Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer bloccato su schermata polizia di stato, virus??

computer bloccato su schermata polizia di stato, virus?? Opzioni
Topic Precedente · Topic Sucessivo
farenzi
Inviato: Saturday, September 28, 2013 4:11:35 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Buonasera a tutti cortesemente chiedo aiuto..il computer mi si blocca subito dopo l'avvio su una schermata riportante i loghi della polizia di stato e carabinieri con relativo avviso che ho scaricato contenuti pedopornografici ecc..ecc.. e mi si chiede il pagamento di 100 euro per lo sblocco.
ho letto nel forum alcuni post a riguardo ma non ho capito bene come cercare di risolvere il problema, ho scaricato adwcleaner OTL e Combofix ma non so come utilizzarli.
Premetto che in questo momento sto utilizzando il computer in modalità provvisoria con rete, riesco ad avviarlo in modalità provvisoria solo dal profilo ADMINISTRATOR, il mio sistema operativo è windowsXP media center edition service pack3. Cosa posso fare per cercare di risolvere il problema?
Torna in alto
 
Sponsor
Inviato: Saturday, September 28, 2013 4:11:35 PM

 
Torna in alto
 
r16
Inviato: Saturday, September 28, 2013 4:25:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Commenta:
ho scaricato adwcleaner OTL e Combofix

Per poterti aiutare avrei bisogno di vedere i log di Combofix, e sopratutto di OTL.

Per OTL:
Metti la spunta su SCAN ALL USERS.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.
Posta il log che rilascia sul desktop. (OTL.txt)
Torna in alto
 
pidue
Inviato: Saturday, September 28, 2013 5:11:59 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Se riesci a entrare in modalità provvisoria, potrebbe bastare un ripristino configurazione di sistema.
Altrimenti avvia in modalità provvisoria con rete, scarica MBAM, fai una scansiona completa e ti liberi del virus.
Parlo per esperienza diretta.
Torna in alto
 
farenzi
Inviato: Saturday, September 28, 2013 5:19:43 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Posto i Log:

Log di Combo

ComboFix 13-09-26.03 - Administrator 28/09/2013 16.48.45.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.628 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {7698207D-2870-003E-AC1D-9876381E9876}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\luigina\Application Data\data.dat
c:\windows\IsUn0410.exe
c:\windows\wininit.ini
.
La copia infetta di c:\windows\system32\userinit.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-08-28 al 2013-09-28 )))))))))))))))))))))))))))))))))))
.
.
2013-09-28 12:07 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{5181C797-1DE5-4037-85F9-AA90E367A3CE}\mpengine.dll
2013-09-28 11:53 . 2013-09-28 11:55 -------- d-----w- C:\AdwCleaner
2013-09-28 11:35 . 2013-09-28 11:35 602112 ----a-w- c:\programmi\OTL.exe
2013-09-28 11:33 . 2013-09-28 11:33 5129766 ------r- c:\programmi\ComboFix.exe
2013-09-28 11:19 . 2013-09-28 11:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-09-27 14:58 . 2013-09-27 14:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-09-27 10:51 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-20 19:04 . 2013-09-20 19:04 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
2013-09-14 21:37 . 2013-09-14 21:37 -------- d-----w- c:\documents and settings\luigina\Impostazioni locali\Dati applicazioni\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2013-09-14 21:37 . 2013-09-14 21:48 -------- d-----w- c:\programmi\EasyNota
2013-09-14 21:14 . 2013-09-14 21:51 -------- d-----w- c:\programmi\Nota Iscrizione Ruolo
2013-09-14 21:14 . 2013-09-14 21:14 -------- d--h--w- c:\programmi\Zero G Registry
2013-09-14 21:13 . 2013-09-14 21:13 -------- d--h--w- c:\documents and settings\luigina\InstallAnywhere
2013-09-09 10:49 . 2013-09-09 10:49 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2013-09-09 10:49 . 2013-09-09 10:49 96000 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-09-09 10:49 . 2013-09-09 10:49 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-09-09 10:49 . 2013-09-09 10:49 76544 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-09-09 10:49 . 2013-09-09 10:49 70272 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-09-09 10:49 . 2013-09-09 10:49 27520 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-09-09 10:49 . 2013-09-09 10:49 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-09-09 10:49 . 2013-09-09 10:49 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-09-09 10:49 . 2013-09-09 10:49 249472 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-09-09 10:49 . 2013-09-09 10:49 199168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-09-09 10:49 . 2013-09-09 10:49 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-09-09 10:49 . 2013-09-09 10:49 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-09 10:49 . 2013-07-30 15:35 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2013-09-09 10:49 . 2013-07-30 15:35 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-08-09 01:56 . 2006-04-11 04:00 391168 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2006-04-11 04:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2006-04-11 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-04-11 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-04-11 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-04-11 04:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:03 . 2006-04-11 04:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-04-11 04:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-30 17:20 . 2013-07-30 17:20 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-07-10 10:37 . 2006-04-11 04:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2006-04-11 04:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:34 . 2006-04-11 04:00 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-06 20:03 . 2011-07-23 14:58 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ModemListener"="c:\programmi\HSPA USB MODEM\ModemListener.exe" [2011-03-21 98304]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2011-10-24 421888]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R2 DeviceManager;DeviceManager;c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start --> c:\programmi\File comuni\DeviceHelper\DeviceManager.exe -start [?]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe [14/03/2011 17.27.28 271712]
R2 TeamViewer8;TeamViewer 8;c:\programmi\TeamViewer\Version8\TeamViewer_Service.exe [04/06/2013 17.03.06 4150112]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [09/09/2013 12.49.56 76544]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\programmi\Mobile Partner\UpdateDog\ouc.exe [09/09/2013 12.49.30 657504]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [09/09/2013 12.49.56 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [09/09/2013 12.49.56 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09/09/2013 12.49.56 249472]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [09/09/2013 12.49.56 96000]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [09/09/2013 12.49.56 70272]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [09/09/2013 12.49.56 27520]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [12/09/2011 13.26.32 105344]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e862f32-03d6-11e2-8b61-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e862f33-03d6-11e2-8b61-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{269da596-fa17-11e2-8bb8-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40b93262-1492-11e3-8bcf-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e3c16d4-f92d-11e2-8bb7-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e3c16d8-f92d-11e2-8bb7-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e3c16d9-f92d-11e2-8bb7-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794bc42e-0d88-11e3-8bce-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794bc42f-0d88-11e3-8bce-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e8b70e-ac9b-11e1-8b49-0018de7b8507}]
\Shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80e8b710-ac9b-11e1-8b49-0018de7b8507}]
\Shell\AutoRun\command - D:\setup_vmc_lite.exe /checkApplicationPresence
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc6ef906-03d3-11e2-8b60-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc6ef907-03d3-11e2-8b60-0018de7b8507}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec39885b-b870-11e0-8ac3-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 21:05 1177552 ----a-w- c:\programmi\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-07-30 16:59]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-07-30 16:59]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9120821AS_5PL2HQYXXXXX5PL2HQYX&ts=1380361698
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: desiderya.it\www
Trusted Zone: facebook.it\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\luigina\Application Data\Mozilla\Firefox\Profiles\u1ga21e1.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&installDate=30/07/2013&q=
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 7c629d400000000000000018de7b8507
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15870
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.85:39
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - baseyh
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-WinZipper - c:\programmi\WinZipper\eUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-28 16:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@??????_??????`?@?????L?@
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): Impossibile accedere al file. Il file è utilizzato da un altro processo.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WININET.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1040\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\DeviceHelper\DeviceManager.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\documents and settings\All Users\Dati applicazioni\Mobile Partner\OnlineUpdate\ouc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2013-09-28 16:58:27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-09-28 14:58
.
Pre-Run: 68.165.185.536 byte disponibili
Post-Run: 67.461.586.944 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 59F2E99C6ED3DA9AEA0F0C13D5F7CFE8



