|
| Precedente :: Successivo |
| Autore |
Messaggio |
ninoilrosso
Mortale devoto
Registrato: 08/08/13 20:09
Messaggi: 6
|
 Inviato: 08 Ago 2013 20:18 Oggetto: aiuto virus maledetto |
 |
|
| Ciao ragazzi, ho bisogno di aiuto per eliminare un virus. Dalle ricerche fatte su internet credo che si chiami yontoo o roba del genere. Adesso vi spiego che problemi mi crea: quando sto per scaricare un file torrent attraverso il programma utorrent, si intromette un programma di di nome turntvz. Ho un antivirus norton security che non ha bloccato questo virus. Ho provato a scansionare il pc con altri antivirus gratuiti, ma niente da fare. C'è qualche anima buona che può aiutarmi a risolvere questo problema? (possibilmente in modo non molto tecnico) A presto. |
|
| Top |
|
 |
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 08 Ago 2013 20:58 Oggetto: |
|
|
Ciao e benvenuto.
Segui queste indicazioni:
| Citazione: | | Ho provato a scansionare il pc con altri antivirus gratuiti |
Disistallali. (non servono a niente in questo caso)
Scarica Adwcleaner sul desktop:
link
Clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Poi:
Fai questa scansione con OTL.
http://forum.zeusnews.com/viewtopic.php?t=51382
Posta i 2 log.
Devi postare i log (tutti) così:
Collegati ad internet e vai alla pagina WikiSend:
link
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum. |
|
| Top |
|
|
ninoilrosso
Mortale devoto
Registrato: 08/08/13 20:09
Messaggi: 6
|
| Inviato: 09 Ago 2013 09:26 Oggetto: |
|
|
Ciao e grazie per avermi risposto, spero di poter seguire in modo corretto le tue indicazioni.
Questi sono i risultati di adwcleaner:
# AdwCleaner v2.306 - Logfile creato il 09/08/2013 alle 09:20:06
# Aggiornamento 19/07/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Utente : Utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WQIQQZZ\adwcleaner.exe
# Opzioni [Elimina]
***** [Servizi] *****
***** [File / Cartelle] *****
Cartella Eliminato : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
***** [Registro] *****
Chiave Eliminata : HKLM\Software\systweak
***** [Browser Internet] *****
-\\ Internet Explorer v9.0.8112.16450
[OK] Registro Pulito.
-\\ Google Chrome v28.0.1500.95
File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences
Eliminata [l.2435] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=CCFD3085A93D23D3&affID=119776&tsp=[...]
*************************
AdwCleaner[S1].txt - [22695 octets] - [04/08/2013 20:35:55]
AdwCleaner[S2].txt - [1086 octets] - [09/08/2013 09:20:06]
########## EOF - C:\AdwCleaner[S2].txt - [1146 octets] ##########
Adesso proseguo come da te descritto.
A presto. |
|
| Top |
|
|
ninoilrosso
Mortale devoto
Registrato: 08/08/13 20:09
Messaggi: 6
|
| Inviato: 09 Ago 2013 09:36 Oggetto: |
|
|
Ti posto risultati OTL:
OTL logfile created on: 09/08/2013 09:29:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utente\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
3,70 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,89% Memory free
7,39 Gb Paging File | 5,70 Gb Available in Paging File | 77,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 177,23 Gb Free Space | 76,13% Space Free | Partition Type: NTFS
Drive D: | 233,75 Gb Total Space | 105,86 Gb Free Space | 45,29% Space Free | Partition Type: NTFS
Computer Name: UTENTE-PC | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/09 09:28:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utente\Downloads\OTL.exe
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/11 07:42:22 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/03/06 15:41:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/06 15:41:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/06 15:40:14 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2010/08/30 10:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
========== Modules (No Company Name) ==========
MOD - [2012/05/29 23:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
========== Services (SafeList) ==========
SRV:64bit: - [2011/11/11 06:50:40 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/16 16:18:18 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/11 07:42:22 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/11/10 11:08:09 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012/03/06 15:41:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/06 15:41:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/06 15:40:14 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/02/02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programmi\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/19 10:02:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/03 06:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/11 06:50:34 | 002,182,768 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/06/26 03:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/21 12:07:57 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2011/01/21 12:07:45 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011/01/21 12:06:41 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2011/01/21 12:06:41 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2011/01/21 12:06:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2011/01/21 12:06:41 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2011/01/21 12:06:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/01/21 12:06:40 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2011/01/21 12:06:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/21 12:06:39 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/02 02:26:31 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130808.003\ex64.sys -- (NAVEX15)
DRV - [2013/07/02 02:26:31 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/02 02:26:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130808.003\eng64.sys -- (NAVENG)
DRV - [2013/05/31 09:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/02/03 11:09:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/09 17:44:06 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130807.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=46362&st=bs&tid=3887&ver=3.5&ts=1373073138847&tguid=46362-3887-1373073138847-1167802935B7FAF7C121BDB31387131D&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 C0 1C 42 70 BF CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/08/09 09:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/01/14 20:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/02/03 02:05:05 | 000,000,000 | ---D | M]
[2012/12/09 21:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions
[2012/12/09 21:31:00 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\specialsavings@vshsolutions.com
[2012/12/09 21:32:54 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks
[2013/07/30 17:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/07/31 04:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
[2013/06/30 01:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\extensions\trtv3@trtv.com.xpi
[2012/11/21 20:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ricerca Google = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.1.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_1\
CHR - Extension: Gmail = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/03 18:02:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [PhilipsDM\SA1916] C:\Program Files (x86)\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX130" File not found
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: I&nvia a OneNote - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: I&nvia a OneNote - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6834A45C-8643-4FA3-B0E4-FDF230959003}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/31 19:09:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/12/31 16:13:25 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/04 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/04 10:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/08/03 18:12:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/03 18:06:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/03 17:55:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/03 17:55:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/03 17:55:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/03 17:50:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/03 17:50:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/03 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\uTorrent
[2013/08/03 17:15:18 | 001,130,576 | ---- | C] (BitTorrent Inc.) -- C:\Users\Utente\Desktop\utorrent-3-.exe
[2013/08/02 17:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/08/02 17:45:04 | 000,000,000 | ---D | C] -- C:\Users\Utente\Documents\Anti-Malware
[2013/08/02 16:29:40 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\NPE
[2013/08/01 17:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2013/08/01 17:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/31 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Malwarebytes
[2013/07/31 20:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/31 19:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/07/31 19:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/07/29 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Web Cake
[2013/07/29 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Cake
[2013/07/15 17:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/07/15 17:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
[2013/07/15 17:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/07/14 19:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2013/07/14 03:09:37 | 000,000,000 | ---D | C] -- C:\Users\Utente\Documents\Album di Interprint
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/09 09:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:28:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 09:25:59 | 001,549,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/09 09:25:59 | 000,701,188 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/08/09 09:25:59 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/09 09:25:59 | 000,128,534 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/08/09 09:25:59 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/09 09:21:35 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 09:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 09:21:27 | 2977,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 09:18:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 20:53:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 16:54:05 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/08/04 10:59:55 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/03 18:02:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/03 17:16:57 | 000,000,814 | ---- | M] () -- C:\Users\Utente\Desktop\µTorrent.lnk
[2013/08/03 17:15:26 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Utente\Desktop\utorrent-3-.exe
[2013/07/31 19:09:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/07/22 16:18:15 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2013/07/16 16:18:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/16 16:18:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/15 17:54:10 | 000,001,729 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/07/14 19:03:42 | 003,389,035 | ---- | M] () -- C:\Users\Utente\Desktop\eMule0.50a-Installer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/05 16:54:05 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/08/04 10:59:55 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/03 17:55:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/03 17:55:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/03 17:55:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/03 17:55:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/03 17:55:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/03 17:16:57 | 000,000,814 | ---- | C] () -- C:\Users\Utente\Desktop\µTorrent.lnk
[2013/07/31 19:09:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/07/14 19:04:25 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2013/07/14 19:03:32 | 003,389,035 | ---- | C] () -- C:\Users\Utente\Desktop\eMule0.50a-Installer.exe
[2013/07/05 18:12:44 | 000,031,816 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/01/20 21:02:27 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2012/11/25 11:34:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/13 22:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/11/10 11:08:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/11/10 10:47:43 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/11/10 10:47:43 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/11/10 10:47:43 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/11/10 10:47:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/11/10 10:47:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/10 10:35:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/10 10:35:05 | 000,033,245 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2011/01/21 12:07:33 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report > |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 09 Ago 2013 12:39 Oggetto: |
|
|
Ciao.
| Citazione: | | spero di poter seguire in modo corretto le tue indicazioni. |
No.
Ti avevo indicato sul come postare i log.
Te l'avevo scritto in rosso, per attirare meglio la tua attenzione.
Non è bastato.
Pulisci i files temporanei con CCleaner (registro compreso)
http://forum.zeusnews.com/viewtopic.php?p=282670#282670
Il log di OTL non presenta infezioni.
Riscontri ancora il problema? |
|
| Top |
|
|
ninoilrosso
Mortale devoto
Registrato: 08/08/13 20:09
Messaggi: 6
|
| Inviato: 09 Ago 2013 17:18 Oggetto: |
|
|
| Ciao ho fatto la pulizia con CCleaner, ma il problema persiste. |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 09 Ago 2013 21:51 Oggetto: |
|
|
Avvia OTL.
Sotto "Custom Scans\Fixes" copia-incolla questo codice:
| Codice: | :OTL
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=46362&st=bs&tid=3887&ver=3.5&ts=1373073138847&tguid=46362-3887-1373073138847-1167802935B7FAF7C121BDB31387131D&q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/01/14 20:49:43 | 000,000,000 | ---D | M]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2013/07/29 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Web Cake
[2013/07/29 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Cake
[2013/07/29 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Web Cake
:Files
C:\Program Files\Enigma Software Group
C:\Users\Utente\AppData\Roaming\Web Cake
C:\Program Files (x86)\Web Cake
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot] |
Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log. (con Wikisend) |
|
| Top |
|
|
ninoilrosso
Mortale devoto
Registrato: 08/08/13 20:09
Messaggi: 6
|
| Inviato: 10 Ago 2013 17:44 Oggetto: |
|
|
Ciao e grazie per la pazienza che stai avendo.
Ho aperto otl, ho incollato il codice ed ho avviato la scansione.
Poi tu mi dici di postare il log (?) su wikisend.
Non riesco a capire cos'è il log. |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 10 Ago 2013 21:09 Oggetto: |
 |
|
| Citazione: | | Non riesco a capire cos'è il log. |
Un log è un file di testo.
Per essere più chiaro, quello che hai postato nel topic, e cioè OTL.txt è un log.
Anche quello che hai postato con Adwcleaner, è un log.
Per log, si intende il risultato delle varie scansioni, che rilasciano quando hanno finito la scansione.
In questo caso, il log (file di testo) dovresti trovarlo sul desktop, se hai scaricato il programma sul desktop.
Altrimenti lo trovi dove hai scaricato i tool. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
