potreste analizzarli???

giancai

Utente Attivo
141
1
potreste dare un'occhiata a questi log, perché ho il pc di nuovo lento dopo averlo sistemato da poco tempo. se vado in provvisoria è veloce, ma in normale molto lento, anzi fermo. ho disabilitato tutti i servizi e ciò che sta in msconfig, ma senza esito. cosa mi consigliate??
sistema operativo Windows xp

OTL logfile created on: 12/10/2013 20.14.07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rosa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1014,11 Mb Total Physical Memory | 764,64 Mb Available Physical Memory | 75,40% Memory free
2,39 Gb Paging File | 2,28 Gb Available in Paging File | 95,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 53,70 Gb Total Space | 29,48 Gb Free Space | 54,90% Space Free | Partition Type: FAT32
Drive D: | 74,28 Gb Total Space | 69,34 Gb Free Space | 93,35% Space Free | Partition Type: NTFS

Computer Name: ACER-C7A2D63CB5 | User Name: Rosa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/12 20.11.10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/12 18.17.16 | 002,864,448 | ---- | M] (Iminent) [Disabled | Stopped] -- C:\Programmi\File comuni\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013/08/20 19.54.48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14.37.18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12.55.20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/12 18.14.10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/21 03.16.42 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/26 08.45.56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009/05/14 17.07.14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/19 22.10.56 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 22.09.54 | 003,220,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 17.38.32 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/04/06 19.30.46 | 000,086,016 | ---- | M] (Logitech) [Disabled | Stopped] -- c:\Programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/03/29 20.53.34 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/03/23 00.13.22 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006/03/23 00.13.22 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006/03/23 00.12.34 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/02/17 15.26.32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/14 01.06.04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rosa\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/15 11.36.30 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/09 10.59.10 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/17 16.16.02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/18 03.00.00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/04/20 20.03.44 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/04/20 20.03.44 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/04/20 20.03.42 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/04/06 19.30.46 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/04/06 19.30.46 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/04/05 18.46.42 | 001,097,472 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2006/04/05 18.42.54 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/03/16 17.24.00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/27 18.47.00 | 004,241,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/02/22 11.46.26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/18 18.41.58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/27 07.36.08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/09/20 10.30.00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {7FA3625E-6C4E-499F-80E2-5A26EA244AB1}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7FA3625E-6C4E-499F-80E2-5A26EA244AB1}: "URL" = Google{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=0F67E6F ... toolbox&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 1E 9F 1F 67 F2 CD 01 [binary data]
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{7FA3625E-6C4E-499F-80E2-5A26EA244AB1}: "URL" = Google{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVB_itIT510
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=0F67E6F ... toolbox&q={searchTerms}
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=2ea62d9c0000000000000013024d93dc&q="
FF - prefs.js..browser.startup.homepage: "http://start.iminent.com/?appId=0F67E6F5-2648-4408-8225-49A344411548"
FF - prefs.js..browser.search.selectedEngine: "StartWeb"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/05/10 23.20.48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

[2012/05/10 23.21.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rosa\Dati applicazioni\Mozilla\Extensions
[2012/05/16 16.12.34 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\Rosa\Dati applicazioni\Mozilla\Firefox\Profiles\4055ghdn.default\searchplugins\funmoods.xml
[2012/05/10 23.20.48 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/05/11 07.54.32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/28 23.43.30 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/04/28 23.43.30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ROSA\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\4055GHDN.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2013/04/03 20.33.34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2013/04/03 20.33.30 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml
[2013/04/03 20.33.30 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2013/04/03 20.33.30 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2013/04/03 20.33.30 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2013/04/03 20.33.30 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2013/04/03 20.33.30 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2013/01/10 15.08.36 | 000,002,147 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\StartWeb.xml