di seguito il Log di OTL:

OTL logfile created on: 28/09/2013 17.05.28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1013,98 Mb Total Physical Memory | 723,66 Mb Available Physical Memory | 71,37% Memory free
2,39 Gb Paging File | 2,18 Gb Available in Paging File | 91,47% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 103,15 Gb Total Space | 63,85 Gb Free Space | 61,90% Space Free | Partition Type: NTFS
Drive D: | 124,01 Mb Total Space | 123,99 Mb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: PC325001779223 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/28 13.35.44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/06/20 18.05.14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/10 09.57.38 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
MOD - [2011/03/17 00.11.16 | 004,297,568 | ---- | M] () -- C:\Programmi\File comuni\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/09 12.49.07 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Programmi\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2013/06/20 18.05.14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programmi\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/13 11.17.51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programmi\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/06 22.03.53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/04 17.18.14 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/20 14.28.48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/14 17.27.28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/08/27 16.04.32 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2010/01/09 21.37.50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21.18.00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008/05/30 12.32.16 | 000,572,416 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/06/12 13.27.28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 16.52.06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/10/25 09.34.24 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/10/22 03.24.18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/09/09 12.49.19 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2013/09/09 12.49.19 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/09/09 12.49.19 | 000,070,272 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2013/09/09 12.49.19 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2013/09/09 12.49.19 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2013/09/09 12.49.18 | 000,249,472 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/09/09 12.49.18 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/09/09 12.49.18 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/08/27 16.04.42 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2009/06/22 13.48.44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 16.02.52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/09/17 15.53.26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/06/02 17.02.36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 22.05.02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 19.06.24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/04/20 18.03.20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 18.02.40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 18.02.36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/12/22 19.02.22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 22.28.32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 20.08.00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 14.24.20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14.24.10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14.23.52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 08.31.34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=hp&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=hp&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013

IE - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=presario&pf=laptop
IE - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/06/06 22.03.56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/08/20 17.28.22 | 000,000,000 | ---D | M]

