Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Istartfurf come si puo' eliminare Opzioni
mare10
Inviato: Monday, November 02, 2015 6:12:09 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Salve
Mi sono ritrovato ISTARTFURF come pagina iniziale 3e l'ho tolto rimettendo Google.
Pero' torna.
Come posso eliminarlo? Premetto che in pannello di controllo non esiste, in ccleaner neppure, con cerca idem.
Grazie a tutti.
Saluti
Sponsor
Inviato: Monday, November 02, 2015 6:12:09 PM

 
wolfestein
Inviato: Monday, November 02, 2015 6:38:38 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,954
mare10 ha scritto:
Salve
Mi sono ritrovato ISTARTFURF come pagina iniziale 3e l'ho tolto rimettendo Google.
Pero' torna.
Come posso eliminarlo? Premetto che in pannello di controllo non esiste, in ccleaner neppure, con cerca idem.
Grazie a tutti.
Saluti

Prova ADWCleaner lo trovi QUI dopo averlo lanciato clicca su Scansione(Scan) terminata la scansione clicca su Pulisci(Clean) alla fine ti chiederà di riavviare il computer,dopo il riavvio ti rilascerà un log postalo qui.
mare10
Inviato: Tuesday, November 03, 2015 10:25:21 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Eccomi con il log.
Ti ringrazio.
Ciao

# AdwCleaner v5.016 - Creato file registro eventi 03/11/2015 in 10:19:17
# Aggiornato 01/11/2015 da Xplode
# Database : 2015-11-01.2 [Server]
# Sistema operativo : Microsoft Windows XP Service Pack 3 (x86)
# Nome utente : Administrator - GIUSEPPE
# In esecuzione da : C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download\adwcleaner_5.016.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****

[-] Cartella Eliminato : C:\Documents and Settings\Administrator.GIUSEPPE\Menu Avvio\Programmi\Free Registry Cleaner

***** [ File ] *****

[-] File Eliminato : C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
[-] File Eliminato : C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****

[-] Chiave Eliminata : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C875948-9C60-4381-9248-0DF180542D53}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{54E67346-EE5A-45B6-82AA-4F0BB28C79C2}]
[-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Chiave Non Eliminata : HKU\S-1-5-21-1123561945-1229272821-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Browser web ] *****

[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\prefs.js] [Preference] Eliminata : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\prefs.js] [Preference] Eliminata : user_pref("browser.search.defaultenginename", "istartsurf");
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\prefs.js] [Preference] Eliminata : user_pref("browser.search.selectedEngine", "istartsurf");
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\prefs.js] [Preference] Eliminata : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\prefs.js] [Preference] Eliminata : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : sweet-page.com
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : sweet-page
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : search provided by yahoo.com
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : istartsurf
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Eliminato : hxxp://www.istartsurf.com/?type=hp&ts=1446281123&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Eliminato : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Eliminato : hxxp://www.istartsurf.com/web/?type=ds&ts=1446281123&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX&q={searchTerms}
[-] [C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Chromium\User Data\Default\Secure Preferences] [Homepage] Eliminato : hxxp://it.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_22&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dit%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0FtA0AtBtCtAtAzytAzyyDyEzztN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0DyDtCtCyDyD0EtGtCzy0D0FtGyC0AzzyBtGyCtD0DzztGzy0AzytBtDyEzz0BtCtB0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEzyzytCyC0CtAtG0Czy0EyDtGyEzytA0CtGzztB0E0EtGyBtA0DyC0A0D0DtC0B0B0Dzy2QtN0A0LzuyE%26cr%3D1416966040%26a%3Dwncy_ir_15_22%26os%3DWindows XP%26uref%3Dchmm

*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

########## EOF - C:\AdwCleaner\AdwCleaner[C63].txt - [8331 byte] ##########
wolfestein
Inviato: Tuesday, November 03, 2015 5:10:44 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,954
Ora la pagina iniziale del browser è stabile?
ADWCleaner ha eliminato un bel pò di schifezze cerca di fare attenzione a cio che scarichi e installi sul pc;controlla passo passo le fasi d'installazione di ogni programma.
Se hai ancora problemi fai una scansione con Malwarebytes aggiornato e con HijackThis e posta i loro log.
P.S.Chiedo cortesemente agli esperti di questa sezione di dare un responso ai log di MBAM e Hijack qualora mare10 li postasse,la mia esperienza in questo campo è limitata.
Grazie.
mare10
Inviato: Tuesday, November 03, 2015 6:43:22 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ti ringrazio. Ho ricontrollato ed ho visto ancora Istarturf.
Ho fatto una scansione con antimalware ed sparito per poi ritornare alla successiva accensione.
Provo con HijackThis e lo postero.
Ringrazio te per 'interessamento e gli esperti che vorranno gentilmente darmi una mano.
Ciao e a presto.
mare10
Inviato: Tuesday, November 03, 2015 6:50:31 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ecco il log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18.49.19, on 03/11/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

