Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo file di log hijackthis per problema Opzioni
etatagno
Inviato: Sunday, March 17, 2013 1:26:20 PM
Rank: AiutAmico

Iscritto dal : 6/24/2007
Posts: 56
Salve da un po di tempo mi si aprono in automatico delle finestre di publicità e ho provato ad eliminare um po di cose ma non so se ho fatto tutto correttamente qualcuno piu esperto puo controllarmi se nel file di log di hijackthis e di OTL c'è ancora qualcosa ,grazie a tutti coloro che vorranno aiutarmi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.24.02, on 17/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\Hard Disk Sentinel\HDSentinel.exe
C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://developer.intel.com/design/motherbd/regionalsoftware/EN.htm#DG31PR
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Programmi\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe

--
End of file - 6145 bytes

OTL
OTL logfile created on: 17/03/2013 12.35.55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Principale\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1011,77 Mb Total Physical Memory | 536,20 Mb Available Physical Memory | 53,00% Memory free
3,34 Gb Paging File | 2,93 Gb Available in Paging File | 87,99% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 117,19 Gb Total Space | 58,42 Gb Free Space | 49,85% Space Free | Partition Type: NTFS
Drive D: | 115,69 Gb Total Space | 115,45 Gb Free Space | 99,79% Space Free | Partition Type: NTFS

Computer Name: NEGOZIO | User Name: Principale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Principale\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmi\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVAST Software\Avast\defs\13031700\algo.dll ()
MOD - C:\Programmi\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Programmi\Spybot - Search & Destroy 2\sqlite3.dll ()


========== Services (SafeList) ==========

SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe File not found
SRV - (SDWSCService) -- C:\Programmi\Spybot File not found
SRV - (SDUpdateService) -- C:\Programmi\Spybot File not found
SRV - (SDScannerService) -- C:\Programmi\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\catchme.sys File not found
DRV - (ALSysIO) -- C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\ALSysIO.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alawar.it/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\..\SearchScopes\{AD43A510-0817-11DE-A4D6-59A755D89593}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=bfg&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\..\SearchScopes\{B6244DB6-5A7E-4358-BC8C-EBD410989594}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://it.search.yahoo.com/search?fr=chr-ober&type=gamenextit&p={searchTerms}
IE - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8524
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\programmi\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2013/03/05 06.42.42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\emoticoons-toolbar@emoticoons.com: C:\Documents and Settings\All Users\Documenti\Emoticoons\emoticoons-toolbar@emoticoons.com [2012/07/06 09.27.12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/12 07.50.39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/03/08 14.13.39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/02/19 22.22.29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2013/03/12 06.50.10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins

[2010/11/02 09.05.11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Extensions
[2010/11/02 09.05.11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/03 22.20.24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\extensions
[2010/03/15 08.36.16 | 000,000,000 | ---D | M] (Conviva LivePass (Firefox)) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\extensions\StreamingPlugin@conviva.com
[2012/04/16 09.53.47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/03 22.20.24 | 000,872,587 | ---- | M] () (No name found) -- C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/02/19 22.22.24 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/02/19 22.22.24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/05 06.42.42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMI\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/03/15 17.59.54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMI\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/03/08 14.13.38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2012/10/12 07.50.16 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programmi\mozilla firefox\plugins\nprpplugin.dll
[2009/10/26 15.45.36 | 000,102,400 | ---- | M] (Zylom) -- C:\Programmi\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/12/05 17.26.28 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2012/09/08 15.32.27 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2012/12/05 17.26.28 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2012/12/05 17.26.28 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2012/12/05 17.26.28 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/12/05 17.26.28 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: http://search.findeer.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.findeer.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programmi\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Gmail = C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/12/03 17.48.46 | 000,361,612 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12431 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programmi\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hard Disk Sentinel] C:\Programmi\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
O4 - HKLM..\Run: [SDTray] C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk = C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-261903793-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C838CA8A-D11A-4F7A-B58C-C65F724F3CB6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/28 20.44.49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{135eddf2-c9a7-11e1-be06-001cc0d34e5c}\Shell - "" = AutoRun
O33 - MountPoints2\{135eddf2-c9a7-11e1-be06-001cc0d34e5c}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/03/17 12.33.58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Principale\Desktop\OTL.exe
[2013/03/17 12.05.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Menu Avvio\Programmi\pserv.cpl
[2013/03/17 12.05.54 | 000,000,000 | ---D | C] -- C:\Programmi\p-nand-q.com
[2013/03/17 11.13.29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Principale\Recent
[2013/03/12 06.50.08 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Thunderbird
[2013/03/05 06.42.46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/04 17.05.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
[2013/03/04 16.50.24 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Macrovision Shared
[2013/02/27 15.54.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Vodafone
[2013/02/27 10.11.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Dati applicazioni\org.mart3.VodafoneStation
[2013/02/27 10.10.57 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe AIR
[2013/02/27 10.10.54 | 000,000,000 | ---D | C] -- C:\Programmi\Vodafone
[2013/02/19 22.22.22 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2013/02/13 23.06.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Spybot - Search & Destroy 2
[2013/02/13 23.06.24 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/02/13 23.06.11 | 000,000,000 | ---D | C] -- C:\Programmi\Spybot - Search & Destroy 2
[2013/02/13 23.03.16 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Principale\Desktop\SpybotSD2.exe
[2013/02/09 13.46.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\foto nuove
[2013/02/09 13.45.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\foto del 09 03
[2013/02/09 13.24.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Dati applicazioni\FileZilla
[2013/02/09 13.24.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\FileZilla FTP Client
[2013/02/09 13.24.30 | 000,000,000 | ---D | C] -- C:\Programmi\FileZilla FTP Client
[2013/02/09 13.16.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Desktop\sito
[2013/02/09 13.15.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\SendBlaster2
[2013/02/09 13.15.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\scanner documento
[2013/02/09 13.15.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\sandro
[2013/02/09 13.15.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\s.andrea corretta
[2013/02/09 13.15.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\preventivo sito bitnet
[2013/02/09 13.15.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\preventivi
[2013/02/09 13.15.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\interflora
[2013/02/09 13.15.49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\immagini per landing speedy
[2013/02/09 12.29.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\foto elen
[2013/02/09 12.29.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\foto corrette
[2013/02/09 12.28.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\foto calendario
[2013/02/09 12.28.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\FATTURE USCITA
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\FATTURE IN ENTRATA
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\documenti formati pdf
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\comuni
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\bonsai
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\analisi sito defrancesco
[2013/02/09 12.28.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\alessandro venturi
[2013/02/09 12.28.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\adwords
[2013/02/09 12.28.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\accaunt
[2013/02/09 12.28.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\sorgenti pagine sito
[2013/02/09 12.27.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Documenti\traduzioni valeria
[2013/02/02 18.29.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Desktop\Photo by corego • Instagram_files
[2013/01/22 11.01.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Desktop\foto angolodeifiori
[2013/01/21 09.33.58 | 000,000,000 | ---D | C] -- C:\Program Files
[2013/01/21 09.33.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2013/01/19 15.06.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Desktop\Connect V3.0
[2013/01/19 14.44.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Dati applicazioni\VSRevoGroup
[2013/01/19 14.41.54 | 000,000,000 | ---D | C] -- C:\Programmi\VS Revo Group
[2013/01/19 14.41.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Menu Avvio\Programmi\Revo Uninstaller
[2013/01/19 13.37.54 | 000,221,184 | R--- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2013/01/19 13.37.53 | 000,719,616 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2013/01/19 13.14.48 | 001,480,296 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\rtl8192ce.sys
[2013/01/19 13.14.43 | 000,000,000 | ---D | C] -- C:\Programmi\REALTEK PCIE Wireless LAN Driver
[2013/01/19 13.13.30 | 000,000,000 | ---D | C] -- C:\Desktop
[2013/01/19 13.10.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Principale\Desktop\RTL8192ce_WindowsDriver_1005.28.1006.2011.F0066.P0830_ISS_1.00.0180.L
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/03/17 12.34.00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Principale\Desktop\OTL.exe
[2013/03/17 12.30.22 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/17 12.29.21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/17 12.29.03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/03/17 12.29.02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-261903793-1801674531-1003.job
[2013/03/17 12.29.01 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/17 12.29.00 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/17 12.28.53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/17 12.18.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/17 12.05.01 | 000,403,682 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\pserv-2.7.exe
[2013/03/17 11.43.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 11.35.43 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2013/03/16 13.43.00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F398F0FF-DB0C-45BD-BE3D-B511950F3D2F}.job
[2013/03/16 12.29.29 | 000,000,422 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Collegamento a A su vodafone (local.mynet.vodafone.it).lnk
[2013/03/16 12.29.21 | 000,028,876 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\bhoooo.jpg
[2013/03/16 12.27.19 | 000,055,955 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\logo.jpg
[2013/03/15 10.14.36 | 000,010,296 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\ivana.jpg
[2013/03/15 09.35.03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-261903793-1801674531-1003.job
[2013/03/13 12.19.00 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 12.18.59 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/11 19.43.35 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\biglietto1.gif
[2013/03/11 19.42.21 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\BIGLIETTO.gif
[2013/03/07 14.10.47 | 000,110,789 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\10834-spartito.jpg
