Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

virus polizia stato in xp Opzioni
cronos66
Inviato: Monday, March 03, 2014 2:36:11 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ciao a tutti,
ieri il computer andava lento poi all'improvviso è comparsa la scritta che windows si stava chiudendo. Ho pensato al surriscaldamento del processore visto che è vicino al muro e non ha molto sfogo per l'aria.
Subito dopo è comparsa la maschera del virus della polizia di stato che chiede 100 euro ecc...

Ho tentato di far ripartire il pc in provvisoria, ma appena apre la provvisoria (senza promt vari) compare la scritta della chiusura di windows in provvisoria e rimane così fino allo spegnimento manuale con il tasto per l'accensione.

Come posso fare per recuperare il pc senza formattare visto che ho molti file e cartelle che non essendo ancora completi non li avevo salvati su hd esterno?

Ho letto di provare con kaspersky rescue disk, proverò stasera. Ho anche letto di provare con combofix.

Ho una docking station, avevo pensato di estrarre l'hd dal pc ed inserirlo nella docking in modo da trasformarlo in una unità esterna e provare tramite l'altro computer con malwarebytes o altri programmi che magari mi suggerite voi a ripulirlo senza fare partire su di lui il sistema operativo e quindi il blocco da parte della maledetta maschera.
La maschera non mi permette di avere la barra sotto e il menu di start...programmi....ecc...

E' partito un count down che non so quanto sia veritiero e che promette il blocco totale del computer.

Aspetto vostri preziosi consigli.

Grazie e ciao
Carlo
Sponsor
Inviato: Monday, March 03, 2014 2:36:11 PM

 
r16
Inviato: Monday, March 03, 2014 5:51:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Commenta:
E' partito un count down che non so quanto sia veritiero e che promette il blocco totale del computer.

E' partito il tempo in cui dovresti pagare il riscatto. (di solito sono 96 ore)
Scaduto tale tempo, se la variante del virus è quella che sospetto, i tuoi dati saranno persi.
Le soluzioni che hai citato, possono essere valide.
Comincia con kaspersky rescue disk.
In qualsiasi caso, se la variante del virus è quella che cripta i dati (foto e documenti), quelli non potrai salvarli.
Nemmeno se elimini il virus.
miticoalex
Inviato: Monday, March 03, 2014 7:29:21 PM

Rank: AiutAmico

Iscritto dal : 10/19/2010
Posts: 14,635
r16 ha scritto:
In qualsiasi caso, se la variante del virus è quella che cripta i dati (foto e documenti), quelli non potrai salvarli.
Nemmeno se elimini il virus.


Ciao R16. Se trattati di questa variante, laddove elimina il virus, si potrebbero recuperare dati dalle copie shadow di windows .

Cosa ne pensi?





r16
Inviato: Monday, March 03, 2014 8:40:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
miticoalex ha scritto:

Ciao R16. Se trattati di questa variante, laddove elimina il virus, si potrebbero recuperare dati dalle copie shadow di windows .

Cosa ne pensi?

Ciao Mitico.
Se avesse installato Win 7 o 8 sì.
Ma purtroppo ha XP, e per quanto ne sò non esistono copie shadow su XP.
Mi sembra che ci siano da Vista in poi.
giza
Inviato: Tuesday, March 04, 2014 10:12:16 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,618
ma perchè la polizia postale non interviene? ci sarebbero gli estremi per falso, tentata estorsione, furto d'identità.
eh già è troppo impegnata a spiare le telefonate a luci rosse di silvio!!!
cronos66
Inviato: Tuesday, March 04, 2014 2:08:22 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ho usato il rescue disk di kaspersky che ha trovato alcuni trojan sembra relativi a java e li ha messi in quarantena alcuni ed altri li ha cancellati.
Sono riuscito ad arrivare al desktop e a salvare buona parte dei files. Ci sono arrivato per caso tentando di spegnere il pc con il tasto di accensione premendolo solo in parte per un attimo e la maschera del virus è sparita ed ha lasciato spazio al desktop.
Alla fine del salvataggio dei files ho provato a fare un riavvio del pc e subito è comparsa ancora la maledetta maschera.

