Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Istartfurf come si puo' eliminare

2 pages: 1 [2]
Istartfurf come si puo' eliminare Opzioni
Topic Precedente · Topic Sucessivo
mare10
Inviato: Thursday, November 05, 2015 11:26:49 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ecco il secondo

OTL logfile created on: 05/11/2015 11.11.08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1014,36 Mb Total Physical Memory | 228,36 Mb Available Physical Memory | 22,51% Memory free
2,38 Gb Paging File | 1,65 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 119,16 Gb Total Space | 82,44 Gb Free Space | 69,18% Space Free | Partition Type: NTFS
Drive E: | 29,89 Gb Total Space | 27,30 Gb Free Space | 91,34% Space Free | Partition Type: NTFS

Computer Name: GIUSEPPE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download\OTL(1).exe (OldTimer Tools)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Programmi\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\ssp7ml3.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Programmi\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Programmi\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.)
SRV - (AvgAMPS) -- C:\Programmi\AVG\Av\avgamps.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgsvc) -- C:\Programmi\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (LiveUpdateSvc) -- C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (DgiVecp) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\ADMINI~1.GIU\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverl) -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys (IObit)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (winbondhidcir) -- C:\WINDOWS\system32\drivers\winbondhidcir.sys (Winbond Electronics Corporation)
DRV - (hidshim) -- C:\WINDOWS\system32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmi\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programmi\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2015/11/04 11.02.09 | 000,000,000 | ---D | M]

[2014/10/31 22.38.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Extensions
[2015/11/02 18.44.18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\extensions
[2015/09/25 08.51.22 | 000,962,762 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/09/13 09.44.43 | 000,002,669 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\searchplugins\Google.xml
[2015/11/04 11.02.03 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2015/11/04 11.02.45 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2014/09/22 11.50.05 | 000,450,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Programmi\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Programmi\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Google Photos Backup] C:\WINDOWS\System32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Google, Inc)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Google Photos Backup] C:\WINDOWS\System32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Google, Inc)
O4 - HKU\S-1-5-21-1123561945-1229272821-1417001333-500..\Run: [PC Suite Tray] C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5F56618-8703-499C-9488-908C3F249C8D}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/05 08.13.00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2015/11/04 11.02.02 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2015/10/31 10.37.46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Recent
[2015/10/31 09.52.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Opera Software
[2015/10/31 09.52.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Opera Software
[2015/10/31 09.48.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
[2015/10/31 09.48.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Shortcut
[2015/10/26 09.41.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Noi da Tiziana e Mario 25-10-15
[2015/10/25 23.40.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\AVG
[2015/10/25 23.19.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\AvgSetupLog
[2015/09/13 09.42.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
[2015/09/13 09.42.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Lavasoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2015/11/05 11.10.25 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/11/05 10.55.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/11/05 08.53.47 | 000,639,710 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2015/11/05 08.53.47 | 000,586,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015/11/05 08.53.47 | 000,126,686 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2015/11/05 08.53.47 | 000,107,402 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015/11/05 08.49.00 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/11/05 08.48.18 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/11/05 08.48.17 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
[2015/11/05 08.48.05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/11/04 23.04.09 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015/11/04 20.44.57 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
[2015/11/04 10.04.54 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Collegamento a OTL.lnk
[2015/11/03 10.11.29 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/11/02 18.44.37 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/02 18.44.37 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2015/11/02 18.44.37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2015/11/02 18.44.36 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2015/11/02 18.44.36 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2015/11/02 18.44.32 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Outlook Express.lnk
[2015/11/02 18.44.31 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Google Earth.lnk
[2015/11/02 18.44.31 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Internet Explorer.lnk
[2015/11/02 18.44.30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Auslogics DiskDefrag.lnk
[2015/11/02 18.44.30 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Eusing Free Registry Cleaner.lnk
[2015/10/31 09.48.05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Sunday.job
[2015/10/31 09.48.05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Saturday.job
[2015/10/31 09.47.05 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/31 09.46.40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/10/29 13.50.38 | 000,032,593 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\da mia posta.odt
[2015/10/27 12.25.24 | 000,016,439 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Proemoria.odt
[2015/10/21 16.24.24 | 000,229,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2015/10/21 16.14.48 | 000,192,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2015/10/19 14.51.34 | 000,112,992 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_4.pdf
[2015/10/19 14.51.34 | 000,070,373 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_6.pdf
[2015/10/19 14.51.34 | 000,067,135 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_8.pdf
[2015/10/19 14.51.34 | 000,060,762 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_2.pdf
[2015/10/19 14.51.34 | 000,060,641 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_5.pdf
[2015/10/19 14.51.34 | 000,059,518 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_9.pdf
[2015/10/19 14.51.34 | 000,054,043 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_3.pdf
[2015/10/19 14.51.34 | 000,053,384 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_7.pdf
[2015/10/19 14.51.34 | 000,052,660 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_1.pdf
[2015/10/19 08.06.02 | 000,243,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverlx.sys
[2015/10/17 19.55.15 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/10/17 19.55.15 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/10/08 07.48.58 | 000,231,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2015/10/05 08.50.10 | 000,121,560 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2015/10/05 08.50.04 | 000,023,256 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/11/04 10.04.54 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Collegamento a OTL.lnk
[2015/10/31 09.48.05 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Sunday.job
[2015/10/31 09.48.04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Saturday.job
[2015/10/31 09.47.05 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/29 13.50.38 | 000,032,593 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\da mia posta.odt
[2015/10/25 23.38.05 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
[2015/10/19 14.51.34 | 000,112,992 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_4.pdf
[2015/10/19 14.51.34 | 000,070,373 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_6.pdf
[2015/10/19 14.51.34 | 000,067,135 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_8.pdf
[2015/10/19 14.51.34 | 000,060,762 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_2.pdf
[2015/10/19 14.51.34 | 000,060,641 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_5.pdf
[2015/10/19 14.51.34 | 000,059,518 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_9.pdf
[2015/10/19 14.51.34 | 000,054,043 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_3.pdf
[2015/10/19 14.51.34 | 000,053,384 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_7.pdf
[2015/10/19 14.51.34 | 000,052,660 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_1.pdf
[2015/09/13 09.41.22 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Auslogics DiskDefrag.lnk
[2015/02/17 11.30.48 | 000,016,000 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Proemoria.odt
[2014/10/31 22.45.21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/12 15.00.50 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\STSWCAD.ini
[2014/07/19 15.57.46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2014/07/19 15.57.46 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2014/07/19 15.57.46 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2014/07/19 15.57.43 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2014/07/19 15.49.09 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2014/07/19 11.12.40 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2014/07/19 11.06.49 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2014/07/19 11.06.49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\PLFSetI.exe
[2014/07/19 11.06.49 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2014/07/18 20.23.38 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2014/07/17 16.39.21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/28 11.06.05 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\WBPU-TTL.DAT
[2013/12/28 11.06.04 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\WB.CFG