[2013/03/07 00.33.24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/03/07 00.33.24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/03/07 00.33.24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/07 00.33.24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/03/07 00.33.24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/03/07 00.33.24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/07 00.33.23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/07 00.33.22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/03/07 00.32.51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/03/07 00.32.42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/05 06.42.45 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/05 06.32.48 | 002,139,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/04 14.53.58 | 000,134,357 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Immagine marco carra.JPG
[2013/03/04 14.53.50 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/04 14.53.48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/03/01 03.28.16 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/28 12.57.57 | 000,001,742 | -H-- | M] () -- C:\Documents and Settings\Principale\Documenti\Default.rdp
[2013/02/27 15.54.54 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VodafoneStation2.lnk
[2013/02/27 10.08.33 | 008,632,792 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\VodafoneStation2.exe
[2013/02/26 06.51.04 | 000,062,771 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Bouquet-di-Mimosa-Rose-Arancio-e-Gerbere.jpg
[2013/02/26 06.34.28 | 000,101,566 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\mimosa b.jpg
[2013/02/25 19.25.50 | 000,035,640 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\matrimonio 13072013.rtf
[2013/02/14 05.17.40 | 000,482,092 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/02/14 05.17.40 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 05.17.40 | 000,080,696 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/02/14 05.17.40 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/13 23.30.31 | 000,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/02/13 23.07.00 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/02/13 23.07.00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/02/13 23.06.40 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/02/13 23.05.18 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Documents and Settings\Principale\Desktop\SpybotSD2.exe
[2013/02/11 13.10.02 | 000,025,239 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Fwd Nuovo ordine FloraQueen #20227187.eml
[2013/02/10 12.05.53 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/10 09.28.52 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\ORDINE 9557 SPEEDYFLOWERS per Arte Fiorita.eml
[2013/02/09 14.10.51 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\FileZilla.lnk
[2013/02/09 11.10.46 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\pagamento ordine 9330 Ferrari Stefano.rtf
[2013/02/06 11.47.30 | 000,211,502 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\8912347-cuore-di-san-valentino.jpg
[2013/02/05 20.57.34 | 001,212,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/02/05 20.57.34 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/02/05 20.57.33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/02/05 20.57.33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/02/05 20.57.33 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/02/05 20.57.33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/02/05 20.57.33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/02/05 20.57.33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/02/05 20.57.32 | 002,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/02/05 20.57.32 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/02/05 20.57.32 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/02/05 20.57.32 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/02/05 20.57.32 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/02/05 20.57.32 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/02/05 20.57.32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/02/05 20.57.32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/02/05 20.57.32 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/02/05 20.57.32 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/02/05 20.57.32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/02/05 20.57.32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/02/05 20.57.31 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/02/05 20.57.31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/02/05 20.57.31 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/02/05 20.57.30 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/02/05 20.57.30 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/02/05 20.57.30 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/02/05 06.54.09 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/02/05 06.54.07 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/02/05 06.54.07 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/02/02 18.30.00 | 000,012,028 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Photo by corego • Instagram.htm
[2013/01/26 12.54.52 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\settings.inc.php
[2013/01/26 04.55.42 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/25 09.17.42 | 000,094,629 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\2013_22_002030.pdf
[2013/01/24 17.41.14 | 000,001,048 | ---- | M] () -- C:\Documents and Settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
[2013/01/24 17.40.55 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Dropbox.lnk
[2013/01/22 19.24.20 | 000,043,908 | ---- | M] () -- C:\Documents and Settings\Principale\Documenti\primavera.gif
[2013/01/19 14.41.54 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Principale\Desktop\Revo Uninstaller.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 12.04.59 | 000,403,682 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\pserv-2.7.exe
[2013/03/16 12.29.21 | 000,028,876 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\bhoooo.jpg
[2013/03/16 12.27.18 | 000,055,955 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\logo.jpg
[2013/03/15 16.36.35 | 000,000,422 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Collegamento a A su vodafone (local.mynet.vodafone.it).lnk
[2013/03/15 10.14.33 | 000,010,296 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\ivana.jpg
[2013/03/11 19.43.35 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\biglietto1.gif
[2013/03/11 19.42.17 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\BIGLIETTO.gif
[2013/03/07 14.10.47 | 000,110,789 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\10834-spartito.jpg
[2013/03/05 06.42.47 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/05 06.42.47 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/04 17.00.35 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Photoshop CS4.lnk
[2013/03/04 16.59.01 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Bridge CS4.lnk
[2013/03/04 16.53.00 | 000,001,076 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe ExtendScript Toolkit CS4.lnk
[2013/03/04 14.53.58 | 000,134,357 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Immagine marco carra.JPG
[2013/02/27 15.54.54 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VodafoneStation2.lnk
[2013/02/27 10.08.31 | 008,632,792 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\VodafoneStation2.exe
[2013/02/26 06.51.04 | 000,062,771 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Bouquet-di-Mimosa-Rose-Arancio-e-Gerbere.jpg
[2013/02/26 06.34.25 | 000,101,566 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\mimosa b.jpg
[2013/02/23 11.49.26 | 000,035,640 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\matrimonio 13072013.rtf
[2013/02/21 16.22.52 | 000,043,908 | ---- | C] () -- C:\Documents and Settings\Principale\Documenti\primavera.gif
[2013/02/13 23.30.31 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/02/13 23.06.59 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/02/13 23.06.59 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/02/13 23.06.58 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/02/13 23.06.40 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Spybot-S&D Start Center.lnk
[2013/02/13 23.06.40 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/02/11 13.10.02 | 000,025,239 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Fwd Nuovo ordine FloraQueen #20227187.eml
[2013/02/10 09.28.52 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\ORDINE 9557 SPEEDYFLOWERS per Arte Fiorita.eml
[2013/02/09 14.10.51 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\FileZilla.lnk
[2013/02/09 13.42.07 | 000,001,742 | -H-- | C] () -- C:\Documents and Settings\Principale\Documenti\Default.rdp
[2013/02/09 11.10.46 | 000,001,146 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\pagamento ordine 9330 Ferrari Stefano.rtf
[2013/02/06 11.47.29 | 000,211,502 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\8912347-cuore-di-san-valentino.jpg
[2013/02/02 18.29.57 | 000,012,028 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Photo by corego • Instagram.htm
[2013/01/27 19.46.29 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Mozilla Firefox.lnk
[2013/01/26 12.54.07 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\settings.inc.php
[2013/01/25 09.17.41 | 000,094,629 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\2013_22_002030.pdf
[2013/01/21 09.55.47 | 000,001,048 | ---- | C] () -- C:\Documents and Settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
[2013/01/19 14.41.54 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Principale\Desktop\Revo Uninstaller.lnk
[2013/01/19 13.37.54 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2013/01/19 13.14.43 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/10/03 12.32.14 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/15 08.48.36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/14 11.24.59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/03/24 17.22.47 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2010/06/26 09.32.38 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 22.22.05 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Principale\.rnd