Purtroppo ho dei files che se sposto non funzionano più sicuramente, sono quelli con il drm scaricati con quel metodo legale di downlovers di 2/3 anni fa. Non li avevo masterizzati e quindi se dovessi formattare l'hd non penso sia possibile trasferirli e farli funzionare su altro hd.

Questa sera proverò con combofix o con kikstart, per vedere se cambia qualcosa.
baffogatto
Inviato: Tuesday, March 04, 2014 2:26:48 PM

Rank: AiutAmico

Iscritto dal : 11/4/2011
Posts: 1,235
Scusate per il mio consiglio banale da un non informatico.

Su due pc di conoscenti ho risolto sconnettendoli da internet materialmente cioè scollegando il cavo del modem.
Questo distacco sarebbe da fare al più presto non appena appare la schermata della Polizia e company, perché, a mio parere il virus lavora solo se connessi.

Una volta isolato il pc dalla rete si effettuano le varie pulizie sia in normale che in provvisoria.

Sarà fortuna ma a me ha funzionato.
G.
r16
Inviato: Tuesday, March 04, 2014 5:44:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
baffogatto ha scritto:

Su due pc di conoscenti ho risolto sconnettendoli da internet materialmente cioè scollegando il cavo del modem.
G.

Ciao Baffo.
Ci sono decine di varianti in questo tipo di infezione.
Varia da quella che con un semplice ripristino risolvi, a quella che ti riempie il pc di malware e rootkit vari, oppure quella che ti cripta i dati.
Nei tuoi casi sei stato fortunato.

@cronos66:
Commenta:
Questa sera proverò con combofix o con kikstart, per vedere se cambia qualcosa.

Se riesci ad arrivare al desktop, è meglio fare una scansione con RougeKiller
Scarica RougeKiller sul desktop.
http://www.adlice.com/softs/roguekiller/RogueKiller.exe

Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita la pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, clicca su "Delete" (Cancella)
Finite le eliminazioni, ti appare un Report.
Postalo qui.

N.B:
Non riavviare mai il pc, se non te lo indico io.

Poi:

Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su
Commenta:
Wikisend
, per postarli sul forum.

Per essere più chiaro nel postare i log: (tutti)

Collegati ad internet e vai alla pagina WikiSend:
http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

cronos66
Inviato: Tuesday, March 04, 2014 11:00:25 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ciao r16
purtroppo forse è stato un caso l'altra sera che sono riuscito ad arrivare al desktop.
Oggi appare il desktop per pochissimi secondi poi appare la maschera del virus e non riesco a fare né star né ctrl alt canc.
Se seleziono la provvisoria (sia semplice che con rete o prompt) va subito in disconnesione e si spegne il computer, così non riesco ad avere il desktop in provvisoria.
Non so cosa fare.
cronos66
Inviato: Tuesday, March 04, 2014 11:05:35 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
r16,
se dovessi estrarre l'hd dal computer ed usare la docking station per leggerlo come una semplice usb su un altro computer, potrei arrivare a trovare il virus ed eliminarlo dall'avvio automatico ecc..?
r16
Inviato: Wednesday, March 05, 2014 5:50:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Per andare sul sicuro fai così: (ci metti meno tempo che smontare l'HD )

Procurati un cd vuoto.

Scarica OTLPENet sul desktop

http://oldtimer.geekstogo.com/OTLPENet.exe

Aprirlo con un doppio click
Si aprirà imgburn per scrivere il file sul cd (assicurati quindi di aver già inserito un cd vuoto).
Una volta creato il cd , avvia il pc infetto dal cd

Quando ti apparirà il desktop,fai doppio click su OTL.exe.
Ti verrà chiesto Do you wish to load remote user profile(s) for scanning,
cliccare Yes
Scegli il nome utente e metti la spunta su Automatically Load All Remaining Users
Clicca su SCAN

Posta il log C:\OTL.txt

Questa operazione mi permette di individuare dove risiede il virus.

