PROBLEMA Problema avvio XP, possibile malware

alatriste80 · 3 Dicembre 2013

Sì infatti...
domani glielo dico
per ora se lo tiene così, e poi gli consiglio un nuovo acquisto.
Anche formattandolo non credo si risolverebbe il problema, giusto?

- - - Updated - - -

E ovviamente su pc nuovo gli consiglierò di prendere un internet security a pagamento...
come faccio io da tanti anni... senza mai avere problemi! ;)

- - - Updated - - -

Ok, grazie Davide72 ed R16.
Se ci fossero novità o imprevisti vi dirò, ma credo che ormai domani mattina riconsegnerò il malato al legittimo proprietario con debiti consigli... Così per qualche settimana può andare... ma poi...
Ovviamente ad usufruirne è un utente di livello basso, di una certa età, magari gironzola un po' dove non conviene farlo e poi...
eheheheheh...

Grazie.

Alla prossima.

Davide72 · 4 Dicembre 2013

eh si , anche riformattando da zero.....il problema sta proprio negli aggiornamenti microsoft su certe macchine NON dual core , nonchè il termine supporto per xp confermato per aprile 2014
consegnalo cosi , poi vedrà lui...tu la tua parte l' hai fatta, ciao

- - - Updated - - -

PS dai log di otl ed extra non si capisce niente il testo non è capo automatico, postali correttamente

alatriste80 · 4 Dicembre 2013

OTL logfile created on: 03/12/2013 22.33.37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fdfd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,80 Mb Total Physical Memory | 321,52 Mb Available Physical Memory | 63,95% Memory free
1,94 Gb Paging File | 1,70 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 465,75 Gb Total Space | 451,82 Gb Free Space | 97,01% Space Free | Partition Type: NTFS
Drive E: | 3,80 Gb Total Space | 1,88 Gb Free Space | 49,58% Space Free | Partition Type: FAT32

Computer Name: 77-6FA7CE2C5B32 | User Name: fdfd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\fdfd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Programmi\AVAST Software\Avast\defs\13120301\algo.dll ()
MOD - C:\Programmi\AVAST Software\Avast\libcef.dll ()
MOD - C:\Programmi\WinRAR\RarExt.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programmi\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Chiavetta Internet. RunOuc) -- C:\Programmi\Chiavetta Internet\UpdateDog\ouc.exe ()
SRV - (HWDeviceService.exe) -- C:\Documents and Settings\All Users\Dati applicazioni\DatacardService\HWDeviceService.exe ()
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (LVPrcSrv) -- c:\Programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (huawei_ext_ctrl) -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (jrdusbser) -- C:\WINDOWS\system32\drivers\jrdusbser.sys (TCT International Mobile Ltd)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing
IE - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Wikipedia (it)"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (it)"
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Programmi\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programmi\AVAST Software\Avast\WebRep\FF [2013/12/03 21.31.42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins

[2013/04/18 15.41.49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fdfd\Dati applicazioni\Mozilla\Extensions
[2013/09/26 19.57.54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fdfd\Dati applicazioni\Mozilla\Firefox\Profiles\f6kl8wol.default\extensions
[2013/12/03 00.49.33 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions
[2013/12/03 00.49.33 | 000,000,000 | ---D | M] (Default) -- C:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