========== Chrome ==========

CHR - homepage: http://start.iminent.com/?appId=0F67E6F ... A344411548
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iminent.com/?appId=0F67E6F ... A344411548
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.31.1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/03 19.34.12 | 000,446,252 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15325 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E59925F0-1D27-41E9-8E27-63EAEBCC674D}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: D:\ANDREA\rcchi da morire.bmp
O24 - Desktop BackupWallPaper: D:\ANDREA\rcchi da morire.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/19 22.32.58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012/11/09 11.47.44 | 000,000,098 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 20.13.54 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013/10/12 20.11.09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
[2013/10/12 20.07.50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/12 20.07.40 | 001,087,213 | ---- | C] (Farbar) -- C:\Documents and Settings\Rosa\Desktop\FRST.exe
[2013/10/12 20.00.40 | 000,000,000 | -HSD | C] -- C:\FOUND.019
[2013/10/12 19.23.14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/12 19.21.35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/12 19.21.35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/12 19.21.35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/12 19.21.35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/12 19.21.32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/12 19.21.29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/12 19.21.26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenti\Video
[2013/10/12 19.21.26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rosa\Menu Avvio\Programmi\Strumenti di amministrazione
[2013/10/12 19.21.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/12 19.20.51 | 005,131,958 | R--- | C] (Swearware) -- C:\Documents and Settings\Rosa\Desktop\ComboFix.exe
[2013/10/12 18.37.12 | 000,000,000 | -HSD | C] -- C:\FOUND.018
[2013/10/12 13.07.44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/10/12 13.04.36 | 000,000,000 | -HSD | C] -- C:\FOUND.017
[2013/09/30 11.01.30 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/12 20.11.10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
[2013/10/12 20.07.44 | 001,087,213 | ---- | M] (Farbar) -- C:\Documents and Settings\Rosa\Desktop\FRST.exe
[2013/10/12 20.00.48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/12 19.23.16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/12 19.21.00 | 005,131,958 | R--- | M] (Swearware) -- C:\Documents and Settings\Rosa\Desktop\ComboFix.exe
[2013/10/12 19.12.22 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/12 18.59.08 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\LuUninstall.LiveUpdate
[2013/10/12 18.56.54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Rosa\Desktop\HiJackThis.lnk
[2013/10/12 18.56.44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/10/12 18.46.02 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DD2853D-515D-42B0-AC31-B01901030E9A}.job
[2013/10/12 18.45.22 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2013/10/12 18.43.54 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2013/10/12 18.33.02 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/12 16.54.02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/12 12.53.48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/12 19.23.15 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013/10/12 19.23.15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/12 19.21.35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/12 19.21.35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/12 19.21.35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/12 19.21.35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/12 19.21.35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/04 10.05.10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/04 10.05.10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/04 10.05.09 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2012/10/15 18.37.05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/10/13 21.48.14 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\LuUninstall.LiveUpdate
[2012/05/22 21.58.51 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/16 16.20.31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32i.dll
[2012/05/16 15.55.47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2012/05/15 13.35.08 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 20.04.43 | 000,001,650 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2012/05/10 22.34.57 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2012/05/10 22.34.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2012/05/10 22.32.48 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2012/05/10 22.26.36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/19 22.37.40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 18.06.42 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/11 07.54.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2012/09/04 14.55.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/10/13 22.03.12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/10/15 18.18.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2012/10/15 18.22.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2013/03/09 18.54.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BlueStacks
[2013/03/09 18.54.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BlueStacksSetup
[2013/08/02 16.57.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Iminent
[2012/10/15 18.36.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Epson
[2013/03/14 21.44.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Funmoods
[2013/08/02 16.57.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Iminent
[2013/08/02 16.58.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Systweak
[2013/08/02 17.03.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\TuneUp Software