Una volta individuato, faremo uno script apposito per la sua eliminazione.
cronos66
Inviato: Wednesday, March 05, 2014 9:41:43 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ciao r16, ecco il log di otl, mentre ora sto passando ancora una volta kasperky rescue disk:

OTL logfile created on: 3/5/2014 8:34:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 232.88 Gb Total Space | 24.06 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOCUME~1\ALLUSE~1\DATIAP~1\0dl4cl3.cpp -- (winmgmt)
SRV - [2014/02/19 15:05:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/20 14:55:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 15:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/01/24 06:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto] -- C:\Programmi\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 09:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto] -- C:\Programmi\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (NVXBAR)
DRV - File not found [Kernel | Auto] -- -- (nvcap) nVidia WDM Video Capture (universal)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2014/02/19 15:07:07 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/19 15:05:17 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/19 15:05:17 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/19 15:05:17 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/19 15:05:16 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/01/11 15:25:05 | 000,180,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/04 05:37:09 | 000,049,944 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/11 19:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2012/03/25 11:01:46 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2011/03/02 05:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 02:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 01:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 03:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 01:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 01:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/12 06:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/22 22:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006/02/22 22:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005/09/23 15:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/07 09:29:08 | 000,005,760 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004/09/07 09:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/07 09:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/04/30 09:35:00 | 000,024,832 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\a38usbxp.sys -- (ACSSCR)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/29 09:45:18 | 000,089,184 | R--- | M] (Ahead Software AG and its licensors) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (Imagedrv)
DRV - [2003/02/10 07:33:06 | 000,052,224 | R--- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ttp9.sys -- (ttp9)
DRV - [2002/07/27 11:01:06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2002/07/27 11:01:06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2001/08/17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = httpSpeak to the handftpSpeak to the handhttpsSpeak to the hand




FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/12/04 09:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\mozilla\Extensions
[2013/09/29 14:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\mozilla\Firefox\Profiles\extensions