========== ZeroAccess Check ==========

[2011/04/15 16.33.12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/25 04.30.52 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/10/31 18.10.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\AVAST Software
[2014/12/29 17.23.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Auslogics
[2015/10/25 23.40.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\AVG
[2014/11/01 08.30.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Eusing
[2015/11/05 10.56.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\IObit
[2014/12/17 19.34.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Nokia
[2014/11/01 16.21.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\OpenOffice
[2015/10/31 09.52.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Opera Software
[2014/12/30 11.20.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Oracle
[2014/12/17 19.28.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\PC Suite
[2015/10/31 09.48.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Shortcut
[2014/11/04 15.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Thunderbird
[2012/10/13 09.36.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\TuneUp Software
[2013/03/22 10.53.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\16F
[2011/04/05 10.15.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2014/01/28 13.52.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AppsWatcher
[2015/09/13 09.43.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Auslogics
[2015/06/09 20.11.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2015/10/25 23.35.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2015/07/17 12.45.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG Web TuneUp
[2014/04/08 23.13.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2014
[2015/10/26 08.57.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2015
[2011/04/06 18.02.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2014/07/19 15.47.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Broadcom
[2011/04/06 18.06.52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2015/04/10 18.11.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IM
[2015/04/10 18.10.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
[2014/09/26 22.43.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2015/01/12 15.50.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit
[2015/11/05 08.53.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2015/05/03 17.06.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NokiaInstallerCache
[2015/08/31 08.32.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Oracle
[2014/09/26 22.51.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2015/04/10 18.11.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Photo Notifier and Animation Creator
[2015/11/02 08.40.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ProductData
[2013/12/26 14.36.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2012/01/22 18.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
[2012/01/21 12.33.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZipEC
[2014/02/22 19.08.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2012/01/29 20.50.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/12/29 16.56.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[2012/10/13 09.36.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dati applicazioni\TuneUp Software
[2012/12/16 19.18.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Adblock Pro
[2011/09/21 14.34.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Auslogics
[2011/04/06 18.07.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG10
[2011/11/25 17.52.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG2012
[2012/10/04 18.25.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx\Dati applicazioni\AVG2013
[2014/04/06 20.01.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG2014
[2013/11/18 20.35.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Dropbox
[2012/08/24 19.22.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\EmoticoonsToolbar
[2014/02/13 19.22.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Eusing
[2014/02/22 19.17.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\IObit
[2014/09/26 22.53.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Nokia
[2013/10/14 17.45.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx\Dati applicazioni\OpenOffice
[2011/04/05 18.26.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\OpenOffice.org
[2012/07/29 23.19.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Oracle
[2014/09/26 22.51.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\PC Suite
[2013/02/26 16.36.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Spotflux
[2013/10/12 13.05.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\SumatraPDF
[2012/12/22 20.49.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Thunderbird
[2012/10/04 18.23.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\TuneUp Software
[2011/06/05 17.44.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\uTorrent
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\AVG Secure Search
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\AVG2013
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:AD022376

< End of report >
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 11:29:33 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Questo e' il primo. Adesso faccio il secondo

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 05/11/2015 at 10.54.33,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\iobit\driver booster
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\lavasoft\web companion
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\nico mak computing
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\productdata
Successfully deleted: [Folder] C:\Programmi\eusing free registry cleaner
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\0U1E1Q1T2Z1P0S2Z1T1C



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\mozilla\firefox\profiles\vyyvybes.default-1433060963171\prefs.js

user_pref(browser.search.searchengine.alias, istartsurf);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.istartsurf.com/favicon.ico);
user_pref(browser.search.searchengine.name, istartsurf);
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX);
user_pref(browser.search.searchengine.url, hxxp://www.istartsurf.com/web/?type=ds&ts=1446281123&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=HitachiXHTS542516K



~~~ Chrome


[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2015 at 11.00.26,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 11:43:34 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Scusa, quest'ultimo l'ho reinserito per errore. Il resto e' giusto.
Torna in alto
 
shapiro
Inviato: Thursday, November 05, 2015 1:00:02 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



scarica questo ed eseguilo poi apri otl e clicca su clean up

dimmi se riscontri altri problemi
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 2:52:01 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Prima di iniziare avast una finestra dice che nel browser internet c'e' un provider di ricerca con scarsa reputazione. per procedere dovrei cliccare su "pulisci i miei browser.
Cosa faccio, vado avanti?
Torna in alto
 
shapiro
Inviato: Thursday, November 05, 2015 2:55:35 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



certo, vai avanti
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 4:20:39 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ho finito ma purtroppo nonostante tutto quando apro chrome si connette prima con Google e di fianco alla finestra (in alto a sinistra) si connette con quella dannata porcheria.
Torna in alto
 
johnconnors
Inviato: Thursday, November 05, 2015 4:42:41 PM

Rank: AiutAmico

Iscritto dal : 7/11/2015
Posts: 155
mare10 ha scritto:
Ho finito ma purtroppo nonostante tutto quando apro chrome si connette prima con Google e di fianco alla finestra (in alto a sinistra) si connette con quella dannata porcheria.


Chissà che non risolvi con questo:
http://www.infoeinternet.com/2014/come-rimuovere-istartsurf-definitivamente/

oppure:
http://pcpulito.com/come-eliminare-istartsurf-dal-computer

Non ho letto tutta la iscussione ma ha provato a ripristinare il PC prima del brutto avento ?
Torna in alto
 
cbbusto
Inviato: Thursday, November 05, 2015 6:37:23 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
mare10 ha scritto:
Ho finito ma purtroppo nonostante tutto quando apro chrome si connette prima con Google e di fianco alla finestra (in alto a sinistra) si connette con quella dannata porcheria.


Allora JRT ha eliminato tutte le voci che riguardavano istartsurf da firefox, in chrome non appaiono.
Vuoi un mio consiglio, elimina Chrome è un browser impiccione e molti problemi arrivano proprio da lui, hai firefox usa quello e vedrai che istartsurf sparirà.
Io non sono intervenuto subito perchè ti era già stato risposto, ma jrt andava usato subito assieme ad ADW, poi altro programma da usare è Malwarebytes, non so se lo hai già usato ma vedo che lo hai installato.
Ciao
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 7:00:17 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Perfetto. Eliminero' chrome.
Io uso abitualmente Malwarebytes.
Per JRT pensi che sia il caso ogni tanto da usare, ed anche ADW?
Grazie.
Ciao
Torna in alto
 
cbbusto
Inviato: Thursday, November 05, 2015 7:10:19 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
mare10 ha scritto:
Perfetto. Eliminero' chrome.
Io uso abitualmente Malwarebytes.
Per JRT pensi che sia il caso ogni tanto da usare, ed anche ADW?
Grazie.
Ciao


Si, ADW e Jrt servono sempre per eliminare tutta la spazzatura, assieme ad adware ed eventuali toolbar inutili.
Tieni pulito anche il Registro con Ccleaner. Ciao
Torna in alto
 
mare10
Inviato: Thursday, November 05, 2015 8:48:36 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Grazie mille per la gentilezza.
Un grazie anche a Shapiro e Wolfestein.
Un saluto.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Istartfurf come si puo' eliminare


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.