< End of report >
 

Allegati

  • Extras.Txt
    36.7 KB · Visualizzazioni: 147

blackanbecker

Utente Èlite
4,528
1,216
CPU
Intel i7 2600k + CM Hyper 212+
Dissipatore
Hyper 212+
Scheda Madre
ASRock Z77 Pro4
HDD
SSD 1TB + SSD 500GB + HDD 1TB + HDD 4TB
RAM
Corsair XMS3 32 GB DDR3 1600mhz
GPU
nVidia GTX 1070 8 GB
Audio
5.1
Monitor
AOC i2757FM
PSU
Thermaltake Berlin 630W
Case
Cooler Master 330 Elite
Net
1 Gbit
OS
Windows 10 Professional
Hai Windows XP con il Service Pack 3 e un solo GB di memoria RAM.
Questo è il motivo per cui il computer va lento, nessun altro.
 

Andrea Roma1

Utente Èlite
2,142
273
potreste dare un'occhiata a questi log, perché ho il pc di nuovo lento dopo averlo sistemato da poco tempo. se vado in provvisoria è veloce, ma in normale molto lento, anzi fermo. ho disabilitato tutti i servizi e ciò che sta in msconfig, ma senza esito. cosa mi consigliate??
sistema operativo Windows xp

OTL logfile created on: 12/10/2013 20.14.07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rosa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1014,11 Mb Total Physical Memory | 764,64 Mb Available Physical Memory | 75,40% Memory free
2,39 Gb Paging File | 2,28 Gb Available in Paging File | 95,71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 53,70 Gb Total Space | 29,48 Gb Free Space | 54,90% Space Free | Partition Type: FAT32
Drive D: | 74,28 Gb Total Space | 69,34 Gb Free Space | 93,35% Space Free | Partition Type: NTFS

Computer Name: ACER-C7A2D63CB5 | User Name: Rosa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/12 20.11.10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/12 18.17.16 | 002,864,448 | ---- | M] (Iminent) [Disabled | Stopped] -- C:\Programmi\File comuni\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013/08/20 19.54.48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14.37.18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12.55.20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/12 18.14.10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/21 03.16.42 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/26 08.45.56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009/05/14 17.07.14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/19 22.10.56 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 22.09.54 | 003,220,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 17.38.32 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/04/06 19.30.46 | 000,086,016 | ---- | M] (Logitech) [Disabled | Stopped] -- c:\Programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/03/29 20.53.34 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/03/23 00.13.22 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006/03/23 00.13.22 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006/03/23 00.12.34 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/02/17 15.26.32 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/14 01.06.04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rosa\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/15 11.36.30 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/09 10.59.10 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/17 16.16.02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/18 03.00.00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/04/20 20.03.44 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/04/20 20.03.44 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/04/20 20.03.42 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/04/06 19.30.46 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/04/06 19.30.46 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/04/05 18.46.42 | 001,097,472 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2006/04/05 18.42.54 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/03/16 17.24.00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/27 18.47.00 | 004,241,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/02/22 11.46.26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/18 18.41.58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/27 07.36.08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/09/20 10.30.00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {7FA3625E-6C4E-499F-80E2-5A26EA244AB1}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7FA3625E-6C4E-499F-80E2-5A26EA244AB1}: "URL" = Google{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=0F67E6F ... toolbox&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 1E 9F 1F 67 F2 CD 01 [binary data]
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{7FA3625E-6C4E-499F-80E2-5A26EA244AB1}: "URL" = Google{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVB_itIT510
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=0F67E6F ... toolbox&q={searchTerms}
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=2ea62d9c0000000000000013024d93dc&q="
FF - prefs.js..browser.startup.homepage: "http://start.iminent.com/?appId=0F67E6F5-2648-4408-8225-49A344411548"
FF - prefs.js..browser.search.selectedEngine: "StartWeb"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/05/10 23.20.48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

[2012/05/10 23.21.02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rosa\Dati applicazioni\Mozilla\Extensions
[2012/05/16 16.12.34 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\Rosa\Dati applicazioni\Mozilla\Firefox\Profiles\4055ghdn.default\searchplugins\funmoods.xml
[2012/05/10 23.20.48 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/05/11 07.54.32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/28 23.43.30 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/04/28 23.43.30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ROSA\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\4055GHDN.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2013/04/03 20.33.34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2013/04/03 20.33.30 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml
[2013/04/03 20.33.30 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2013/04/03 20.33.30 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2013/04/03 20.33.30 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2013/04/03 20.33.30 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2013/04/03 20.33.30 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2013/01/10 15.08.36 | 000,002,147 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\StartWeb.xml

========== Chrome ==========

CHR - homepage: http://start.iminent.com/?appId=0F67E6F ... A344411548
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.iminent.com/?appId=0F67E6F ... A344411548
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.31.1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/03 19.34.12 | 000,446,252 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15325 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2772702787-866484455-1410461591-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E59925F0-1D27-41E9-8E27-63EAEBCC674D}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: D:\ANDREA\rcchi da morire.bmp
O24 - Desktop BackupWallPaper: D:\ANDREA\rcchi da morire.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/19 22.32.58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012/11/09 11.47.44 | 000,000,098 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 20.13.54 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013/10/12 20.11.09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
[2013/10/12 20.07.50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/12 20.07.40 | 001,087,213 | ---- | C] (Farbar) -- C:\Documents and Settings\Rosa\Desktop\FRST.exe
[2013/10/12 20.00.40 | 000,000,000 | -HSD | C] -- C:\FOUND.019
[2013/10/12 19.23.14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/12 19.21.35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/12 19.21.35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/12 19.21.35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/12 19.21.35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/12 19.21.32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/12 19.21.29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/12 19.21.26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenti\Video
[2013/10/12 19.21.26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rosa\Menu Avvio\Programmi\Strumenti di amministrazione
[2013/10/12 19.21.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/12 19.20.51 | 005,131,958 | R--- | C] (Swearware) -- C:\Documents and Settings\Rosa\Desktop\ComboFix.exe
[2013/10/12 18.37.12 | 000,000,000 | -HSD | C] -- C:\FOUND.018
[2013/10/12 13.07.44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/10/12 13.04.36 | 000,000,000 | -HSD | C] -- C:\FOUND.017
[2013/09/30 11.01.30 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/12 20.11.10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosa\Desktop\OTL.exe
[2013/10/12 20.07.44 | 001,087,213 | ---- | M] (Farbar) -- C:\Documents and Settings\Rosa\Desktop\FRST.exe
[2013/10/12 20.00.48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/12 19.23.16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/12 19.21.00 | 005,131,958 | R--- | M] (Swearware) -- C:\Documents and Settings\Rosa\Desktop\ComboFix.exe
[2013/10/12 19.12.22 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/12 18.59.08 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\LuUninstall.LiveUpdate
[2013/10/12 18.56.54 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Rosa\Desktop\HiJackThis.lnk
[2013/10/12 18.56.44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/10/12 18.46.02 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DD2853D-515D-42B0-AC31-B01901030E9A}.job
[2013/10/12 18.45.22 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2013/10/12 18.43.54 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2013/10/12 18.33.02 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/12 16.54.02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/12 12.53.48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/12 19.23.15 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2013/10/12 19.23.15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/12 19.21.35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/12 19.21.35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/12 19.21.35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/12 19.21.35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/12 19.21.35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/04 10.05.10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/07/04 10.05.10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/07/04 10.05.09 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2012/10/15 18.37.05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/10/13 21.48.14 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\LuUninstall.LiveUpdate
[2012/05/22 21.58.51 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/16 16.20.31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32i.dll
[2012/05/16 15.55.47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED88.ini
[2012/05/15 13.35.08 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 20.04.43 | 000,001,650 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2012/05/10 22.34.57 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2012/05/10 22.34.39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2012/05/10 22.32.48 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2012/05/10 22.26.36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Rosa\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/19 22.37.40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 18.06.42 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/11 07.54.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
[2012/09/04 14.55.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2012/10/13 22.03.12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/10/15 18.18.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2012/10/15 18.22.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2013/03/09 18.54.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BlueStacks
[2013/03/09 18.54.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BlueStacksSetup
[2013/08/02 16.57.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Iminent
[2012/10/15 18.36.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Epson
[2013/03/14 21.44.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Funmoods
[2013/08/02 16.57.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Iminent
[2013/08/02 16.58.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\Systweak
[2013/08/02 17.03.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosa\Dati applicazioni\TuneUp Software