O1 HOSTS File: ([2014/01/14 05:54:49 | 000,450,625 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AvastUI.exe] C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\Administrator_ON_C..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\Administrator_ON_C..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1376437060651 (WUWebControl Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 04:16:28 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2014/03/04 15:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/03/03 13:16:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/03/02 19:14:22 | 000,191,529 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp
[2014/03/02 11:59:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/14 19:58:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/30 17:45:24 | 002,374,320 | ---- | C] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 16:15:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/17 16:15:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/17 16:15:31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/17 16:15:31 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/17 16:15:31 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/17 16:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2014/03/05 14:18:30 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/05 14:17:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/05 14:17:50 | 095,027,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\3lc4ld0.fee
[2014/03/05 14:17:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/04 18:44:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/03 19:00:57 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2014/03/03 18:18:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014/03/02 19:14:29 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk
[2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp
[2014/03/02 14:02:30 | 000,482,092 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2014/03/02 14:02:30 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/02 14:02:30 | 000,080,696 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2014/03/02 14:02:30 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/21 12:59:22 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PeerBlock.lnk
[2014/02/19 15:07:08 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/19 15:07:07 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/19 15:05:17 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/19 15:05:17 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/19 15:05:17 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/19 15:05:16 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/19 15:05:16 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/19 15:05:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/05 21:55:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/05 21:55:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 18:20:05 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 18:20:02 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 18:20:01 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 18:19:59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 18:19:59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 18:19:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 18:19:55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 18:19:55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 18:19:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 18:19:52 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 18:19:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 18:19:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 18:19:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 18:19:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 18:19:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 18:19:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 18:19:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 18:19:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 18:19:29 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 18:19:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 18:19:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 18:19:28 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 18:19:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 18:19:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 18:19:22 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 18:18:49 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 18:18:46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 18:18:46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 18:18:44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 18:18:44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 17:25:56 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/05 11:22:34 | 000,141,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/30 17:45:27 | 002,374,320 | ---- | M] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[2014/01/15 18:29:19 | 000,012,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/15 18:28:21 | 000,725,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2014/01/14 05:54:49 | 000,450,625 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/11 15:25:05 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/06 14:05:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/05 13:49:13 | 004,578,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\ipfilter.v0153.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 18:53:39 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Acid Drinkers - Dirty Money, Dirty Tricks_[FLAC_CUE].cue
[2014/03/02 19:14:29 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk
[2014/03/02 19:14:25 | 095,027,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\3lc4ld0.fee
[2014/02/05 11:29:01 | 000,141,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/15 18:31:44 | 000,477,949 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\7-14_Tutorial corso bambini.pdf
[2014/01/15 18:29:19 | 000,012,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/15 18:28:19 | 000,725,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2013/04/12 17:48:24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 17:48:24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 17:48:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/21 07:59:06 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 07:59:05 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/07 22:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/23 05:10:47 | 000,082,543 | ---- | C] () -- C:\Documents and Settings\Administrator\peerblock.dmp
[2012/03/17 13:00:25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun
[2012/02/16 11:14:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 06:04:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2012/01/15 06:04:35 | 000,057,696 | ---- | C] () -- C:\WINDOWS\System32\bit4cnsp-uninst.exe
[2009/11/05 09:45:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 14:35:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/05/21 03:07:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.exe
[2008/05/15 03:10:22 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.ini
[2008/03/10 04:18:32 | 000,000,126 | ---- | C] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2008/02/17 12:19:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/27 11:05:45 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/27 04:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/06/27 01:39:51 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/27 01:39:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/06/27 01:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/06/27 01:24:56 | 000,040,960 | ---- | C] () -- C:\Programmi\Uninstall_CDS.exe
[2007/06/27 01:11:48 | 000,000,269 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2007/06/27 01:07:02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/27 01:07:02 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/27 01:04:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/06/27 01:03:10 | 000,004,587 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/06/27 01:03:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/27 00:57:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/06/26 13:01:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/26 12:57:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/26 11:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/26 11:39:16 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 08:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 08:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 08:43:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 08:43:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 08:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 08:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 08:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 08:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 08:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 08:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/16 11:41:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ClearLogonCredentials.dll
[2006/03/02 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 07:00:00 | 000,482,092 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2006/03/02 07:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 07:00:00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2006/03/02 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 07:00:00 | 000,080,696 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2006/03/02 07:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 07:00:00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2006/03/02 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 04:49:16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2013/12/04 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\AVAST Software
[2013/10/06 16:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\calibre
[2012/07/29 14:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\CheckPoint
[2013/12/08 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/12/08 16:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\EAC
[2013/05/17 01:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\FairStars CD Ripper
[2013/05/17 02:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\foobar2000
[2011/11/19 08:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Foxit
[2012/09/01 13:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\LaunchPad
[2012/01/15 06:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Lombardia Integrata
[2012/07/29 14:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
[2013/12/08 16:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PlatinumHideIP
[2013/08/15 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\REAPER
[2013/07/31 17:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\renault
[2013/06/12 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Anvsoft
[2013/12/04 05:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/07/29 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CheckPoint
[2012/03/25 11:07:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2013/12/08 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/01/15 06:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Lombardia Integrata
[2012/07/29 14:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2007/06/27 04:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\muvee Technologies
[2013/08/10 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2013/08/10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Plus
[2013/08/10 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate Collection
[2013/12/08 16:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlatinumHideIP
[2013/08/10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Studio 15
[2014/03/05 14:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2014/03/05 14:18:30 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A31FAD21
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C31F31E6
< End of report >
r16
Inviato: Wednesday, March 05, 2014 10:01:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
SRV - [2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOCUME~1\ALLUSE~1\DATIAP~1\0dl4cl3.cpp -- (winmgmt)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2014/03/02 19:14:22 | 000,191,529 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp
[2014/03/05 14:17:50 | 095,027,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\3lc4ld0.fee
[2014/03/02 19:14:29 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk
[2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.

Il pc dovrebbe riavviarsi in modalità normale.

Aggiorna l'antivirus e fai una scansione completa del pc.

Poi:
Scarica Malwarebytes:
http://it.malwarebytes.org/products/malwarebytes_free
Aggiornalo
Esegui una scansione completa. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare e poi cliccare su "Rimuovi selezionati")
Posta il log.
cronos66
Inviato: Wednesday, March 05, 2014 10:10:58 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ok lo faccio subito, poi ti farò sapere.
r16
Inviato: Wednesday, March 05, 2014 10:17:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ci sentiamo domani sera.
Comunque il virus dovrebbe essere eliminato se esegui le indicazioni.
Se Malwarebytes ti chiede il riavvio del pc per eliminare le eventuali infezioni trovate: acconsenti.
Notte.
miticoalex
Inviato: Wednesday, March 05, 2014 11:11:57 PM

Rank: AiutAmico

Iscritto dal : 10/19/2010
Posts: 14,635
r16 ha scritto:

Procurati un cd vuoto.

Scarica OTLPENet sul desktop

http://oldtimer.geekstogo.com/OTLPENet.exe

Aprirlo con un doppio click
Si aprirà imgburn per scrivere il file sul cd (assicurati quindi di aver già inserito un cd vuoto).
Una volta creato il cd , avvia il pc infetto dal cd


r16, ma questo è un OTL live CD?

Grazie, ciao :)



cronos66
Inviato: Wednesday, March 05, 2014 11:59:12 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ho fatto ed ora il computer si comporta normalmente.
Ho passato anche malwarebytes ed ha trovato un trojan relativo a otl, l'ho cancellato.
Ho fatto una nuova scansione con otl, purtroppo il log di malwarebytes non l'ho salvato, ho quello di otl:
OTL logfile created on: 05/03/2014 23.47.24 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = C:\
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 232,88 Gb Total Space | 27,39 Gb Free Space | 11,76% Space Free | Partition Type: NTFS

Computer Name: USER | User Name: Administrator
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2014/02/19 21.05.12 | 000,050,344 | ---- | M] (AVAST Software) [Auto] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/20 20.55.23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 21.05.43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/01/24 12.23.14 | 000,286,000 | ---- | M] (PC Tools) [Auto] -- C:\Programmi\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2005/04/03 23.41.10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 15.25.12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto] -- C:\Programmi\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/07/28 19.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (NVXBAR)
DRV - File not found [Kernel | Auto] -- -- (nvcap) nVidia WDM Video Capture (universal)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2014/02/19 21.07.07 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/19 21.05.17 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/19 21.05.17 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/19 21.05.17 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/19 21.05.16 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/01/14 19.31.58 | 000,019,016 | ---- | M] () [Kernel | On_Demand] -- C:\Programmi\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2014/01/11 21.25.05 | 000,180,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/04 11.37.09 | 000,049,944 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/12 01.32.23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2012/03/25 17.01.46 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2011/03/02 11.40.54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 08.10.26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 07.11.12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 09.36.22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 07.49.10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 07.49.10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2008/04/13 19.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/12 12.27.00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/23 04.39.06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006/02/23 04.38.32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005/09/23 21.18.32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/07 15.29.08 | 000,005,760 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004/09/07 15.27.38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/07 15.27.22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/04/30 15.35.00 | 000,024,832 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\a38usbxp.sys -- (ACSSCR)
DRV - [2003/12/05 10.46.36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/29 15.45.18 | 000,089,184 | R--- | M] (Ahead Software AG and its licensors) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (Imagedrv)
DRV - [2003/02/10 13.33.06 | 000,052,224 | R--- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ttp9.sys -- (ttp9)
DRV - [2002/07/27 17.01.06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2002/07/27 17.01.06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2001/08/17 23.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.51.32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-515967899-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
IE - HKU\S-1-5-21-1801674531-515967899-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-515967899-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = httpSpeak to the handftpSpeak to the handhttpsSpeak to the hand

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/12/04 15.09.31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Extensions
[2013/09/29 20.05.25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\extensions

