Ciao a tutti,
ieri il computer andava lento poi all'improvviso è comparsa la scritta che windows si stava chiudendo. Ho pensato al surriscaldamento del processore visto che è vicino al muro e non ha molto sfogo per l'aria.
Subito dopo è comparsa la maschera del virus della polizia di stato che chiede 100 euro ecc...

Ho tentato di far ripartire il pc in provvisoria, ma appena apre la provvisoria (senza promt vari) compare la scritta della chiusura di windows in provvisoria e rimane così fino allo spegnimento manuale con il tasto per l'accensione.

Come posso fare per recuperare il pc senza formattare visto che ho molti file e cartelle che non essendo ancora completi non li avevo salvati su hd esterno?

Ho letto di provare con kaspersky rescue disk, proverò stasera. Ho anche letto di provare con combofix.

Ho una docking station, avevo pensato di estrarre l'hd dal pc ed inserirlo nella docking in modo da trasformarlo in una unità esterna e provare tramite l'altro computer con malwarebytes o altri programmi che magari mi suggerite voi a ripulirlo senza fare partire su di lui il sistema operativo e quindi il blocco da parte della maledetta maschera.
La maschera non mi permette di avere la barra sotto e il menu di start...programmi....ecc...

E' partito un count down che non so quanto sia veritiero e che promette il blocco totale del computer.

Aspetto vostri preziosi consigli.

Grazie e ciao
Carlo

Ciao.

E' partito il tempo in cui dovresti pagare il riscatto. (di solito sono 96 ore)
Scaduto tale tempo, se la variante del virus è quella che sospetto, i tuoi dati saranno persi.
Le soluzioni che hai citato, possono essere valide.
Comincia con kaspersky rescue disk.
In qualsiasi caso, se la variante del virus è quella che cripta i dati (foto e documenti), quelli non potrai salvarli.
Nemmeno se elimini il virus.

Ciao Mitico.
Se avesse installato Win 7 o 8 sì.
Ma purtroppo ha XP, e per quanto ne sò non esistono copie shadow su XP.
Mi sembra che ci siano da Vista in poi.

Ho usato il rescue disk di kaspersky che ha trovato alcuni trojan sembra relativi a java e li ha messi in quarantena alcuni ed altri li ha cancellati.
Sono riuscito ad arrivare al desktop e a salvare buona parte dei files. Ci sono arrivato per caso tentando di spegnere il pc con il tasto di accensione premendolo solo in parte per un attimo e la maschera del virus è sparita ed ha lasciato spazio al desktop.
Alla fine del salvataggio dei files ho provato a fare un riavvio del pc e subito è comparsa ancora la maledetta maschera.

Purtroppo ho dei files che se sposto non funzionano più sicuramente, sono quelli con il drm scaricati con quel metodo legale di downlovers di 2/3 anni fa. Non li avevo masterizzati e quindi se dovessi formattare l'hd non penso sia possibile trasferirli e farli funzionare su altro hd.

Questa sera proverò con combofix o con kikstart, per vedere se cambia qualcosa.

Ciao Baffo.
Ci sono decine di varianti in questo tipo di infezione.
Varia da quella che con un semplice ripristino risolvi, a quella che ti riempie il pc di malware e rootkit vari, oppure quella che ti cripta i dati.
Nei tuoi casi sei stato fortunato.

@cronos66:

Se riesci ad arrivare al desktop, è meglio fare una scansione con RougeKiller
Scarica RougeKiller sul desktop.
http://www.adlice.com/softs/roguekiller/RogueKiller.exe

Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita la pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, clicca su "Delete" (Cancella)
Finite le eliminazioni, ti appare un Report.
Postalo qui.

N.B:
Non riavviare mai il pc, se non te lo indico io.

Poi:

Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su , per postarli sul forum.

Per essere più chiaro nel postare i log: (tutti)

Collegati ad internet e vai alla pagina WikiSend:
http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

r16,
se dovessi estrarre l'hd dal computer ed usare la docking station per leggerlo come una semplice usb su un altro computer, potrei arrivare a trovare il virus ed eliminarlo dall'avvio automatico ecc..?

Ciao r16, ecco il log di otl, mentre ora sto passando ancora una volta kasperky rescue disk:

OTL logfile created on: 3/5/2014 8:34:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 232.88 Gb Total Space | 24.06 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) [Auto] -- C:\DOCUME~1\ALLUSE~1\DATIAP~1\0dl4cl3.cpp -- (winmgmt)
SRV - [2014/02/19 15:05:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/20 14:55:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 15:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/01/24 06:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto] -- C:\Programmi\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 09:25:12 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto] -- C:\Programmi\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (NVXBAR)
DRV - File not found [Kernel | Auto] -- -- (nvcap) nVidia WDM Video Capture (universal)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2014/02/19 15:07:07 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/19 15:05:17 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/19 15:05:17 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/19 15:05:17 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/19 15:05:16 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/01/11 15:25:05 | 000,180,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/04 05:37:09 | 000,049,944 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/11 19:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2012/03/25 11:01:46 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2011/03/02 05:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 02:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 01:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 03:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 01:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 01:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/12 06:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/22 22:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2006/02/22 22:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2005/09/23 15:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/07 09:29:08 | 000,005,760 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004/09/07 09:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/07 09:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/04/30 09:35:00 | 000,024,832 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\a38usbxp.sys -- (ACSSCR)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/29 09:45:18 | 000,089,184 | R--- | M] (Ahead Software AG and its licensors) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (Imagedrv)
DRV - [2003/02/10 07:33:06 | 000,052,224 | R--- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ttp9.sys -- (ttp9)
DRV - [2002/07/27 11:01:06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2002/07/27 11:01:06 | 000,005,306 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2001/08/17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = httpftphttps




FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/12/04 09:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\mozilla\Extensions
[2013/09/29 14:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dati applicazioni\mozilla\Firefox\Profiles\extensions