O1 HOSTS File: ([2001/08/31 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 01.14.13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/12/03 22.23.18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/03 22.22.12 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\fdfd\Desktop\JRT.exe
[2013/12/03 22.07.42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fdfd\Desktop\OTL.exe
[2013/12/03 21.36.13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fdfd\Recent
[2013/12/03 21.08.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\bdch
[2013/12/03 21.08.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\bdch
[2013/12/03 21.01.56 | 000,633,344 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2013/12/03 21.01.56 | 000,486,536 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2013/12/03 21.01.56 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2013/12/03 20.51.31 | 000,000,000 | ---D | C] -- C:\Programmi\Bitdefender
[2013/12/03 20.50.20 | 000,164,952 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
[2013/12/03 20.50.19 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2013/12/03 20.39.12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Desktop\cpu-z_1.67-en
[2013/12/03 20.32.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\MFAData
[2013/12/03 20.21.51 | 000,350,080 | ---- | C] (AVAST Software) -- C:\Documents and Settings\fdfd\Documenti\avastclear.exe
[2013/12/03 15.34.21 | 000,000,000 | ---D | C] -- C:\Hijackthis
[2013/12/03 12.35.28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/03 01.19.27 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2013/12/03 01.19.22 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/03 01.19.22 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/03 01.19.13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/03 01.19.13 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/03 01.19.13 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/03 01.19.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Java
[2013/12/03 00.58.43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/12/03 00.57.01 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe AIR
[2013/12/03 00.54.31 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/03 00.54.31 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/03 00.49.31 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2013/12/03 00.32.19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/12/02 22.51.54 | 000,000,000 | ---D | C] -- C:\Programmi\Defraggler
[2013/12/02 20.44.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Dati applicazioni\AVAST Software
[2013/12/02 20.44.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avast
[2013/12/02 20.43.50 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/02 20.43.49 | 000,774,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/02 20.43.49 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/02 20.43.48 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/02 20.43.48 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/02 20.43.48 | 000,035,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/12/02 20.43.46 | 000,269,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/02 20.43.43 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/02 20.43.14 | 000,000,000 | ---D | C] -- C:\Programmi\AVAST Software
[2013/12/02 20.42.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2013/12/02 20.25.55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/02 19.01.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/02 18.36.26 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2013/12/02 17.39.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Documenti\My Drivers
[2013/12/02 17.34.59 | 000,017,408 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys
[2013/12/02 17.34.23 | 000,201,484 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\umss.sys
[2013/12/02 17.20.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\Innovative Solutions
[2013/12/02 17.20.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriverMax
[2013/12/02 17.20.56 | 000,000,000 | ---D | C] -- C:\Programmi\Innovative Solutions
[2013/12/02 17.09.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Documenti\mmm
[2013/12/02 11.36.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fdfd\Dati applicazioni\Malwarebytes
[2013/12/02 11.36.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2013/12/02 10.26.14 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java(2)
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/12/03 22.35.01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/03 22.10.04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\fdfd\Desktop\JRT.exe
[2013/12/03 22.07.45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fdfd\Desktop\OTL.exe
[2013/12/03 22.02.06 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/03 21.57.07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/03 21.43.03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/03 21.43.02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/03 21.32.35 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/03 21.02.30 | 001,042,516 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\1386100202.bdinstall.bin
[2013/12/03 21.02.11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/12/03 20.37.20 | 001,984,184 | ---- | M] () -- C:\Documents and Settings\fdfd\Desktop\cpu-z_1.67-en.zip
[2013/12/03 20.25.23 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/12/03 20.19.21 | 000,350,080 | ---- | M] (AVAST Software) -- C:\Documents and Settings\fdfd\Documenti\avastclear.exe
[2013/12/03 12.47.56 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/03 01.19.02 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/12/03 01.18.57 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/12/03 01.18.57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/12/03 01.18.57 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/12/03 01.18.57 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/12/03 00.49.39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/02 21.19.09 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\fdfd\Desktop\Google Chrome.lnk
[2013/12/02 20.43.44 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/02 20.43.44 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/02 20.43.44 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/02 20.43.44 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/02 20.43.44 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/02 20.43.44 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/02 20.43.44 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/02 20.43.44 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/12/02 20.43.43 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/02 20.43.43 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/02 20.40.17 | 000,001,238 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1326574676-1417001333-1003UA.job
[2013/12/02 20.40.16 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1326574676-1417001333-1003Core.job
[2013/12/02 20.40.15 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 20.40.15 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 20.37.48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/12/02 12.36.40 | 000,480,360 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2013/12/02 12.36.40 | 000,433,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/02 12.36.40 | 000,080,300 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2013/12/02 12.36.40 | 000,068,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/02 12.33.20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/07 11.59.15 | 000,607,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2).dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/03 21.32.27 | 000,000,356 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/03 21.02.30 | 001,042,516 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\1386100202.bdinstall.bin
[2013/12/03 21.02.11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/12/03 20.38.57 | 001,984,184 | ---- | C] () -- C:\Documents and Settings\fdfd\Desktop\cpu-z_1.67-en.zip
[2013/12/03 01.08.40 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Reader XI.lnk
[2013/12/03 00.54.33 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/03 00.49.39 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
[2013/12/03 00.49.39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/02 21.19.09 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\fdfd\Desktop\Google Chrome.lnk
[2013/12/02 20.44.08 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/02 20.43.50 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/02 20.43.49 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/02 17.34.23 | 000,018,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\umsspdr.pdr
[2013/02/13 20.27.58 | 000,029,916 | ---- | C] () -- C:\Programmi\EULA.ita
[2012/03/05 21.24.07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/11/13 14.08.10 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\fdfd\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/26 09.05.00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18.13.52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/03 21.30.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2013/12/03 21.08.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\bdch
[2013/07/14 08.41.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Chiavetta Internet
[2012/06/16 16.21.46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2013/07/14 08.41.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DatacardService
[2011/02/22 19.25.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2013/12/03 21.30.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2012/03/04 12.14.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2013/12/02 20.44.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fdfd\Dati applicazioni\AVAST Software
[2012/09/16 16.40.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fdfd\Dati applicazioni\Epson
[2013/12/02 20.27.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fdfd\Dati applicazioni\Uniblue

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/11/27 09.43.11 | 106,386,250 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�ㅺ和6
[2013/11/27 03.23.14 | 106,386,250 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�ㅺ和6
[2013/11/25 15.24.08 | 106,036,908 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㴝ᮝ和6
[2013/11/25 15.24.08 | 106,036,908 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㴝ᮝ和6
[2013/11/23 03.22.49 | 105,792,079 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\惧饻和6
[2013/11/23 03.22.49 | 105,792,079 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\惧饻和6
[2013/11/20 15.22.29 | 105,361,780 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\눼銚和6
[2013/11/20 15.22.29 | 105,361,780 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\눼銚和6
[2013/11/18 21.55.15 | 104,986,035 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\픾ꉇ和6
[2013/11/18 21.55.15 | 104,986,035 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\픾ꉇ和6
[2013/11/15 20.54.24 | 104,401,821 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\和6
[2013/11/15 15.52.45 | 104,401,821 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\和6
[2013/11/13 10.00.41 | 104,004,073 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\欬琥和6
[2013/11/13 10.00.41 | 104,004,073 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\欬琥和6
[2013/11/12 09.51.17 | 103,837,334 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�倪和6
[2013/11/12 09.51.17 | 103,837,334 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�倪和6
[2013/11/04 18.43.25 | 104,964,650 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�荢和6
[2013/11/04 18.43.25 | 104,964,650 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�荢和6
[2013/10/29 05.30.51 | 103,917,820 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\焒룰和6
[2013/10/29 05.30.51 | 103,917,820 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\焒룰和6
[2013/10/04 17.25.25 | 099,209,434 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\薬攚和6
[2013/10/04 17.25.25 | 099,209,434 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\薬攚和6
[2013/09/29 11.26.58 | 098,462,899 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\酊和6
[2013/09/29 11.26.58 | 098,462,899 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\酊和6
[2013/09/27 11.58.35 | 098,201,609 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\恒矫和6
[2013/09/27 11.25.41 | 098,201,609 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\恒矫和6
[2013/09/24 17.23.38 | 097,531,747 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\咁ᭅ和6
[2013/09/24 17.23.38 | 097,531,747 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\咁ᭅ和6
[2013/09/23 11.22.49 | 098,634,808 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㇂椟和6
[2013/09/23 11.22.49 | 098,634,808 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㇂椟和6
[2013/09/22 17.19.37 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\浟굔和6
[2013/09/22 17.19.37 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\浟굔和6
[2013/09/22 11.23.43 | 098,586,517 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꟃ姄和6
[2013/09/22 11.23.43 | 098,586,517 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꟃ姄和6
[2013/09/15 11.18.59 | 097,600,188 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�糸和6
[2013/09/15 11.18.59 | 097,600,188 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�糸和6

< End of report >

- - - Updated - - -

OTL Extras logfile created on: 03/12/2013 22.33.37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fdfd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,80 Mb Total Physical Memory | 321,52 Mb Available Physical Memory | 63,95% Memory free
1,94 Gb Paging File | 1,70 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 465,75 Gb Total Space | 451,82 Gb Free Space | 97,01% Space Free | Partition Type: NTFS
Drive E: | 3,80 Gb Total Space | 1,88 Gb Free Space | 49,58% Space Free | Partition Type: FAT32

Computer Name: 77-6FA7CE2C5B32 | User Name: fdfd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\Epson Software\Event Manager\EEventManager.exe" = C:\Programmi\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programmi\AVAST Software\Avast\AvastUI.exe" = C:\Programmi\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Free Antivirus -- (AVAST Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A84BB4-EDA1-33E8-A66A-0327EBD6D14E}" = Microsoft .NET Framework 2.0 Client Service Pack 2 - Language Pack (ITA)
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4074BFA4-3A0C-352F-BE9C-2561F6A7A623}" = Microsoft .NET Framework 3.5 Client Profile - Language Pack (ITA)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Italiano
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E5024994-2243-3ECD-BA32-BBB6382FC4CE}" = Microsoft .NET Framework 3.0 Client Profile - Language Pack (ITA)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Chiavetta Internet" = Chiavetta Internet
"C-Media Audio" = C-Media 3D Audio
"Defraggler" = Defraggler
"DMX5_is1" = DriverMax 7
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manuale
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Microsoft.Net.Client.3.5.LangPack.ita" = Microsoft .NET Framework Client Profile - Language Pack (italiano)
"Mozilla Firefox 25.0.1 (x86 it)" = Mozilla Firefox 25.0.1 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"Revo Uninstaller" = Revo Uninstaller 1.83
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome Frame" = Google Chrome Frame

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/12/2013 6.50.59 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore plugin-container.exe, versione
25.0.1.5064, modulo che ha provocato l'errore mozalloc.dll, versione 25.0.1.5064,
indirizzo errore 0x0000119c.

Error - 02/12/2013 5.12.50 | Computer Name = 77-6FA7CE2C5B32 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 02/12/2013 5.12.50 | Computer Name = 77-6FA7CE2C5B32 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 02/12/2013 7.33.44 | Computer Name = 77-6FA7CE2C5B32 | Source = