Condividi:        

Aiuto Virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiuto Virus

Postdi mauri1974 » 02/06/13 22:02

Ciao ragazzi.
Vi mando log di Hijackthis perchè il mio computer ha un fastidioso virus che non mi
fa scaricare nessun programma
Questo è Hijackthis:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.57.42, on 02/06/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WebCake\WebCakeDesktop.Updater.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\programmi\plus-hd-2.6\plus-hd-2.6-bg.exe
C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadp.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google./
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0033440 - {11111111-1111-1111-1111-110311341140} - C:\Programmi\Plus-HD-2.6\Plus-HD-2.6-bho.dll
O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programmi\WebCake\WebCakeIEClient.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ICMClient] C:\Programmi\ICMClient\ICMClient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SsroService] C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebCake Desktop] "C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276165030937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpSC - SoftwareUpdService - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Ssro Service (SsroService) - SsroService - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe
O23 - Service: WebCake Desktop Updater - WebCake LLC - C:\Programmi\WebCake\WebCakeDesktop.Updater.exe

--
End of file - 9324 bytes
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Sponsor
 

Re: Aiuto Virus

Postdi mauri1974 » 03/06/13 02:11

log di Malwarebytes:

Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/06/2013 23.40.55
mbam-log-2013-06-02 (23-40-55).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi esaminati: 172351
Tempo trascorso: 40 minuti, 21 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)



Grazie
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi kyiv » 03/06/13 09:18

prova con Adwcleaner > http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
scaricalo sul desktop
(visto che hai Avira, clicca sul ? in alto a sx , e nelle opzioni spunta ''disable ask detection'' )
poi clicca su ELIMINA e posta il log
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Aiuto Virus

Postdi mauri1974 » 03/06/13 12:51

Log di Awdcleaner
Codice: Seleziona tutto
# AdwCleaner v2.107 - Logfile creato il 03/06/2013 alle 13:38:29
# Aggiornamento 21/01/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Admin - PC2
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\Content.IE5\R3E79N8F\adwcleaner[1].exe
# Opzioni [Elimina]
# Commutatori utilizzati : /DisableAskDetection


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Tarma Installer

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Crossrider
Chiave Eliminata : HKCU\Software\InstalledBrowserExtensions
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0033440.BHO
Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0033440.BHO.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0033440.Sandbox
Chiave Eliminata : HKLM\SOFTWARE\Classes\CrossriderApp0033440.Sandbox.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Chiave Eliminata : HKLM\Software\Tarma Installer

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

*************************

AdwCleaner[S1].txt - [1619 octets] - [03/06/2013 13:38:29]

########## EOF - C:\AdwCleaner[S1].txt - [1679 octets] ##########
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi kyiv » 03/06/13 14:00

disinstalla Webcake , e fa' una scansione con ESET Online Scanner http://www.eset.com/us/online-scanner/
oppure con HitmanPro http://www.surfright.nl/it/downloads/
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Aiuto Virus

Postdi mauri1974 » 03/06/13 19:04

Disinstallato webcake, ma gli altri 2 programmi da scaricare mi pare di aver capito che sono a pagamento ??
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi kyiv » 03/06/13 21:59

mauri1974 ha scritto:Disinstallato webcake, ma gli altri 2 programmi da scaricare mi pare di aver capito che sono a pagamento ??

no assolutamente; riguardo ESET , clicca su Run Eset Online Scanner (sulla sx della pagina), scarichi il software ed esegui la scansione.
mentre per HitmanPro (gratuito) se rilevi qualche ''virus/trojan'' hai le indicazioni (percorso) necessarie per eliminarlo in autonomia,
oppure attivi una licenza temporanea di 30gg (cosi credo) per poterli eliminare.
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Aiuto Virus

Postdi mauri1974 » 04/06/13 04:07

Virus ancora presente.
Si chiama TR/Crypt.XPACK.Gen
Intanto provo la scansione.
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi mauri1974 » 04/06/13 06:56

Effettuata prima la scansione con ESET e ha trovato 2 file infetti
Poi ho fatto la scansione con HITMAN e non ha trovato file infetti, ma ha eliminato
diversi elementi, ma non ho nessun log da postare.
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi kyiv » 04/06/13 09:23

mauri1974 ha scritto:Si chiama TR/Crypt.XPACK.Gen


potrebbe trattarsi di un falso positivo di Avira ; aggiorna le firme ;) http://answers.microsoft.com/it-it/windows/forum/windows_vista-security/trcryptxpackgen/c428fbac-a870-4421-9561-c9adf7af1084?page=1

intanto facciamo un controllino con OTL : http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
scaricalo sul desktop,
metti la spunta su scan all user
su skip microsoft files
su lop check , e su purity check

premi RUN SCAN , esegui la scansione e posta i log
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Aiuto Virus

Postdi mauri1974 » 04/06/13 12:17

ok.
Ecco il log
Codice: Seleziona tutto
OTL logfile created on: 04/06/2013 13.03.52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
382,42 Mb Total Physical Memory | 64,98 Mb Available Physical Memory | 16,99% Memory free
1,65 Gb Paging File | 1,14 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 74,53 Gb Total Space | 64,47 Gb Free Space | 86,51% Space Free | Partition Type: NTFS
 
Computer Name: PC2 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/06/04 13.02.50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2013/06/04 12.52.10 | 000,349,696 | ---- | M] (Hyper Technologies Inc.) -- C:\Programmi\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
PRC - [2013/06/02 16.03.13 | 000,898,408 | ---- | M] (Plus HD) -- c:\Programmi\Plus-HD-2.6\Plus-HD-2.6-bg.exe
PRC - [2013/05/31 19.31.51 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Programmi\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013/05/14 13.26.12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/24 15.44.06 | 000,760,320 | ---- | M] (ssadp) -- C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadp.exe
PRC - [2011/05/18 12.28.46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/18 12.28.46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/01 15.22.01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23.11.21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/27 04.10.00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programmi\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/10 18.01.49 | 000,116,104 | ---- | M] () -- C:\Programmi\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/27 16.44.48 | 000,135,221 | ---- | M] (NVIDIA Corporation) -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/11/27 16.44.26 | 000,065,593 | ---- | M] (NVIDIA Corporation) -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 15.14.26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2002/08/26 12.15.02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) -- C:\Programmi\HyperTechnologies\Deep Freeze\DFServEx.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/06/02 23.20.01 | 000,815,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01a89fef6b3ccb3f9df478fdc37f590b\System.Runtime.Remoting.ni.dll
MOD - [2010/06/17 16.28.20 | 000,355,688 | ---- | M] () -- C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/15 11.45.05 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\47d862e0dc37c830cc3397decf6c0590\System.ServiceProcess.ni.dll
MOD - [2010/06/15 11.44.58 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e2de26078a8c3d29dbfcf408e23aa2b1\System.Configuration.ni.dll
MOD - [2010/06/15 11.44.57 | 001,740,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ed0cdc51d89bb41a9ab760ca3cf52bf9\Microsoft.VisualBasic.ni.dll
MOD - [2010/06/15 11.29.24 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
MOD - [2010/06/15 11.29.05 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
MOD - [2010/06/15 11.28.36 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
MOD - [2010/06/15 11.27.53 | 007,102,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\b39a611d2b2fc659d5472dd76b24d3b2\System.Data.ni.dll
MOD - [2010/06/15 11.27.36 | 008,310,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
MOD - [2010/06/15 11.27.12 | 011,436,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
MOD - [2010/06/15 11.25.30 | 003,036,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/10 18.01.49 | 000,116,104 | ---- | M] () -- C:\Programmi\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/09/24 21.52.47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_it_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007/09/20 18.34.58 | 000,129,536 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll
MOD - [2006/10/31 08.35.00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/04/13 15.14.26 | 000,876,544 | ---- | M] () -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/04/13 15.14.26 | 000,159,744 | ---- | M] () -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/04/13 15.14.26 | 000,024,691 | ---- | M] () -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2002/08/26 12.17.46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Running] -- C:\Programmi\WebCake\WebCakeDesktop.Updater.exe C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - [2013/05/14 13.26.12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/19 15.14.16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/25 17.04.46 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe -- (LiveUpSC)
SRV - [2013/01/24 15.46.02 | 000,156,160 | ---- | M] (SsupdService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe -- (SsupdService)
SRV - [2013/01/24 15.46.02 | 000,031,232 | ---- | M] (SsroService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe -- (SsroService)
SRV - [2011/05/18 12.28.46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/18 12.28.46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2009/02/10 18.01.49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programmi\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/11/27 16.44.48 | 000,135,221 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/27 16.44.26 | 000,065,593 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/10/26 19.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/13 15.14.26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)
SRV - [2002/08/26 12.15.02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) [Auto | Running] -- C:\Programmi\HyperTechnologies\Deep Freeze\DFServEx.exe -- (DFServEx)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011/05/18 12.28.47 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/03 21.02.31 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16.28.21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16.28.11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07.44.02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/02/01 17.24.04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programmi\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2007/10/16 18.38.30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/25 14.29.50 | 000,500,736 | R--- | M] (Atheros Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(TP-LINK)
DRV - [2006/11/27 10.33.54 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 10.33.50 | 000,058,368 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 10.31.38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/01/12 21.46.28 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/16 08.23.54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2002/08/26 12.16.12 | 000,012,288 | ---- | M] (HyperTechnologies Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzHi.sys -- (DepFrzHi)
DRV - [2002/08/26 12.15.54 | 000,052,709 | ---- | M] (Hyper Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzLo.sys -- (DepFrzLo)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes,DefaultScope = {D0BDE3C7-76D1-4258-9C3C-8579B86D0A7F}
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes\{27F8DC53-F359-43E8-8FA9-85443CDF61C4}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes\{8371C0A7-EB72-4F0E-A564-54D0C626B98E}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\SearchScopes\{D0BDE3C7-76D1-4258-9C3C-8579B86D0A7F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programmi\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
 
[2010/11/08 16.58.10 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2010/06/10 10.58.57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17.29.19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2001/08/31 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Plus-HD-2.6) - {11111111-1111-1111-1111-110311341140} - C:\Programmi\Plus-HD-2.6\Plus-HD-2.6-bho.dll (Plus HD)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programmi\WebCake\WebCakeIEClient.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ICMClient] C:\Programmi\ICMClient\ICMClient.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SsroService] C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadl.exe (ssadl)
O4 - HKU\S-1-5-21-448539723-2146991089-1801674531-1004..\Run: [WebCake Desktop] C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe (WebCake LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-2146991089-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276165030937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10734F04-5AC5-44C4-B5FB-75D0ED1E89C7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 21.30.48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aa6f3eb6-a3c2-11de-aab7-003067074f78}\Shell\AutoRun\command - "" = E:\xp19.com
O33 - MountPoints2\{aa6f3eb6-a3c2-11de-aab7-003067074f78}\Shell\explore\Command - "" = E:\xp19.com
O33 - MountPoints2\{aa6f3eb6-a3c2-11de-aab7-003067074f78}\Shell\open\Command - "" = E:\xp19.com
O33 - MountPoints2\{dc8890f3-5e26-11e1-aafe-003067074f78}\Shell - "" = AutoRun
O33 - MountPoints2\{dc8890f3-5e26-11e1-aafe-003067074f78}\Shell\AutoRun\command - "" = F:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/06/04 13.02.45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/06/04 06.01.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\HitmanPro
[2013/06/03 23.10.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\VINI
[2013/06/03 23.09.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\ARCH.UBOLDI
[2013/06/03 21.09.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dati applicazioni\Skype
[2013/06/02 17.53.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\sshelper
[2013/06/02 17.52.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd
[2013/06/02 17.52.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ServiceManager
[2013/06/02 17.52.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenti\Application
[2013/06/02 16.03.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Identities
[2013/06/02 15.56.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater
[2013/06/02 15.56.16 | 000,000,000 | ---D | C] -- C:\Programmi\MyPcCleaner
[2013/06/02 15.56.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\MyPcCleaner
[2013/06/02 15.55.35 | 000,000,000 | ---D | C] -- C:\Programmi\Plus-HD-2.6
[2013/06/02 15.53.36 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft Silverlight
[2013/06/02 15.53.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Microsoft Office Live Add-in
[2013/06/02 15.53.16 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft Office Outlook Connector
[2013/06/02 15.52.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2013/06/02 15.50.38 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft SQL Server Compact Edition
[2013/06/02 15.48.23 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft
[2013/06/02 15.39.38 | 004,809,768 | ---- | C] (Thutjuomfh) -- C:\Documents and Settings\Admin\Desktop\plus-hd-2-6.exe
[2013/06/02 15.07.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Skype
[2013/06/02 15.07.58 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Skype
[2013/06/02 15.07.56 | 000,000,000 | R--D | C] -- C:\Programmi\Skype
[2013/06/02 14.38.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dati applicazioni\WebCake
[2013/06/02 14.38.40 | 000,000,000 | ---D | C] -- C:\Programmi\WebCake
[2013/06/02 14.30.15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/06/02 14.24.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype
[2013/05/31 15.20.17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJSolutionMenu
[2013/05/31 15.20.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJ
[2013/05/31 15.19.23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2013/05/31 15.19.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dati applicazioni\Canon
[2013/05/31 15.19.06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJMyPrinter
[2013/05/31 15.18.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJPLM
[2013/05/31 15.16.39 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC270C.dll
[2013/05/31 15.16.39 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC270L.dll
[2013/05/31 15.16.39 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC270I.dll
[2013/05/31 15.16.39 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC270U.dll
[2013/05/31 15.16.39 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2013/05/31 15.15.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Registrazione utente Canon MP270 series
[2013/05/31 15.12.16 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\CANON
[2013/05/31 15.10.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Canon Utilities
[2013/05/31 15.09.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Canon MP270 series Manual
[2013/05/31 15.08.23 | 000,000,000 | ---D | C] -- C:\Programmi\Canon
[2013/05/31 15.06.09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2013/05/31 15.06.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Canon MP270 series
[2013/05/31 15.05.58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
[2013/05/31 15.05.39 | 000,272,384 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9X.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/06/04 13.05.25 | 000,067,342 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\COMPUTER WORD.pdf
[2013/06/04 13.02.50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/06/04 12.53.39 | 000,001,174 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.6-updater.job
[2013/06/04 12.52.35 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/04 12.52.13 | 000,001,178 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.6-codedownloader.job
[2013/06/04 12.52.13 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.6-enabler.job
[2013/06/04 05.02.18 | 000,092,110 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\virus2.JPG
[2013/06/04 05.00.24 | 000,088,866 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\virus.JPG
[2013/06/03 21.08.39 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/06/03 14.36.41 | 000,157,448 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\BCC.JPG
[2013/06/02 19.21.38 | 000,542,223 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\docum.babbo fattura.pdf
[2013/06/02 17.55.41 | 000,446,716 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/06/02 17.55.41 | 000,400,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 17.55.41 | 000,073,232 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/06/02 17.55.41 | 000,060,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/02 15.40.41 | 004,809,768 | ---- | M] (Thutjuomfh) -- C:\Documents and Settings\Admin\Desktop\plus-hd-2-6.exe
[2013/05/31 15.19.48 | 000,065,158 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\FATTURA TRONY.pdf
[2013/05/31 15.12.05 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2013/05/31 07.25.20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/06/04 13.06.00 | 000,067,342 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\COMPUTER WORD.pdf
[2013/06/04 05.02.18 | 000,092,110 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\virus2.JPG
[2013/06/04 05.00.24 | 000,088,866 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\virus.JPG
[2013/06/03 14.36.41 | 000,157,448 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\BCC.JPG
[2013/06/02 19.21.56 | 000,542,223 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\docum.babbo fattura.pdf
[2013/06/02 15.56.03 | 000,001,174 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.6-updater.job
[2013/06/02 15.56.01 | 000,001,078 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.6-enabler.job
[2013/06/02 15.55.56 | 000,001,178 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.6-codedownloader.job
[2013/06/02 15.07.58 | 000,002,241 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/31 15.20.09 | 000,065,158 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\FATTURA TRONY.pdf
[2013/05/31 15.16.39 | 000,012,544 | ---- | C] () -- C:\WINDOWS\System32\CNC173BD.TBL
[2013/05/31 15.12.05 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2009/09/26 23.36.36 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2008/09/24 21.37.59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/05/06 21.39.34 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/05/31 15.19.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dati applicazioni\Canon
[2009/09/26 23.49.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dati applicazioni\DeepBurner
[2013/06/02 14.38.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dati applicazioni\WebCake
[2013/05/31 15.05.58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
[2013/05/31 15.20.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJ
[2013/05/31 15.19.06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJMyPrinter
[2013/06/02 19.20.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJPLM
[2013/05/31 15.19.23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJScan
[2013/05/31 15.20.17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJSolutionMenu
[2009/08/10 10.49.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GiocoDigitale
[2013/06/04 07.53.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\HitmanPro
[2009/02/06 17.49.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TP-LINK
[2009/09/16 21.46.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dati applicazioni\.bittorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi kyiv » 04/06/13 15:12

..di virus io non ne vedo , e mi sembra che tu sia riuscito a scaricare programmi :neutral:

(strano che search.findeer non sia stato eliminato da adwcleaner :-? ) comunque :

apri OTL, e copia/incolla nello spazio bianco (sotto custom scans/fixes)le seguenti righe ;

:OTL
PRC - C:\Programmi\WebCake\WebCakeDesktop.Updater.exe
SRV - C:\Programmi\WebCake\WebCakeDesktop.Updater.exe C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe
SVR - C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programmi\WebCake\WebCakeIEClient.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O4 - HKU\S-1-5-21-448539723-2146991089-1801674531-1004..\Run: [WebCake Desktop] C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

premi RUN FIX e posta il log.

poi aggiora java http://www.java.com/it/download/installed.jsp
e reimposta la pagina iniziale di IE8.
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Aiuto Virus

Postdi mauri1974 » 04/06/13 19:44

Non so da cosa dipende, ma sono due volte che provo a fare quello che mi hai scritto, ma appena faccio partire la
scansione, mi si blocca il computer, mi spariscono le icone sul desktop e il computer muore..
l'ho riavviato tutte e due le volte ... :oops:

non so più cosa fare ..

che dici ?? :?:
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi Luke57 » 04/06/13 22:35

Ciao, apri otl.exe, copia il seguente script:

:OTL
PRC - [2013/01/24 15.44.06 | 000,760,320 | ---- | M] (ssadp) -- C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadp.exe
SRV - [2013/01/25 17.04.46 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe -- (LiveUpSC)
SRV - [2013/01/24 15.46.02 | 000,156,160 | ---- | M] (SsupdService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe -- (SsupdService)
SRV - [2013/01/24 15.46.02 | 000,031,232 | ---- | M] (SsroService) [Auto | Stopped] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe -- (SsroService)
O4 - HKLM..\Run: [SsroService] C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadl.exe (ssadl)
[2013/06/02 17.52.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd
[2013/06/02 15.56.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater

:commands
[purity]
[emptytemp]


sul box binaco di otl. Premi runfix.

Posta il log prodotto al termine della scansione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Aiuto Virus

Postdi mauri1974 » 05/06/13 07:31

Ciao Luke.
Grazie per la modifica.
Ora è andato.

Ecco il log

Codice: Seleziona tutto
All processes killed
========== OTL ==========
Process ssadp.exe killed successfully!
Service LiveUpSC stopped successfully!
Service LiveUpSC deleted successfully!
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
Service SsupdService stopped successfully!
Service SsupdService deleted successfully!
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe moved successfully.
Service SsroService stopped successfully!
Service SsroService deleted successfully!
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SsroService deleted successfully.
C:\Documents and Settings\All Users\Documenti\Application\CurrentFile\ssadl.exe moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd\settings folder moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\ssupd folder moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings folder moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\SoftwareUpdater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 105631195 bytes
->Temporary Internet Files folder emptied: 59752580 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 4573 bytes
 
User: Administrator
->Temp folder emptied: 763907261 bytes
->Temporary Internet Files folder emptied: 2550219 bytes
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: egestione-database
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33210 bytes
 
User: User
->Temp folder emptied: 19847724 bytes
->Temporary Internet Files folder emptied: 39547841 bytes
->Java cache emptied: 430410 bytes
->FireFox cache emptied: 58445297 bytes
->Flash cache emptied: 7544 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2885 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2823624 bytes
RecycleBin emptied: 1050632807 bytes
 
Total Files Cleaned = 2.006,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06052013_082314

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9C4C.tmp not found!
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9C5E.tmp not found!
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9CCB.tmp not found!
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9CDD.tmp not found!
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9DF3.tmp not found!
File\Folder C:\Documents and Settings\Admin\Impostazioni locali\Temp\~DF9E05.tmp not found!
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\Content.IE5\R3E79N8F\viewtopic[3].htm moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\Content.IE5\R3E79N8F\xd_arbiter[2].htm moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\Content.IE5\47N3OSIE\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi mauri1974 » 06/06/13 07:09

:?:

:?:

:cry:
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi Luke57 » 06/06/13 15:28

Ciao, non hai risolto il problema?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Aiuto Virus

Postdi mauri1974 » 06/06/13 19:44

Effettivamente ora sembra tutto ok.
Chiedevo conferma se ci fosse qualche altro passaggio.
Allora grazie ragazzi, forti come sempre !!

Ciao a tutti e ancora grazie !!
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi mauri1974 » 26/06/13 06:40

Ciao ancora ragazzi.
Ora purtroppo ho questo altro problema
Oltre ad essere piuttosto lento, ogni tanto mi compare una finestra che uno script
rallenta internet explorer
Se può servire mando il log di Hijack.
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7.37.08, on 26/06/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WebCake\WebCakeDesktop.Updater.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0033440 - {11111111-1111-1111-1111-110311341140} - C:\Programmi\Plus-HD-2.6\Plus-HD-2.6-bho.dll
O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programmi\WebCake\WebCakeIEClient.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ICMClient] C:\Programmi\ICMClient\ICMClient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebCake Desktop] "C:\Documents and Settings\Admin\Dati applicazioni\WebCake\WebCakeDesktop.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276165030937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Programmi\HyperTechnologies\Deep Freeze\DfServEx.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: WebCake Desktop Updater - WebCake LLC - C:\Programmi\WebCake\WebCakeDesktop.Updater.exe

--
End of file - 8735 bytes


Attendo notizie sul da farsi, grazie. ;)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: Aiuto Virus

Postdi mauri1974 » 27/06/13 06:10

:?:

Ragazzi, spariti tutti ?

Sono anni che scrivo sul forum, mi avete sempre aiutato, spero che
non ci sia qualche problema interno .....

Comunque devo solo dirvi grazie che in questi anni, siete stati sempre
disponibili e molto professionali!

Spero di risentirvi presto..

;)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto Virus":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 48 ospiti