[2013/06/04 17.17.46 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/06/06 22.03.55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2013/06/06 22.03.47 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2013/09/28 16.53.46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ModemListener] C:\Programmi\HSPA USB MODEM\ModemListener.exe ()
O4 - HKLM..\Run: [MSC] c:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1453450853-2149808248-4209760548-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Cerca con Google - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Traduci parola in italiano - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Link a ritroso - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Pagine simili - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Versione cache della pagina - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311407587343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311407798734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC3DCE5-C72A-4367-B3B2-A8068E040B7A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Digicode.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Digicode.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/28 17.05.09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/28 16.52.29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/28 16.47.21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/28 16.45.25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/28 16.45.25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/28 16.45.25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/28 16.45.25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/28 16.41.02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/28 16.40.58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Documenti\Video
[2013/09/28 16.40.58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Strumenti di amministrazione
[2013/09/28 16.40.32 | 005,129,766 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/09/28 13.53.31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/28 13.35.35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Programmi\OTL.exe
[2013/09/28 13.33.52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/28 13.33.18 | 005,129,766 | R--- | C] (Swearware) -- C:\Programmi\ComboFix.exe
[2013/09/28 13.19.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Adobe
[2013/09/28 13.19.53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2013/09/28 11.55.44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/27 16.58.58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/09/20 21.04.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth
[2013/09/14 23.38.48 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/09/14 23.38.48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/09/14 23.38.48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/09/14 23.37.05 | 000,000,000 | ---D | C] -- C:\Programmi\EasyNota
[2013/09/14 23.14.15 | 000,000,000 | -H-D | C] -- C:\Programmi\Zero G Registry
[2013/09/14 23.14.15 | 000,000,000 | ---D | C] -- C:\Programmi\Nota Iscrizione Ruolo
[2013/09/09 12.50.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mobile Partner
[2013/09/09 12.49.56 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/09/09 12.49.56 | 000,249,472 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/09/09 12.49.56 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/09/09 12.49.56 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/09/09 12.49.56 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/09/09 12.49.56 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/09/09 12.49.56 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/09/09 12.49.56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2013/09/09 12.49.56 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/09/09 12.49.56 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/09/09 12.49.56 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2013/09/09 12.49.56 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/28 17.02.54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/28 16.55.00 | 000,001,611 | ---- | M] () -- C:\hpqp.ini
[2013/09/28 16.53.54 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2013/09/28 16.53.46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/28 16.53.37 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/28 16.47.25 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/09/28 14.04.01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/28 13.57.47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/28 13.56.31 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/28 13.53.30 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/09/28 13.35.44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Programmi\OTL.exe
[2013/09/28 13.35.44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/28 13.33.44 | 005,129,766 | R--- | M] (Swearware) -- C:\Programmi\ComboFix.exe
[2013/09/28 13.33.44 | 005,129,766 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2013/09/27 12.40.42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/21 17.30.22 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/09/14 21.59.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/09 12.50.42 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobile Partner.lnk
[2013/09/09 12.49.20 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2013/09/09 12.49.19 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/09/09 12.49.19 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/09/09 12.49.19 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/09/09 12.49.19 | 000,070,272 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/09/09 12.49.19 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/09/09 12.49.19 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2013/09/09 12.49.18 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2013/09/09 12.49.18 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2013/09/09 12.49.18 | 000,249,472 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/09/09 12.49.18 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/09/09 12.49.18 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/09/09 12.49.18 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/09/09 12.49.18 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/28 16.47.25 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013/09/28 16.47.22 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013/09/28 16.45.25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/28 16.45.25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/28 16.45.25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/28 16.45.25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/28 16.45.25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/28 13.56.31 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/28 13.53.04 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2013/09/09 12.50.42 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobile Partner.lnk
[2013/06/04 16.39.24 | 000,126,322 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2013/06/04 16.39.24 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2012/09/21 12.39.42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2006/06/29 11.18.16 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== ZeroAccess Check ==========

[2006/06/29 11.06.54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 18.06.41 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


Grazie per l'aiuto
Torna in alto
 
r16
Inviato: Saturday, September 28, 2013 8:23:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Dovresti poter accedere in Modalità normale.

Se sì :
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=hp&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=hp&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=IT&userid=bbf5a640-34c6-45d6-8d15-bdc5b54d8d80&searchtype=ds&q={searchTerms}&installDate=30/07/2013

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.

Poi:
Scarica TDSSKiller sul desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Fai doppio clik su TDSSKiller.exe
Clicca su:
Change parameters.
Metti la spunta su "detect tdlfs file system" e "verify file digital signature"
Clicca OK.
Poi clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà "skip",clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui.

Ti pregherei di postare i log in questo modo:
Collegati ad internet e vai alla pagina WikiSend:
http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Torna in alto
 
farenzi
Inviato: Sunday, September 29, 2013 11:30:29 AM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13

Questo è il Link, spero di aver fatto fatto tutto giusto:

TDSSKiller.2.8.16.0_29.09.2013_11.14.19_log.txt

Grazie mille!!
Torna in alto
 
r16
Inviato: Sunday, September 29, 2013 11:47:22 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
spero di aver fatto fatto tutto giusto:

Hai fatto giusto.
Però mi manca il log delle eliminazioni di OTL.

Fai anche questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser, (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui (sempre con Wikisend).
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer bloccato su schermata polizia di stato, virus??


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.