========== ZeroAccess Check ==========

[2011/04/23 18.40.52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18.13.52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/04 18.30.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AlawarWrapper
[2011/10/19 10.35.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2013/03/17 10.39.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Big Fish Games
[2013/01/21 09.34.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2009/07/22 16.52.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Friends Games
[2009/09/03 07.16.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GamesBar
[2010/07/24 16.59.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\HipSoft
[2009/07/09 18.26.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MumboJumbo
[2009/09/12 18.37.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Oberon Media
[2013/01/30 16.28.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2010/07/26 18.28.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WildTangent
[2009/06/03 11.04.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Zylom
[2010/09/04 18.30.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\1morebee
[2009/07/25 18.18.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Argonyt
[2010/09/24 17.16.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Artifex Mundi
[2010/07/12 17.02.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\bfgbar
[2012/01/25 18.03.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Burraconline
[2010/03/15 18.25.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Conviva
[2013/03/17 12.32.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Dropbox
[2012/09/01 08.55.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\EmoticoonsToolbar
[2013/02/09 14.14.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\FileZilla
[2009/07/15 18.09.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Oberon Media
[2013/02/27 10.11.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\org.mart3.VodafoneStation
[2011/07/09 18.08.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Playrix Entertainment
[2009/05/28 21.53.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\TeamViewer
[2010/11/02 09.05.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Thunderbird
[2012/04/26 17.45.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Unity
[2013/01/19 14.44.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\VSRevoGroup
[2010/10/20 17.57.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Principale\Dati applicazioni\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5AE33054
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5D7E5A8F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:063969F8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C86B29EB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:99C301D0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:957E9765

< End of report >

Sponsor
Inviato: Sunday, March 17, 2013 1:26:20 PM

 
shapiro
Inviato: Sunday, March 17, 2013 7:35:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


scarica adwcleaner

clicca sul pulsante ''delete'' e posta il log di fine scansione


Scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione) ed elimina tutto quello che rileva
A scansione completata, posta il rapporto.

etatagno
Inviato: Monday, March 18, 2013 9:27:27 AM
Rank: AiutAmico

Iscritto dal : 6/24/2007
Posts: 56
salve shapiro grazie per il tuo interessamento fo fatto la scansione con adwcleaner prima e dopo la scansione e con malwarebytes che ha trovato una infezione Trojan.Dropper che ho eliminato, al riavvio del computer ho fatto una scansione con hijackthis che ti allego qui sotto resto in attesa di eventuali suggerimenti grazie.