O1 HOSTS File: ([2014/01/14 11.54.49 | 000,450,625 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00PCTFW] C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AvastUI.exe] C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1801674531-515967899-725345543-500..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1801674531-515967899-725345543-500..\Run: [PowerBar] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-515967899-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1376437060651 (WUWebControl Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 10.16.28 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2014/03/06 04.24.36 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2014/03/06 04.24.34 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/04 21.41.01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/03/03 19.16.53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/03/02 17.59.17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/15 01.58.40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/30 23.45.24 | 002,374,320 | ---- | C] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 22.15.38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/17 22.15.38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/17 22.15.31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/17 22.15.31 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/17 22.15.31 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/17 22.15.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java

========== Files - Modified Within 60 Days ==========

[2014/03/05 23.45.31 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/05 23.45.12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/05 23.45.09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/05 22.44.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/04 01.00.57 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2014/03/04 00.18.53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014/03/02 20.02.30 | 000,482,092 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2014/03/02 20.02.30 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/02 20.02.30 | 000,080,696 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2014/03/02 20.02.30 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/21 18.59.22 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PeerBlock.lnk
[2014/02/19 21.07.08 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/19 21.07.07 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/19 21.05.17 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/19 21.05.17 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/19 21.05.17 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/19 21.05.16 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/19 21.05.16 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/19 21.05.16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/06 03.55.58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03.55.58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/06 00.20.05 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/06 00.20.02 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/06 00.20.01 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/06 00.19.59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/06 00.19.59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/06 00.19.58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/06 00.19.55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/06 00.19.55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/06 00.19.53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/06 00.19.52 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/06 00.19.31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/06 00.19.31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/06 00.19.31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/06 00.19.31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/06 00.19.30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/06 00.19.30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/06 00.19.29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/06 00.19.29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/06 00.19.29 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/06 00.19.29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/06 00.19.29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/06 00.19.28 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/06 00.19.24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/06 00.19.24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/06 00.19.22 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/06 00.18.49 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/06 00.18.46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/06 00.18.46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/06 00.18.44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/06 00.18.44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 23.25.56 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/05 17.22.34 | 000,141,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/30 23.45.27 | 002,374,320 | ---- | M] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 22.15.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[2014/01/16 00.29.19 | 000,012,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/16 00.28.21 | 000,725,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2014/01/14 11.54.49 | 000,450,625 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/11 21.25.05 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/06 20.05.18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/05 19.49.13 | 004,578,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\ipfilter.v0153.zip

========== Files Created - No Company Name ==========

[2014/02/05 17.29.01 | 000,141,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/16 00.31.44 | 000,477,949 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\7-14_Tutorial corso bambini.pdf
[2014/01/16 00.29.19 | 000,012,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/16 00.28.19 | 000,725,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2013/04/12 23.48.24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 23.48.24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 23.48.24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/21 13.59.06 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 13.59.05 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/08 04.03.08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/23 11.10.47 | 000,082,543 | ---- | C] () -- C:\Documents and Settings\Administrator\peerblock.dmp
[2012/03/17 19.00.25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun
[2012/02/16 17.14.24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 12.04.35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2012/01/15 12.04.35 | 000,057,696 | ---- | C] () -- C:\WINDOWS\System32\bit4cnsp-uninst.exe
[2009/11/05 15.45.21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 20.35.37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/05/21 09.07.06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.exe
[2008/05/15 09.10.22 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.ini
[2008/03/10 10.18.32 | 000,000,126 | ---- | C] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2008/02/17 18.19.24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/27 17.05.45 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/27 10.18.30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/06/27 07.39.51 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/27 07.39.51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/06/27 07.38.07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/06/27 07.24.56 | 000,040,960 | ---- | C] () -- C:\Programmi\Uninstall_CDS.exe
[2007/06/27 07.11.48 | 000,000,269 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2007/06/27 07.07.02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/27 07.07.02 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/27 07.04.51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/06/27 07.03.10 | 000,004,587 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/06/27 07.03.07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/27 06.57.03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/06/26 19.01.30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/26 18.57.12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/26 17.40.11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/26 17.39.16 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 14.45.20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 14.43.00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 14.43.00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 14.43.00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 14.43.00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 14.43.00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 14.43.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 14.43.00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 14.43.00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 14.43.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/16 17.41.00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ClearLogonCredentials.dll
[2006/03/02 13.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 13.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 13.00.00 | 000,482,092 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2006/03/02 13.00.00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 13.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2006/03/02 13.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 13.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 13.00.00 | 000,080,696 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2006/03/02 13.00.00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 13.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 13.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2006/03/02 13.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 13.00.00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 13.00.00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 13.00.00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 13.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 10.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 16.46.58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2013/12/04 17.24.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\AVAST Software
[2013/10/06 22.20.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\calibre
[2012/07/29 20.32.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\CheckPoint
[2013/12/08 23.43.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/12/08 22.44.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\EAC
[2013/05/17 07.38.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\FairStars CD Ripper
[2013/05/17 08.02.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\foobar2000
[2011/11/19 14.23.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Foxit
[2012/09/01 19.39.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\LaunchPad
[2012/01/15 12.04.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Lombardia Integrata
[2012/07/29 20.47.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
[2013/12/08 22.46.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PlatinumHideIP
[2013/08/15 15.53.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\REAPER
[2013/07/31 23.10.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\renault
[2013/06/12 23.40.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Anvsoft
[2013/12/04 11.34.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/07/29 20.11.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CheckPoint
[2012/03/25 17.07.16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2013/12/08 23.43.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/01/15 12.04.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Lombardia Integrata
[2012/07/29 20.22.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2007/06/27 10.15.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\muvee Technologies
[2013/08/10 18.02.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2013/08/10 17.56.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Plus
[2013/08/10 18.03.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate Collection
[2013/12/08 22.46.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlatinumHideIP
[2013/08/10 17.56.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Studio 15
[2014/03/05 23.45.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2014/03/05 23.45.31 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A31FAD21
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C31F31E6
< End of report >

r16
Inviato: Thursday, March 06, 2014 6:11:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
miticoalex ha scritto:

r16, ma questo è un OTL live CD?

Grazie, ciao :)


Ciao Mitico.
Sì è un OTL CD live.
Serve sopratutto per XP, quando si verificano casi come questi.
Vista, Win 7 o 8 permettono altre soluzioni, agendo sulle "Opzioni di ripristino avanzate", in cui è possibile scaricare in una chiavetta un programma (FRST) che ha più o meno le stesse funzioni di OTL.
Non si deve masterizzare niente, questo è l'unico vantaggio.

@cronos66:
Il log di OTL non presenta infezioni attive.
Fai queste pulizie:

Apri OTL e clicca su CleanUP.
Si disinstallerà OTL.
Ti chiederà il riavvio del pc: acconsenti.

Al riavvio fai una pulizia con CCleaner. (registro compreso)

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Svuota il cestino.

Sempre con CCleaner:
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".

N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.

Malwarebytes tienilo installato, per eventuali casi futuri. (tienilo aggiornato)
Per quello che serve, (poco) puoi disinstallare SpyBot.

Se il pc funziona bene, abbiamo concluso.

cronos66
Inviato: Thursday, March 06, 2014 11:21:40 PM
Rank: AiutAmico

Iscritto dal : 11/13/2012
Posts: 84
Ciao r16,
il pc attualmente funziona bene ed eseguo quello che mi hai appena suggerito.
Volevo chiederti ancora una cosa, in msconfig/avvio trovo delle voci non spuntate per l'avvio automatico che sono:

ALCMTR ALCMTR.EXE
RTHDCPL RTHDCPL.EXE

scritte proprio così in maiuscolo nelle colonne "elemento di avvio" e "comando.

Non so cosa sono e se sono dannosi, mi sai dire qualcosa?

Grazie ancora per il salvataggio del mio pc, ciaoo, Carlo
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.