni\OfferBox
File Eliminato : C:\Programmi\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\ilivid
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\Software\PIP
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [2966 octets] - [23/11/2012 15:34:04]
AdwCleaner[S1].txt - [2779 octets] - [23/11/2012 15:35:08]

########## EOF - C:\AdwCleaner[S1].txt - [2839 octets] ##########
-------------------------------------------------------------------------------------------------------

Occorre fare altro?
Grazie, ciao
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 23/11/12 17:02

Riavvia il PC e dimmi come va!
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 23/11/12 18:06

PC riavviato, ho provato a navigare sui siti dove prima mi si aprivano le pagine pubblicitarie, ore pare tutto ok, non si aprono più!
Grazie mille, ciao!
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi FrancescoFDAC » 23/11/12 20:29

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando sul pulsante Yes

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 23/11/12 21:20

Ok operazioni effettuate, ComboFix eliminato.
Grazie ancora
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Re: Pagine pubblicitarie che si aprono da sole file log alle

Postdi Rob968 » 18/03/13 23:22

Ciao, lo stesso problema che avevo io sul mio pc lo riscontra anche un mio amico che ha windows8. Si aprono cioè pagine pubblicitarie da sole. Allego direttamente i file di log di OTL.
Qualcuno li potrebbe analizzare? Grazie

------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 17/03/2013 15.03.53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\utente\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,88 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 66,24% Memory free
4,76 Gb Paging File | 3,39 Gb Available in Paging File | 71,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 566,83 Gb Total Space | 507,59 Gb Free Space | 89,55% Space Free | Partition Type: NTFS

Computer Name: VAIO | User Name: utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\utente\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\lsm\LSM.exe (MS)
PRC - C:\Program Files (x86)\lsm\aus.exe (MS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Programmi\Sony\VAIO Care\listener.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe (Software602)
PRC - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll ()
MOD - C:\Programmi\Sony\VAIO Care\listener.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe ()
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Log S.M.) -- C:\Program Files (x86)\lsm\LSM.exe (MS)
SRV - (AUS) -- C:\Program Files (x86)\lsm\aus.exe (MS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (VUAgent) -- C:\Programmi\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (NetworkSupport) -- C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (VCService) -- C:\Programmi\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Programmi\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Intel(R) -- C:\Programmi\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (SpfService) -- C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (602XML Updater) -- C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_VDP) -- C:\Windows\SysNative\Drivers\btath_vdp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\Drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (SOWS) -- C:\Windows\SysNative\Drivers\sows.sys (Sony Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\Drivers\e1y60x64.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu [binary data]
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\..\SearchScopes,DefaultScope = {FEDE6E48-9E70-44CC-9BA1-FA44529836F7}
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\..\SearchScopes\{A89AC2D2-679F-4495-99B5-EBB352F6C504}: "URL" = http://rover.ebay.com/rover/1/724-42445 ... Q312&_nkw={searchTerms}
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\..\SearchScopes\{FEDE6E48-9E70-44CC-9BA1-FA44529836F7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
IE - HKU\S-1-5-21-1507049458-3719691222-902785431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUpx64: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/17 14.50.24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2013/01/11 23.48.58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utente\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - Extension: Docs = C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 06.26.49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intel AppUp(R) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe (Software602)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DECE16C5-308A-4DB4-BAFD-651693F23B1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/03/17 14.50.25 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/17 14.50.22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\utente\Desktop\OTL.exe
[2013/03/17 10.15.44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/13 22.27.57 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013/03/12 20.31.57 | 000,000,000 | ---D | C] -- C:\Users\utente\AppData\Roaming\Malwarebytes
[2013/03/12 20.31.47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 15.23.06 | 000,000,000 | ---D | C] -- C:\Users\utente\AppData\Roaming\SUPERAntiSpyware.com
[2013/03/10 14.59.22 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/03/04 21.47.28 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/03/04 21.47.28 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/03/04 21.47.28 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/02/16 10.03.13 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/16 10.03.12 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/16 10.03.02 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/16 10.03.02 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/16 10.03.02 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/16 10.02.58 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/16 10.02.58 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/16 10.02.58 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/16 10.02.57 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/16 10.02.57 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/16 10.02.54 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/16 10.02.39 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/16 10.02.39 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/16 10.02.39 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/16 10.02.38 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/16 10.02.38 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/16 10.02.36 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/16 10.02.34 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/16 10.02.32 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/16 10.02.28 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/16 10.02.27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/16 10.02.27 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/16 10.02.26 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/02/16 10.02.26 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/16 10.02.26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/16 10.02.25 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/16 10.02.24 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/16 10.02.24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/16 10.02.22 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/16 10.02.22 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/16 10.02.22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/14 19.42.33 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/14 19.42.20 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 19.42.20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 19.42.19 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/02/14 19.42.19 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 19.42.19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 19.42.19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/14 19.42.19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/14 19.42.19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/14 19.42.19 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/02/14 19.42.19 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/14 19.42.19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/02/14 19.42.19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/03 15.35.22 | 000,000,000 | ---D | C] -- C:\Users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/02/03 15.35.21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/01/19 17.29.44 | 000,000,000 | ---D | C] -- C:\Users\utente\AppData\Roaming\vlc
[2013/01/19 17.29.25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/01/19 17.29.03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/01/17 19.21.44 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/17 19.21.44 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files - Modified Within 60 Days ==========