LOG PRIMA DELLA PULIZIA


# AdwCleaner v2.115 - Logfile creato il 18/03/2013 alle 06:41:02
# Aggiornamento 17/03/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Principale - NEGOZIO
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Principale\Desktop\adwcleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\Documents and Settings\All Users\Dati applicazioni\GamesBar
Cartella Trovato : C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
Cartella Trovato : C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\APN

***** [Registro] *****

Chiave Trovata : HKCU\Software\APN PIP
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Trovata : HKCU\Software\PIP
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\01ff7b26c3ff8b81909c44e2f0704d77
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4ececea200dbd82a0cd916bbbc443b44
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7197666e0d112440a1295f2469c97ea4
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6d6ec31f240f1b8fee322f032d50290
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcb4afa67cddb743121e06cada5ef429
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f0bb23eaf58d083f56f7d889437cd6f8
Chiave Trovata : HKLM\Software\PIP
Chiave Trovata : HKU\S-1-5-21-1085031214-261903793-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v19.0.2 (it)

File : C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v20.0.1132.47

File : C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.


LOG DOPO PULIZIA



AdwCleaner[R1].txt - [3319 octets] - [18/03/2013 06:41:02]

########## EOF - C:\AdwCleaner[R1].txt - [3379 octets] ##########




# AdwCleaner v2.115 - Logfile creato il 18/03/2013 alle 06:48:40
# Aggiornamento 17/03/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Principale - NEGOZIO
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Principale\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\GamesBar
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
Cartella Eliminato : C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\APN

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Eliminata : HKCU\Software\PIP
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\01ff7b26c3ff8b81909c44e2f0704d77
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4ececea200dbd82a0cd916bbbc443b44
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7197666e0d112440a1295f2469c97ea4
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6d6ec31f240f1b8fee322f032d50290
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcb4afa67cddb743121e06cada5ef429
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f0bb23eaf58d083f56f7d889437cd6f8
Chiave Eliminata : HKLM\Software\PIP
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v19.0.2 (it)

File : C:\Documents and Settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\h9eqvc6s.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v20.0.1132.47

File : C:\Documents and Settings\Principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [3448 octets] - [18/03/2013 06:41:02]
AdwCleaner[R2].txt - [3508 octets] - [18/03/2013 06:47:23]
AdwCleaner[S1].txt - [370 octets] - [18/03/2013 06:47:41]
AdwCleaner[S2].txt - [3389 octets] - [18/03/2013 06:48:40]

########## EOF - C:\AdwCleaner[S2].txt - [3449 octets] ##########


LOG MALWAREBYTES


Malwarebytes Anti-Malware (Prova) 1.70.0.1100
www.malwarebytes.org

Versione database: v2013.03.18.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Principale :: NEGOZIO [amministratore]

Protezione: Attivata

18/03/2013 7.57.25
mbam-log-2013-03-18 (07-57-25).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 298934
Tempo impiegato: 52 minuti, 50 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Programmi\Navilog1\gnc.exe (Trojan.Dropper) -> Spostato in quarantena ed eliminato con successo.


File di LOG HIJACKTHIS AL RIAVVIO


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.20.32, on 18/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\Hard Disk Sentinel\HDSentinel.exe
C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Microsoft Office\Office12\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://developer.intel.com/design/motherbd/regionalsoftware/EN.htm#DG31PR
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Programmi\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Principale\Dati applicazioni\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe

--
End of file - 6520 bytes


shapiro
Inviato: Monday, March 18, 2013 12:19:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


fammi sapere se si aprono ancora le pagine di pubblicita'
etatagno
Inviato: Wednesday, March 20, 2013 7:11:14 AM
Rank: AiutAmico

Iscritto dal : 6/24/2007
Posts: 56
ciao shapiro sembrerebbe di no tu hai potuto dare un'occhiata al file di log di hijackthis per vedere se ho eliminato definitivamente Trojan.Dropper . Grazie per la risposta.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.