FIREFOX: 41.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\AVG\Av\avgui.exe
C:\Programmi\AVG\Framework\Common\avguix.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\AVG\Av\avgidsagent.exe
C:\Programmi\AVG\Framework\Common\avgsvcx.exe
C:\Programmi\AVG\Av\avgwdsvcx.exe
C:\Programmi\AVG\Av\avgcsrvx.exe
C:\Programmi\AVG\Av\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\Av\avgrsx.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={F9887EC7-EEE1-4746-B73C-3A9223B5C303}&mid=Unknown&lang=it&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 13:45:28&v=4.1.6.294&pid=wtu&sg=&sap=hp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\Av\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AvgUi] "C:\Programmi\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Photos Backup] "C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\Framework\Common\avgsvcx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\Av\avgwdsvcx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6798 bytes
wolfestein
Inviato: Tuesday, November 03, 2015 7:25:52 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,954
Aspettando qualcuno più esperto di me proverei a rifare le scansioni disattivando il ripristino di sistema spesso questi fetentoni si appoggiano ad esso per rigenerarsi.
Se dopo le scansioni tutto è ok riattiva il ripristino e creati un nuovo punto.
mare10
Inviato: Tuesday, November 03, 2015 9:16:20 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Come faccio a disattivare il ripristino del sistema?
shapiro
Inviato: Tuesday, November 03, 2015 9:38:57 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Commenta:
Come faccio a disattivare il ripristino del sistema?



questo lo facciamo dopo, ora fai questa scansione

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali = > qui
blackmanba
Inviato: Tuesday, November 03, 2015 10:58:05 PM

Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 810
ciao
cosa ne dici di eliminare (fixare) subito
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={F9887EC7-EEE1-4746-B73C-3A9223B5C303}&mid=Unknown &lang=it&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 13:45:28&v=4.1.6.294&pid=wtu&sg=&sap=hp
e poi i verificare ed eliminare
O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [Google Photos Backup] "C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart (User 'SYSTEM')
mare10
Inviato: Wednesday, November 04, 2015 10:36:07 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ho i due log ma non so come fare per caricarli dove hai detto tu.
Potresti spiegarmelo?
Scusa se approfitto ma non vorrei sbagliare.
A presto.
Grazie
shapiro
Inviato: Wednesday, November 04, 2015 11:52:43 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


per allegare i log vai qui = > http://wikisend.com/ e clicca su ''sfoglia''

seleziona il file di testo, clicca su ''apri'' e poi su ''upload file''

copia il primo link e incollalo nel forum
mare10
Inviato: Wednesday, November 04, 2015 3:28:05 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
eccoti il primo.
Cosa faccio adesso?


OTL logfile created on: 04/11/2015 10.09.39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1014,36 Mb Total Physical Memory | 188,11 Mb Available Physical Memory | 18,54% Memory free
2,38 Gb Paging File | 1,60 Gb Available in Paging File | 67,13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 119,16 Gb Total Space | 82,77 Gb Free Space | 69,47% Space Free | Partition Type: NTFS
Drive E: | 29,89 Gb Total Space | 27,30 Gb Free Space | 91,34% Space Free | Partition Type: NTFS

Computer Name: GIUSEPPE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Download\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\Av\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVG\UiDll\2171\libcef.dll ()
MOD - C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\ssp7ml3.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgsvc) -- C:\Programmi\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Programmi\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AvgAMPS) -- C:\Programmi\AVG\Av\avgamps.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Programmi\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (LiveUpdateSvc) -- C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (esgiguard) -- C:\Programmi\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (DgiVecp) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\ADMINI~1.GIU\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes)
DRV - (AVGIDSDriverl) -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys (IObit)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (winbondhidcir) -- C:\WINDOWS\system32\drivers\winbondhidcir.sys (Winbond Electronics Corporation)
DRV - (hidshim) -- C:\WINDOWS\system32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={F9887EC7-EEE1-4746-B73C-3A9223B5C303}&mid=Unknown&lang=it&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-17 13:45:28&v=4.1.6.294&pid=wtu&sg=&sap=hp
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..browser.search.searchengine.alias: "istartsurf"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.iconURL: "http://www.istartsurf.com/favicon.ico"
FF - prefs.js..browser.search.searchengine.name: "istartsurf"
FF - prefs.js..browser.search.searchengine.ptid: "cor"
FF - prefs.js..browser.search.searchengine.uid: "HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX"
FF - prefs.js..browser.search.searchengine.url: "http://www.istartsurf.com/web/?type=ds&ts=1446281123&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmi\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programmi\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2015/10/16 09.21.43 | 000,000,000 | ---D | M]

