pc lento

brunella2 · 4 Dicembre 2012

ciao a tutti da un po' di giorni il pc mi risulta molto rallentato non riesco a capirne il motivo, potete aiutarmi a risolvere il problema???
e' un portatile e uso windows7
grazie.

tecnico24 · 4 Dicembre 2012

Ciao.
Che tipi di rallentamenti riscontri?in quali occasioni?
verifichiamo : leggi questa guida
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
posta i due report di OTL.

Mardok112 · 5 Dicembre 2012

Ff????

brunella2 · 5 Dicembre 2012

ciao, grazie dell'interessamento e scusa il ritardo. il pc mi risulta molto lento nell'apertura di broswer vari, ho letto la tua guida e ho usato otl ma purtroppo sul desktop mi appare solo 1 dei 2 report ...cosa mi consigli di fare per andare avanti?

- - - Updated - - -

Mardok112 ha detto:
Ff????

scusa ma non riuscivo a rispondere e avevo fatto delle prove ......

- - - Updated - - -

ho notato che mentre otl fa la scansione, si blocca e in alto tra parentesi esce scritto non risponde, poi pero' riprende e porta a termine la scansione

tecnico24 · 5 Dicembre 2012

Ciao , OTL va scaricato sul desktop.
Allega i due report.

brunella2 · 5 Dicembre 2012

ho rifatto la scansione con otl e mi ha rilasciato i 2 report......
ora pero' wikisend non mi permette di fare l'upload lanciandomi questo messaggio:

Username:

Password:

Forgot your password?

Have an account: Sign in here
New user: Sign up now

We are sorry, but an error has occured while uploading.
You can return to the start page and try again.

tecnico24 · 5 Dicembre 2012

Caricali su WikiFortio - Wikifortio

brunella2 · 5 Dicembre 2012

OTL logfile created on: 05/12/2012 11:48:59 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teresa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 7,75 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 73,40% Memory free 15,49 Gb Paging File | 13,27 Gb Available in Paging File | 85,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,74 Gb Total Space | 380,46 Gb Free Space | 85,36% Space Free | Partition Type: NTFS Drive D: | 19,73 Gb Total Space | 2,87 Gb Free Space | 14,53% Space Free | Partition Type: NTFS Computer Name: TERESA-HP | User Name: teresa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\teresa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programmi\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Programmi\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Alice Messenger\alicemessenger.exe (Telecom Italia S.p.A.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Programmi\IB Updater\Extension32.dll () MOD - C:\Program Files (x86)\Alice Messenger\connectors\RTCApiWrapper.dll () MOD - C:\Program Files (x86)\Alice Messenger\presentation\qt45_30_win32.dll () MOD - C:\Program Files (x86)\Alice Messenger\httpDrivers\httpDISEDriver.dll () MOD - C:\Program Files (x86)\Alice Messenger\httpDrivers\httpWsDriverGSoap.dll () MOD - C:\Program Files (x86)\Alice Messenger\httpDrivers\httpDriverWinInet.dll () MOD - C:\Program Files (x86)\Alice Messenger\PluginProxy.dll () MOD - C:\Program Files (x86)\Alice Messenger\middleSDK.dll () MOD - C:\Program Files (x86)\Alice Messenger\flash.dll () MOD - C:\Program Files (x86)\Alice Messenger\QtWebKit4.dll () MOD - C:\Program Files (x86)\Alice Messenger\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Alice Messenger\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Alice Messenger\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Alice Messenger\phonon4.dll () MOD - C:\Program Files (x86)\Alice Messenger\QtGui4.dll () MOD - C:\Program Files (x86)\Alice Messenger\QtNetwork4.dll () MOD - C:\Program Files (x86)\Alice Messenger\QtCore4.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (IB Updater) -- C:\Programmi\IB Updater\ExtensionUpdaterService.exe () SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (EPSON_PM_RPCV4_04) -- C:\Programmi\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (HP Wireless Assistant Service) -- C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (STacSV) -- C:\Programmi\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programmi\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (EhttpSrv) -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Programmi\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (AESTFilters) -- C:\Programmi\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {EAF9F9E9-DFEE-4CD8-87AA-FCCDD81AF3AF} IE - HKLM\..\SearchScopes\{C1E9DDEB-92A5-4A4F-833C-E81096B733F2}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{EAF9F9E9-DFEE-4CD8-87AA-FCCDD81AF3AF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EC3D17D9-38DE-4B50-9822-95943D14591C}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Il Mattino - Home Page IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tl=gkn284417&tt=4612_7&babsrc=SP_ss&mntrId=726efc61000000000000ec55f9025b76 IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{C1E9DDEB-92A5-4A4F-833C-E81096B733F2}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb164/?search={searchTerms}&loc=IB_DS&a=6PQOj8hSVs&i=26 IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{EAF9F9E9-DFEE-4CD8-87AA-FCCDD81AF3AF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{EC3D17D9-38DE-4B50-9822-95943D14591C}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: plugin@selectionlinks.com:1.5 FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: crossriderapp4479@crossrider.com:0.86.44 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb164/?loc=IB_DS&a=6PQOj8hSVs&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\teresa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/10/31 15:11:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 20:16:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/30 19:22:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 20:16:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/09 16:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teresa\AppData\Roaming\mozilla\Extensions [2012/11/20 13:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions [2012/11/20 13:39:52 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\crossriderapp4479@crossrider.com [2012/10/31 15:12:18 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\ffxtlbr@incredibar.com [2012/10/31 15:11:50 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\plugin@selectionlinks.com [2012/11/20 13:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode [2012/10/31 15:11:35 | 000,002,203 | ---- | M] () -- C:\Users\teresa\AppData\Roaming\mozilla\firefox\profiles\bi326700.default\searchplugins\MyStart Search.xml [2012/10/27 20:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/10/27 20:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/10/27 20:16:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/06 05:44:22 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2012/11/13 16:37:44 | 000,002,388 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/09/06 05:44:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/06 05:44:22 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2012/09/06 05:44:23 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2012/09/06 05:44:23 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2012/09/06 05:44:23 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2012/10/19 17:32:27 | 000,000,858 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 195.149.220.209 www.goldwinpoker.com O1 - Hosts: 195.149.220.209 goldwinpoker.com O1 - Hosts: 195.149.220.210 live.goldbet.com O1 - Hosts: 195.149.220.210 goldbet.com O1 - Hosts: 195.149.220.210 www.goldbet.com O1 - Hosts: 195.149.220.210 secure.goldbet.com O1 - Hosts: 91.213.212.163 livecasino.goldbet.com O1 - Hosts: 195.149.220.209 gbservice.goldbet.com O1 - Hosts: 195.149.220.99 mail.goldbetmail.com O1 - Hosts: 195.149.220.99 mail.goldbet.com O1 - Hosts: 195.149.220.209 affiliates.goldbet.com O1 - Hosts: 195.149.220.209 old.goldbet.com O1 - Hosts: 66.212.226.169 partners.goldbet.com O1 - Hosts: 195.149.220.209 ced.goldbet.com O1 - Hosts: 195.149.220.210 marketing.goldbet.com O1 - Hosts: 195.149.220.209 goldwinportal.com O1 - Hosts: 195.149.220.209 GOLDWIN PORTAL WELCOME O1 - Hosts: 195.149.220.209 BetXPro O1 - Hosts: 195.149.220.210 www25.goldbet.com O1 - Hosts: 195.149.220.210 www35.goldbet.com O1 - Hosts: 195.149.220.210 content.goldbet.com O1 - Hosts: 195.149.220.209 Goals Mania O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - Reg Error: Value error. File not found O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programmi\IB Updater\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000..\Run: [AliceMessenger] C:\Program Files (x86)\Alice Messenger\alicemessenger.exe (Telecom Italia S.p.A.) O4 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235" File not found O4 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235" File not found O4 - Startup: C:\Users\teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: I&nvia a OneNote - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2446415-2EE2-4F1D-9E67-DAE6575B790C}: NameServer = 212.216.172.222,212.216.172.162 O18 - Protocol\Handler\ms-help - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012/12/04 17:24:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\teresa\Desktop\OTL.exe [2012/12/04 17:20:58 | 000,000,000 | ---D | C] -- C:\Users\teresa\Desktop\RK_Quarantine [2012/11/23 16:52:54 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\stellarium [2012/11/23 16:52:53 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Roaming\Stellarium [2012/11/23 16:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium [2012/11/23 16:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellarium [2012/11/22 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\teresa\Documents\Preistoria [2012/11/21 17:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012/11/21 17:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012/11/16 14:21:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/16 14:21:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/16 14:21:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/16 14:21:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/16 14:21:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/16 14:21:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/16 08:53:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/16 08:53:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/16 08:53:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/16 08:53:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/16 08:53:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/14 15:06:43 | 000,000,000 | ---D | C] -- C:\Users\teresa\Desktop\Temi [2012/11/14 15:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFBinder [2012/11/14 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFBinder [2012/11/13 16:42:56 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\CUSTPDF Writer [2012/11/13 16:39:08 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\Google [2012/11/13 16:39:07 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\Giant Savings [2012/11/13 16:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings [2012/11/13 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS [2012/11/13 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\teresa\PDFCreator [2012/11/12 16:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HistorAtlas [2012/11/12 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HistorAtlas [2012/11/12 16:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HistorAtlas [2012/11/12 16:12:11 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2012/11/12 16:12:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2012/10/31 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\teresa\Documents\My Cmaps [2012/10/31 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Roaming\CmapTools [2012/10/31 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\teresa\CmapToolsLogs [2012/10/31 15:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools [2012/10/31 15:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IHMC CmapTools [2012/10/31 15:50:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry [2012/10/31 15:50:03 | 000,000,000 | -H-D | C] -- C:\Users\teresa\InstallAnywhere [2012/10/31 15:12:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2012/10/31 15:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps [2012/10/31 15:11:38 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\Wajam [2012/10/27 20:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/22 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\teresa\Desktop\Mappe Studio [2012/10/21 16:01:42 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\Macromedia [2012/10/19 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\CPN [2012/10/19 17:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\enabler [2012/10/18 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/10/18 09:58:07 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/10/18 09:58:07 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/10/18 09:58:07 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/10/18 09:58:07 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/10/18 09:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/10/10 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\teresa\Documents\biografia_files [2012/10/10 12:37:16 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/10 12:37:15 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/10 12:37:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/10/10 12:37:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/10/10 12:37:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/10/10 12:37:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/10/10 12:37:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/10/10 12:37:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/10/10 12:37:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/10/10 12:37:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/10/10 12:37:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/10/10 12:37:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/10/10 12:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/10/10 12:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/10/10 12:37:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/10/10 12:37:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/10/10 12:37:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/10/10 12:37:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/10/10 12:37:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/10/10 12:37:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/10/10 12:37:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/10/09 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/10/09 16:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/09 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Roaming\Mozilla [2012/10/09 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\teresa\AppData\Local\Mozilla [2012/10/08 19:42:52 | 000,000,000 | ---D | C] -- C:\Users\teresa\Application Data [2012/10/08 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AliceMessenger [2012/10/08 11:57:34 | 000,000,000 | ---D | C] -- C:\Users\teresa\Documents\Blocchi appunti di OneNote [2012/10/08 10:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSL Telecom [2012/10/08 10:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alice Messenger [2012/10/08 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telecom Italia ========== Files - Modified Within 60 Days ========== [2012/12/05 11:48:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/05 09:57:03 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1557839668-1679169614-360877716-1000UA.job [2012/12/05 09:45:19 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012/12/05 09:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/05 09:43:50 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys [2012/12/04 18:57:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1557839668-1679169614-360877716-1000Core.job [2012/12/04 17:25:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teresa\Desktop\OTL.exe [2012/11/26 11:46:40 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012/11/23 16:52:46 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Stellarium.lnk [2012/11/21 20:34:33 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForteresa.job [2012/11/21 17:13:26 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/11/19 16:53:49 | 000,498,790 | ---- | M] () -- C:\Users\teresa\Documents\ac.xps [2012/11/14 16:42:39 | 004,743,508 | ---- | M] () -- C:\Users\teresa\Desktop\Temi.zip [2012/11/14 15:03:41 | 001,612,288 | ---- | M] () -- C:\Users\teresa\Desktop\PDFBinder-v1.1.msi [2012/11/13 16:10:17 | 002,812,556 | ---- | M] () -- C:\Users\teresa\Documents\mappechimica.pdf [2012/11/12 16:28:14 | 000,000,077 | ---- | M] () -- C:\Users\teresa\Desktop\Microsoft Encarta.url [2012/11/12 16:12:11 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe [2012/11/12 16:12:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE [2012/11/12 15:42:09 | 000,234,170 | ---- | M] () -- C:\Users\teresa\Documents\GLI ACCADI.cmap.jpg [2012/11/12 15:40:27 | 000,329,867 | ---- | M] () -- C:\Users\teresa\Documents\a - sumeri.cmap.jpg [2012/10/31 15:52:12 | 000,002,455 | ---- | M] () -- C:\Users\teresa\.powerupdate.user.properties [2012/10/31 15:12:19 | 000,000,447 | ---- | M] () -- C:\user.js [2012/10/31 15:11:43 | 000,000,064 | ---- | M] () -- C:\Users\teresa\Desktop\CmapTools.url [2012/10/21 16:01:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/21 16:01:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/19 17:34:28 | 000,001,062 | ---- | M] () -- C:\Users\teresa\Desktop\bet (2).lnk [2012/10/18 09:57:58 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/10/18 09:57:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/10/18 09:57:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/10/18 09:57:57 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/10/18 09:57:57 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/10/10 14:10:41 | 000,084,766 | ---- | M] () -- C:\Users\teresa\Documents\biografia.htm [2012/10/10 13:35:45 | 003,082,743 | ---- | M] () -- C:\Users\teresa\Desktop\CON-PENSARE-2.pdf [2012/10/09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/10/09 16:29:26 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 11:57:41 | 000,001,300 | ---- | M] () -- C:\Users\teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk [2012/10/08 11:36:40 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012/10/08 10:40:25 | 000,000,163 | ---- | M] () -- C:\Users\Public\Desktop\Gestione modem.url [2012/10/08 10:39:51 | 000,001,086 | ---- | M] () -- C:\Users\teresa\Desktop\Messenger.lnk [2012/10/08 08:47:44 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/10/08 08:46:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/10/08 08:44:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/10/08 08:43:05 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/10/08 08:41:19 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/10/08 08:37:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2012/11/23 16:52:46 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Stellarium.lnk [2012/11/21 17:13:26 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/11/19 16:53:47 | 000,498,790 | ---- | C] () -- C:\Users\teresa\Documents\ac.xps [2012/11/14 16:42:39 | 004,743,508 | ---- | C] () -- C:\Users\teresa\Desktop\Temi.zip [2012/11/14 15:03:37 | 001,612,288 | ---- | C] () -- C:\Users\teresa\Desktop\PDFBinder-v1.1.msi [2012/11/13 16:10:17 | 002,812,556 | ---- | C] () -- C:\Users\teresa\Documents\mappechimica.pdf [2012/11/12 16:28:14 | 000,000,077 | ---- | C] () -- C:\Users\teresa\Desktop\Microsoft Encarta.url [2012/11/12 15:42:08 | 000,234,170 | ---- | C] () -- C:\Users\teresa\Documents\GLI ACCADI.cmap.jpg [2012/11/12 15:40:22 | 000,329,867 | ---- | C] () -- C:\Users\teresa\Documents\a - sumeri.cmap.jpg [2012/10/31 15:51:47 | 000,002,455 | ---- | C] () -- C:\Users\teresa\.powerupdate.user.properties [2012/10/31 15:12:18 | 000,000,447 | ---- | C] () -- C:\user.js [2012/10/31 15:11:43 | 000,000,064 | ---- | C] () -- C:\Users\teresa\Desktop\CmapTools.url [2012/10/23 14:09:53 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForteresa.job [2012/10/19 17:34:28 | 000,001,062 | ---- | C] () -- C:\Users\teresa\Desktop\bet (2).lnk [2012/10/10 14:10:38 | 000,084,766 | ---- | C] () -- C:\Users\teresa\Documents\biografia.htm [2012/10/10 13:35:45 | 003,082,743 | ---- | C] () -- C:\Users\teresa\Desktop\CON-PENSARE-2.pdf [2012/10/09 16:22:23 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/09 16:22:23 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 11:57:41 | 000,001,300 | ---- | C] () -- C:\Users\teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk [2012/10/08 10:40:25 | 000,000,163 | ---- | C] () -- C:\Users\Public\Desktop\Gestione modem.url [2012/10/08 10:39:51 | 000,001,116 | ---- | C] () -- C:\Users\teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk [2012/10/08 10:39:51 | 000,001,086 | ---- | C] () -- C:\Users\teresa\Desktop\Messenger.lnk [2012/10/01 16:41:24 | 000,000,387 | ---- | C] () -- C:\Users\teresa\manual_01.htm [2012/07/31 09:26:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/31 09:26:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/31 09:26:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/31 09:26:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/31 09:26:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/30 16:43:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012/06/05 13:49:06 | 001,569,110 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/03/10 01:09:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/03/10 01:02:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2011/03/10 01:02:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2011/03/10 00:59:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll "ThreadingModel" = Both ========== LOP Check ========== [2012/10/31 15:55:27 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\CmapTools [2012/11/14 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\Epson [2012/10/03 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\SoftGrid Client [2012/11/23 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\Stellarium [2012/04/17 14:00:35 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\Tific [2012/06/05 13:50:01 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\TP [2012/04/26 17:25:09 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\WildTangent [2012/04/03 16:42:11 | 000,000,000 | ---D | M] -- C:\Users\teresa\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report >

tecnico24 · 5 Dicembre 2012

WikiFortio - Wikifortio
Attieniti alle istruzioni , grazie.

brunella2 · 5 Dicembre 2012

WikiFortio - Wikifortio

- - - Updated - - -

...... http://www.wikifortio.com/821945/OTL.Txt

tecnico24 · 5 Dicembre 2012

Manca il file Extras.txt

brunella2 · 5 Dicembre 2012

WikiFortio

File sharing service

Upload a File

File name: Extras.Txt

Progress: NaN %

Size:
0 Kb

Uploaded:
0 Kb

Time left:
NaN h NaN min NaN sec

Speed:
NaN Kb/sec

Main page Contact usSearch
© 2007 Wikifortio - File Sharing. All rights reserved.

- - - Updated - - -

non me lo carica

tecnico24 · 5 Dicembre 2012

Prova con Internet Explorer.

brunella2 · 5 Dicembre 2012

.........WikiFortio - Wikifortio

- - - Updated - - -

.........................http://www.wikifortio.com/769180/Extras.Txt

- - - Updated - - -

http://www.wikifortio.com/769180/Extras.Txt

tecnico24 · 5 Dicembre 2012

Operazione preliminare:disattiva il ripristino configurazione di sistema.

Per Windows vista / 7:
● Pannello di controllo
● Sistema e sicurezza
● Sistema
● Protezione sistema a sinistra
● Per windows Vista togliere il flag dal disco interessato e confermare con ok
● Per windows 7 cliccate su configura e spuntate su Disattiva protezione , Applica e ok.

Apri OTL
sotto il box custom scans / fixes in basso
copia ed incolla queste righe in grassetto:

:OTL
PRC - C:\Programmi\IB Updater\ExtensionUpdaterService.exe ()
MOD - C:\Programmi\IB Updater\Extension32.dll ()
SRV - (IB Updater) -- C:\Programmi\IB Updater\ExtensionUpdaterService.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tl=gkn284417&tt=4612_7&babsrc=SP_ss&mntrId=726efc61000000000000ec55f9025b76
IE - HKU\S-1-5-21-1557839668-1679169614-360877716-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb164/?search={searchTerms}&loc=IB_DS&a=6PQOj8hSVs&i=26
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: plugin@selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: crossriderapp4479@crossrider.com:0.86.44
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb164/?loc=IB_DS&a=6PQOj8hSVs&&i=26&search="
[2012/10/31 15:12:18 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\ffxtlbr@incredibar.com
[2012/10/31 15:11:50 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\teresa\AppData\Roaming\mozilla\Firefox\Profiles\bi326700.default\extensions\plugin@selectionlinks.com
O1 - Hosts: 195.149.220.209 www.goldwinpoker.com
O1 - Hosts: 195.149.220.209 goldwinpoker.com
O1 - Hosts: 195.149.220.210 live.goldbet.com
O1 - Hosts: 195.149.220.210 goldbet.com
O1 - Hosts: 195.149.220.210 www.goldbet.com
O1 - Hosts: 195.149.220.210 secure.goldbet.com
O1 - Hosts: 91.213.212.163 livecasino.goldbet.com
O1 - Hosts: 195.149.220.209 gbservice.goldbet.com
O1 - Hosts: 195.149.220.99 mail.goldbetmail.com
O1 - Hosts: 195.149.220.99 mail.goldbet.com
O1 - Hosts: 195.149.220.209 affiliates.goldbet.com
O1 - Hosts: 195.149.220.209 old.goldbet.com
O1 - Hosts: 66.212.226.169 partners.goldbet.com
O1 - Hosts: 195.149.220.209 ced.goldbet.com
O1 - Hosts: 195.149.220.210 marketing.goldbet.com
O1 - Hosts: 195.149.220.209 goldwinportal.com
O1 - Hosts: 195.149.220.209 GOLDWIN PORTAL WELCOME
O1 - Hosts: 195.149.220.209 BetXPro
O1 - Hosts: 195.149.220.210 www25.goldbet.com
O1 - Hosts: 195.149.220.210 www35.goldbet.com
O1 - Hosts: 195.149.220.210 content.goldbet.com
O1 - Hosts: 195.149.220.209 Goals Mania

:Files
C:\Users\teresa\AppData\Local\Wajam
C:\Windows\tasks\AutoKMS.job
C:\user.js
C:\ProgramData\ras_0oed.pad
C:\Users\teresa\AppData\Roaming\SoftGrid Client
C:\Users\teresa\AppData\Roaming\WildTangent

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[RESETHOSTS]
[EMPTYFLASH]
[Reboot]

clicca sul pulsante in alto

Attendi le operazioni senza interferire
Il pc si riavvierà , al ritorno ti uscira un report , salvalo ed allegalo su WikiFortio - Wikifortio (tramite Internet explorer cosi non riscontri problemi) e poi postalo qui.

Esegui anche AdwCleaner:
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
Aprilo , clicca direttamente su Elimina , il pc si riavvierà nuovamente.
Posta il report post-eliminazione [S2].txt

pc lento

brunella2

Nuovo Utente

tecnico24

Mardok112

brunella2

Nuovo Utente

tecnico24

brunella2

Nuovo Utente

tecnico24

brunella2

Nuovo Utente

tecnico24

brunella2

Nuovo Utente

tecnico24

brunella2

Nuovo Utente

tecnico24

brunella2

Nuovo Utente

tecnico24

Ci sono discussioni simili a riguardo, dai un'occhiata!

Discussioni Simili