[2013/03/17 14.53.51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 14.51.44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/03/17 14.51.41 | 3334,696,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 14.50.24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/17 14.50.22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\utente\Desktop\OTL.exe
[2013/03/13 23.49.33 | 000,000,017 | ---- | M] () -- C:\Users\utente\AppData\Local\resmon.resmoncfg
[2013/03/13 23.07.32 | 000,005,142 | ---- | M] () -- C:\Users\utente\Documents\cc_20130313_230727.reg
[2013/03/13 22.38.55 | 000,152,019 | ---- | M] () -- C:\Users\utente\AppData\Local\census.cache
[2013/03/13 22.38.51 | 000,074,801 | ---- | M] () -- C:\Users\utente\AppData\Local\ars.cache
[2013/03/13 19.38.46 | 000,000,036 | ---- | M] () -- C:\Users\utente\AppData\Local\housecall.guid.cache
[2013/03/12 20.32.04 | 001,781,840 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/12 20.32.04 | 000,791,380 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/12 20.32.04 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/12 20.32.04 | 000,153,214 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/12 20.32.04 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/07 21.31.45 | 001,802,322 | ---- | M] () -- C:\Users\utente\Documents\doc.salvamento.pdf
[2013/03/07 00.33.21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/07 00.33.21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/07 00.33.21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/07 00.33.21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/07 00.33.21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/07 00.33.21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/07 00.33.20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/07 00.33.20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/07 00.32.51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/07 00.32.22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/28 18.57.11 | 000,425,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/21 08.29.31 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/21 08.29.30 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/04 22.29.08 | 067,823,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/02/03 15.35.22 | 000,002,981 | ---- | M] () -- C:\Users\utente\Desktop\HiJackThis.lnk
[2013/01/19 16.41.43 | 000,001,098 | ---- | M] () -- C:\Users\utente\Desktop\Incoming - collegamento.lnk

========== Files Created - No Company Name ==========

[2013/03/17 14.50.24 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/17 14.50.24 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/13 23.49.33 | 000,000,017 | ---- | C] () -- C:\Users\utente\AppData\Local\resmon.resmoncfg
[2013/03/13 23.07.29 | 000,005,142 | ---- | C] () -- C:\Users\utente\Documents\cc_20130313_230727.reg
[2013/03/13 22.38.55 | 000,152,019 | ---- | C] () -- C:\Users\utente\AppData\Local\census.cache
[2013/03/13 22.38.51 | 000,074,801 | ---- | C] () -- C:\Users\utente\AppData\Local\ars.cache
[2013/03/13 19.38.46 | 000,000,036 | ---- | C] () -- C:\Users\utente\AppData\Local\housecall.guid.cache
[2013/03/07 21.31.45 | 001,802,322 | ---- | C] () -- C:\Users\utente\Documents\doc.salvamento.pdf
[2013/02/28 18.56.56 | 000,425,928 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/16 10.02.21 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track20.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track19.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track18.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track17.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track16.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track15.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track14.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track13.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track12.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track11.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track10.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track09.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track08.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track07.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track06.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track05.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track04.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track03.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track02.cda
[2013/02/10 11.21.46 | 000,000,044 | ---- | C] () -- C:\Users\utente\Documents\Track01.cda
[2013/02/03 15.35.22 | 000,002,981 | ---- | C] () -- C:\Users\utente\Desktop\HiJackThis.lnk
[2013/01/19 16.41.43 | 000,001,098 | ---- | C] () -- C:\Users\utente\Desktop\Incoming - collegamento.lnk
[2012/11/26 21.22.29 | 001,810,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/04 10.16.24 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/09/22 20.14.58 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/08/21 23.32.27 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/21 23.32.27 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/21 23.32.27 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/26 09.13.10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09.13.09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08.21.26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02.17.42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21.37.29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21.28.31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15.31.19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 12.59.44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/11/25 11.40.40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00.23.07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00.26.23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04.05.38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04.18.27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04.07.41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/27 19.22.34 | 000,000,000 | ---D | M] -- C:\Users\utente\AppData\Roaming\602Installer
[2012/11/02 13.07.14 | 000,000,000 | ---D | M] -- C:\Users\utente\AppData\Roaming\iolo
[2012/12/25 09.35.00 | 000,000,000 | ---D | M] -- C:\Users\utente\AppData\Roaming\PerformerSoft
[2012/11/27 19.23.36 | 000,000,000 | ---D | M] -- C:\Users\utente\AppData\Roaming\Software602

========== Purity Check ==========



< End of report >
----------------------------------------------------------------------------------------------------
Rob968
Utente Junior
 
Post: 17
Iscritto il: 23/08/12 13:58

Prossimo

Torna a Sistemi Operativi Windows


Topic correlati a "Pagine pubblicitarie che si aprono da sole file log allegato":

consumo pagine web
Autore: nikita75
Forum: Software Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 43 ospiti