[2014/10/31 22.38.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Extensions
[2015/11/02 18.44.18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\extensions
[2015/09/25 08.51.22 | 000,962,762 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/09/13 09.44.43 | 000,002,669 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Mozilla\Firefox\Profiles\vyyvybes.default-1433060963171\searchplugins\Google.xml
[2015/10/16 09.21.35 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2015/10/16 09.22.33 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2014/09/22 11.50.05 | 000,450,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Programmi\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgUi] C:\Programmi\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Google Photos Backup] C:\WINDOWS\System32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Google, Inc)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Google Photos Backup] C:\WINDOWS\System32\config\systemprofile\Impostazioni locali\Dati applicazioni\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Google, Inc)
O4 - HKU\S-1-5-21-1123561945-1229272821-1417001333-500..\Run: [PC Suite Tray] C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1229272821-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5F56618-8703-499C-9488-908C3F249C8D}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/05 08.13.00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2015/10/31 10.37.46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Recent
[2015/10/31 09.52.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\Opera Software
[2015/10/31 09.52.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Opera Software
[2015/10/31 09.48.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
[2015/10/31 09.48.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Shortcut
[2015/10/31 09.45.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Nico Mak Computing
[2015/10/26 09.41.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\Noi da Tiziana e Mario 25-10-15
[2015/10/25 23.40.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\AVG
[2015/10/25 23.19.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\AvgSetupLog
[2015/10/16 09.21.35 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2015/09/13 09.42.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
[2015/09/13 09.42.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Lavasoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2015/11/04 10.10.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/11/04 10.04.54 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Collegamento a OTL.lnk
[2015/11/04 07.55.15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/11/04 07.50.08 | 000,639,710 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2015/11/04 07.50.07 | 000,586,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015/11/04 07.50.07 | 000,126,686 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2015/11/04 07.50.07 | 000,107,402 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015/11/04 07.46.03 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/11/04 07.45.07 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/11/04 07.45.07 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
[2015/11/04 07.44.55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/11/03 18.34.49 | 000,013,951 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Nuovo OpenDocument Text.odt
[2015/11/03 10.11.29 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/11/02 18.44.37 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/02 18.44.37 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2015/11/02 18.44.37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2015/11/02 18.44.36 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2015/11/02 18.44.36 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2015/11/02 18.44.36 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
[2015/11/02 18.44.32 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Outlook Express.lnk
[2015/11/02 18.44.31 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Google Earth.lnk
[2015/11/02 18.44.31 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Internet Explorer.lnk
[2015/11/02 18.44.30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Auslogics DiskDefrag.lnk
[2015/11/02 18.44.30 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Eusing Free Registry Cleaner.lnk
[2015/10/31 09.48.05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Sunday.job
[2015/10/31 09.48.05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Saturday.job
[2015/10/31 09.47.05 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/31 09.46.40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/10/29 13.50.38 | 000,032,593 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\da mia posta.odt
[2015/10/27 12.25.24 | 000,016,439 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Proemoria.odt
[2015/10/19 14.51.34 | 000,112,992 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_4.pdf
[2015/10/19 14.51.34 | 000,070,373 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_6.pdf
[2015/10/19 14.51.34 | 000,067,135 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_8.pdf
[2015/10/19 14.51.34 | 000,060,762 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_2.pdf
[2015/10/19 14.51.34 | 000,060,641 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_5.pdf
[2015/10/19 14.51.34 | 000,059,518 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_9.pdf
[2015/10/19 14.51.34 | 000,054,043 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_3.pdf
[2015/10/19 14.51.34 | 000,053,384 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_7.pdf
[2015/10/19 14.51.34 | 000,052,660 | ---- | M] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_1.pdf
[2015/10/17 19.55.15 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/10/17 19.55.15 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/10/05 08.50.10 | 000,121,560 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2015/10/05 08.50.04 | 000,023,256 | ---- | M] (Malwarebytes) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Dati applicazioni\*.tmp files -> C:\Documents and Settings\All Users\Dati applicazioni\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/11/04 10.04.54 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Collegamento a OTL.lnk
[2015/10/31 09.48.05 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Sunday.job
[2015/10/31 09.48.04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Saturday.job
[2015/10/31 09.47.05 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/29 13.50.38 | 000,032,593 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\da mia posta.odt
[2015/10/29 09.17.47 | 000,013,951 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Nuovo OpenDocument Text.odt
[2015/10/25 23.38.05 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
[2015/10/19 14.51.34 | 000,112,992 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_4.pdf
[2015/10/19 14.51.34 | 000,070,373 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_6.pdf
[2015/10/19 14.51.34 | 000,067,135 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_8.pdf
[2015/10/19 14.51.34 | 000,060,762 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_2.pdf
[2015/10/19 14.51.34 | 000,060,641 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_5.pdf
[2015/10/19 14.51.34 | 000,059,518 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_9.pdf
[2015/10/19 14.51.34 | 000,054,043 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_3.pdf
[2015/10/19 14.51.34 | 000,053,384 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_7.pdf
[2015/10/19 14.51.34 | 000,052,660 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Documenti\EnelEnergia_UMAEL6929696_1.pdf
[2015/09/13 09.41.22 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Desktop\Auslogics DiskDefrag.lnk
[2015/02/17 11.30.48 | 000,016,000 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Proemoria.odt
[2014/10/31 22.45.21 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator.GIUSEPPE\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/12 15.00.50 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\STSWCAD.ini
[2014/07/19 15.57.46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2014/07/19 15.57.46 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2014/07/19 15.57.46 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2014/07/19 15.57.43 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2014/07/19 15.49.09 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2014/07/19 11.12.40 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2014/07/19 11.06.49 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2014/07/19 11.06.49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\PLFSetI.exe
[2014/07/19 11.06.49 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2014/07/18 20.23.38 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2014/07/17 16.39.21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/28 11.06.05 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\WBPU-TTL.DAT
[2013/12/28 11.06.04 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dati applicazioni\WB.CFG

========== ZeroAccess Check ==========

[2011/04/15 16.33.12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2014/02/25 04.30.52 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/10/31 18.10.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\AVAST Software
[2015/05/29 12.41.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\0U1E1Q1T2Z1P0S2Z1T1C
[2014/12/29 17.23.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Auslogics
[2015/10/25 23.40.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\AVG
[2014/11/01 08.30.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Eusing
[2015/01/12 15.50.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\IObit
[2015/10/31 10.00.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Nico Mak Computing
[2014/12/17 19.34.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Nokia
[2014/11/01 16.21.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\OpenOffice
[2015/10/31 09.52.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Opera Software
[2014/12/30 11.20.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Oracle
[2014/12/17 19.28.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\PC Suite
[2014/12/29 16.57.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\ProductData
[2015/10/31 09.48.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Shortcut
[2014/11/04 15.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\Thunderbird
[2012/10/13 09.36.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\TuneUp Software
[2013/03/22 10.53.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\16F
[2011/04/05 10.15.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2014/01/28 13.52.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AppsWatcher
[2015/09/13 09.43.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Auslogics
[2015/06/09 20.11.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2015/10/25 23.35.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2015/07/17 12.45.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG Web TuneUp
[2014/04/08 23.13.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2014
[2015/10/26 08.57.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2015
[2011/04/06 18.02.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2014/07/19 15.47.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Broadcom
[2011/04/06 18.06.52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2015/04/10 18.11.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IM
[2015/04/10 18.10.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
[2014/09/26 22.43.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2015/01/12 15.50.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit
[2015/11/04 07.50.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2015/05/03 17.06.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NokiaInstallerCache
[2015/08/31 08.32.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Oracle
[2014/09/26 22.51.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2015/04/10 18.11.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Photo Notifier and Animation Creator
[2015/11/02 08.40.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ProductData
[2013/12/26 14.36.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2012/01/22 18.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
[2012/01/21 12.33.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZipEC
[2014/02/22 19.08.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2012/01/29 20.50.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/12/29 16.56.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[2012/10/13 09.36.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dati applicazioni\TuneUp Software
[2012/12/16 19.18.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Adblock Pro
[2011/09/21 14.34.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Auslogics
[2011/04/06 18.07.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG10
[2011/11/25 17.52.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG2012
[2012/10/04 18.25.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG2013
[2014/04/06 20.01.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\AVG2014
[2013/11/18 20.35.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Dropbox
[2012/08/24 19.22.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\EmoticoonsToolbar
[2014/02/13 19.22.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Eusing
[2014/02/22 19.17.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\IObit
[2014/09/26 22.53.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Nokia
[2013/10/14 17.45.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\OpenOffice
[2011/04/05 18.26.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\OpenOffice.org
[2012/07/29 23.19.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Oracle
[2014/09/26 22.51.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\PC Suite
[2013/02/26 16.36.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\Spotflux
[2013/10/12 13.05.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\SumatraPDF
[2012/12/22 20.49.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxDati applicazioni\Thunderbird
[2012/10/04 18.23.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\TuneUp Software
[2011/06/05 17.44.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Dati applicazioni\uTorrent
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\AVG Secure Search
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\AVG2013
[2012/11/14 10.32.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dati applicazioni\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:AD022376

< End of report >
cbbusto
Inviato: Wednesday, November 04, 2015 4:13:57 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, istartsurf si trova in Firefox, shapiro ti preparerà uno script con le eliminazioni da fare, hai anche altre porcherie, c'è anche Tuneup da eliminare che crea solo impicci.
Per conto mio è da eliminare anche mysearch.avg.com, pericoloso.
Senti shapiro cosa dice. Speak to the hand
mare10
Inviato: Wednesday, November 04, 2015 4:20:39 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Ringrazio te e Shapiro per la gentilezza.
Non sapevo di averlo su Firefox, pensavo di averlo sul chrome perche' quando lo accendo si aprono due finestrelle con le rotelle che girano e poi sulla prima esce Google e sulla seconda invece Istarsurf.
Comunque vi ringrazio ed eliminero' tutto quello che mi verra' detto.
A presto.
Ciao
cbbusto
Inviato: Wednesday, November 04, 2015 5:25:56 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
mare10 ha scritto:
Ringrazio te e Shapiro per la gentilezza.
Non sapevo di averlo su Firefox, pensavo di averlo sul chrome perche' quando lo accendo si aprono due finestrelle con le rotelle che girano e poi sulla prima esce Google e sulla seconda invece Istarsurf.
Comunque vi ringrazio ed eliminero' tutto quello che mi verra' detto.
A presto.
Ciao


In Chrome ci sono solo estensioni senza nome, che andranno tolte tutte.
In firefox sono queste voci memorizzate nella cartella del profilo:
prefs.js..browser.search.searchengine.alias: "istartsurf"
prefs.js..browser.search.searchengine.iconURL: "http://www.istartsurf.com/favicon.ico"
prefs.js..browser.search.searchengine.name: "istartsurf"


Devi stare molto attento quando navighi, il nemico è sempre dietro l'angolo ??? Brick wall Brick wall

Comunque non ti allarmare non è niente di pericoloso, si tratta di uno dei tanti Browser Hijacker, ovvero software malevoli che sono in grado di modificare, in modo non voluto dall’utente, le normali impostazioni dei browser e ti portano pubblicità, uno scocciatore intrigante.
mare10
Inviato: Wednesday, November 04, 2015 7:02:26 PM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Faccio sempre la massima attenzione perche' ho paura di imbarcare porcherie e rompere il pc.
Questo e' un vecchio Xp ma che ancora egregiamente il suo dovere.
Per fortuna ho il tanto amato Aiutamici nelle persone gentili, pazienti e competenti come voi.
Continuo a dirlo a chi conosco perche' siete veramente preziosi.
Vi ringraziero' sempre.
A presto.
Ciao
shapiro
Inviato: Wednesday, November 04, 2015 8:46:33 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Disattiva temporaneamente l'antivirus


fai una scansione con questo tool



clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt

poi

riesegui una nuova scansione con otl e allega i due rapporti ( non confondere il vecchio log di otl col nuovo, mi raccomando

mare10
Inviato: Thursday, November 05, 2015 11:08:22 AM
Rank: AiutAmico

Iscritto dal : 7/8/2013
Posts: 699
Questo e' il primo. Adesso faccio il secondo

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 05/11/2015 at 10.54.33,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\iobit\driver booster
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\lavasoft\web companion
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\nico mak computing
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\productdata
Successfully deleted: [Folder] C:\Programmi\eusing free registry cleaner
Successfully deleted: [Folder] C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\0U1E1Q1T2Z1P0S2Z1T1C



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator.GIUSEPPE\Dati applicazioni\mozilla\firefox\profiles\vyyvybes.default-1433060963171\prefs.js

user_pref(browser.search.searchengine.alias, istartsurf);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.istartsurf.com/favicon.ico);
user_pref(browser.search.searchengine.name, istartsurf);
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, HitachiXHTS542516K9SA00_071228BB0C00WGC0M4RCX);
user_pref(browser.search.searchengine.url, hxxp://www.istartsurf.com/web/?type=ds&ts=1446281123&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cor&uid=HitachiXHTS542516K



~~~ Chrome


[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Administrator.GIUSEPPE\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2015 at 11.00.26,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.