< End of report >

fai una scansione con adwcleaner che sei pieno di toolbar, per i log non saprei come aiutarti, se hai due antivirus basta solo avast
 
Ultima modifica:

R16

Utente Èlite
2,307
425
CPU
boh
Scheda Madre
boh
HDD
boh
RAM
boh
GPU
boh
Audio
boh
Monitor
boh
PSU
boh
Case
boh
OS
boh
@giancai
Oltre ad avere parecchi adware, ci sono anche 3 antivirus che a vario titolo circolano in quel pc. (Symantec, AVG, e Avast!
Non si può pretendere che sia una scheggia.
Segui l'indicazione di usare Adwcleaner:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi:
scarica Junkware Removal Tool sul desktop.
Download Junkware Removal Tool 6.0.7
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Per vedere se sono rimasti "rimasugli" rifai una scansione con OTL.

Per postare i log segui queste indicazioni:
Collegati ad internet e vai alla pagina WikiSend:
Wikisend: free file sharing service
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
 

Andrea Roma1

Utente Èlite
2,142
273
@giancai
Oltre ad avere parecchi adware, ci sono anche 3 antivirus che a vario titolo circolano in quel pc. (Symantec, AVG, e Avast!
Non si può pretendere che sia una scheggia.
Segui l'indicazione di usare Adwcleaner:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi:
scarica Junkware Removal Tool sul desktop.
Download Junkware Removal Tool 6.0.7
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Per vedere se sono rimasti "rimasugli" rifai una scansione con OTL.

Per postare i log segui queste indicazioni:
Collegati ad internet e vai alla pagina WikiSend:
Wikisend: free file sharing service
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

OT: ti voglio fare due domande (se ti va rispondimi), cosa cambia tra junk removal tool e roguekiller (quale dei due è più simile ad adwcleaner?

cosa usi te per la protezione online (sul browser)
 

R16

Utente Èlite
2,307
425
CPU
boh
Scheda Madre
boh
HDD
boh
RAM
boh
GPU
boh
Audio
boh
Monitor
boh
PSU
boh
Case
boh
OS
boh
@Andrea Roma:
Anche tu potresti farmi una cortesia:
Per favore non quotare i miei post.
Mi trovo meglio senza il "quote".
cosa cambia tra junk removal tool e roguekiller (quale dei due è più simile ad adwcleaner?
Sono 2 software completamente diversi.

1)RougeKiller lo si usa quando ci sono infezioni importanti ( Rootkit, Worm, Zero Access, insomma i tipi di infezioni che attaccano i file e le chiavi di sistema).
Non serve per gli Adware oppure per i browser hijacker.

2) Adwcleaner, è un tool specifico per le cosidette "pagine pubblicitarie", gli adware, e tutti i dirottatori di browser.
junk removal tool è molto simile (un concorrente) ad Adwcleaner, praticamente fanno lo stesso lavoro, ma mi sono accorto che nessuno dei 2 è perfetto.
Usandoli insieme, si ha più probabilità che a quello che sfugge qualcosa, lo trovi quell'altro.
Quindi per maggiore sicurezza li uso entrambi.

cosa usi te per la protezione online (sul browser)
Niente.
Sono settati di default, e li lascio come sono.
Ovviamente non consiglio di seguire questo metodo.
 
  • Mi piace
Reazioni: Andrea Roma1

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!