O1 HOSTS File: ([2014/01/14 05:54:49 | 000,450,625 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AvastUI.exe] C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\Administrator_ON_C..\Run: [PeerBlock] C:\Programmi\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\Administrator_ON_C..\Run: [PowerBar] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1376437060651 (WUWebControl Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 04:16:28 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2014/03/04 15:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/03/03 13:16:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/03/02 19:14:22 | 000,191,529 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp
[2014/03/02 11:59:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/14 19:58:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/30 17:45:24 | 002,374,320 | ---- | C] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 16:15:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/17 16:15:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/17 16:15:31 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/17 16:15:31 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/17 16:15:31 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/17 16:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2014/03/05 14:18:30 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/05 14:17:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/05 14:17:50 | 095,027,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\3lc4ld0.fee
[2014/03/05 14:17:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/04 18:44:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/03 19:00:57 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2014/03/03 18:18:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014/03/02 19:14:29 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk
[2014/03/02 19:14:22 | 000,191,529 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\0dl4cl3.cpp
[2014/03/02 14:02:30 | 000,482,092 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2014/03/02 14:02:30 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/02 14:02:30 | 000,080,696 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2014/03/02 14:02:30 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/21 12:59:22 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PeerBlock.lnk
[2014/02/19 15:07:08 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/19 15:07:07 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/19 15:05:17 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/19 15:05:17 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/19 15:05:17 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/19 15:05:16 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/19 15:05:16 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/19 15:05:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/05 21:55:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/05 21:55:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 18:20:05 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 18:20:02 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 18:20:01 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 18:19:59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 18:19:59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 18:19:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 18:19:55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 18:19:55 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 18:19:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 18:19:52 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 18:19:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 18:19:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 18:19:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 18:19:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 18:19:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 18:19:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 18:19:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 18:19:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 18:19:29 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 18:19:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 18:19:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 18:19:28 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 18:19:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 18:19:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 18:19:22 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 18:18:49 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 18:18:46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 18:18:46 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 18:18:44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 18:18:44 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 17:25:56 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/05 11:22:34 | 000,141,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/30 17:45:27 | 002,374,320 | ---- | M] (PeerBlock, LLC ) -- C:\Documents and Settings\Administrator\Documenti\PeerBlock-Setup_v1.2_r693.exe
[2014/01/17 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[2014/01/15 18:29:19 | 000,012,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/15 18:28:21 | 000,725,460 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2014/01/14 05:54:49 | 000,450,625 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/11 15:25:05 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/06 14:05:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/05 13:49:13 | 004,578,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\ipfilter.v0153.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 18:53:39 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Acid Drinkers - Dirty Money, Dirty Tricks_[FLAC_CUE].cue
[2014/03/02 19:14:29 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\3lc4ld0.lnk
[2014/03/02 19:14:25 | 095,027,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\3lc4ld0.fee
[2014/02/05 11:29:01 | 000,141,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\esami.PDF
[2014/01/15 18:31:44 | 000,477,949 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\7-14_Tutorial corso bambini.pdf
[2014/01/15 18:29:19 | 000,012,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\CorsoDattiloBambini.zip
[2014/01/15 18:28:19 | 000,725,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\TutoreDattilo.exe
[2013/04/12 17:48:24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 17:48:24 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 17:48:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/21 07:59:06 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/21 07:59:05 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/07 22:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/23 05:10:47 | 000,082,543 | ---- | C] () -- C:\Documents and Settings\Administrator\peerblock.dmp
[2012/03/17 13:00:25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ReminderNextRun
[2012/02/16 11:14:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 06:04:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2012/01/15 06:04:35 | 000,057,696 | ---- | C] () -- C:\WINDOWS\System32\bit4cnsp-uninst.exe
[2009/11/05 09:45:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 14:35:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/05/21 03:07:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.exe
[2008/05/15 03:10:22 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\SSLEmptyCache.ini
[2008/03/10 04:18:32 | 000,000,126 | ---- | C] () -- C:\WINDOWS\PRLTP_USBdrv.ini
[2008/02/17 12:19:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/27 11:05:45 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/27 04:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/06/27 01:39:51 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/27 01:39:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/06/27 01:38:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/06/27 01:24:56 | 000,040,960 | ---- | C] () -- C:\Programmi\Uninstall_CDS.exe
[2007/06/27 01:11:48 | 000,000,269 | R--- | C] () -- C:\WINDOWS\Dit.INI
[2007/06/27 01:07:02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/27 01:07:02 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/27 01:04:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/06/27 01:03:10 | 000,004,587 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/06/27 01:03:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/27 00:57:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/06/26 13:01:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/26 12:57:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/26 11:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/26 11:39:16 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 08:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 08:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 08:43:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 08:43:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 08:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 08:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 08:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 08:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 08:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 08:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/16 11:41:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ClearLogonCredentials.dll
[2006/03/02 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 07:00:00 | 000,482,092 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2006/03/02 07:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 07:00:00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2006/03/02 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 07:00:00 | 000,080,696 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2006/03/02 07:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 07:00:00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2006/03/02 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 04:49:16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2013/12/04 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\AVAST Software
[2013/10/06 16:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\calibre
[2012/07/29 14:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\CheckPoint
[2013/12/08 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/12/08 16:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\EAC
[2013/05/17 01:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\FairStars CD Ripper
[2013/05/17 02:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\foobar2000
[2011/11/19 08:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Foxit
[2012/09/01 13:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\LaunchPad
[2012/01/15 06:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Lombardia Integrata
[2012/07/29 14:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
[2013/12/08 16:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PlatinumHideIP
[2013/08/15 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\REAPER
[2013/07/31 17:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\renault
[2013/06/12 17:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Anvsoft
[2013/12/04 05:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/07/29 14:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CheckPoint
[2012/03/25 11:07:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2013/12/08 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\C__Programmi_PlatinumHideIP_PlatinumHideIP.exe
[2012/01/15 06:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Lombardia Integrata
[2012/07/29 14:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2007/06/27 04:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\muvee Technologies
[2013/08/10 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2013/08/10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Plus
[2013/08/10 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate Collection
[2013/12/08 16:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlatinumHideIP
[2013/08/10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Studio 15
[2014/03/05 14:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2014/03/05 14:18:30 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A31FAD21
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C31F31E6
< End of report >

Ok lo faccio subito, poi ti farò sapere.

r16, ma questo è un OTL live CD?

Grazie, ciao :)

---

Ciao Mitico.
Sì è un OTL CD live.
Serve sopratutto per XP, quando si verificano casi come questi.
Vista, Win 7 o 8 permettono altre soluzioni, agendo sulle "Opzioni di ripristino avanzate", in cui è possibile scaricare in una chiavetta un programma (FRST) che ha più o meno le stesse funzioni di OTL.
Non si deve masterizzare niente, questo è l'unico vantaggio.

@cronos66:
Il log di OTL non presenta infezioni attive.
Fai queste pulizie:

Apri OTL e clicca su CleanUP.
Si disinstallerà OTL.
Ti chiederà il riavvio del pc: acconsenti.

Al riavvio fai una pulizia con CCleaner. (registro compreso)

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Svuota il cestino.

Sempre con CCleaner:
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".

N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.

Malwarebytes tienilo installato, per eventuali casi futuri. (tienilo aggiornato)
Per quello che serve, (poco) puoi disinstallare SpyBot.

Se il pc funziona bene, abbiamo concluso.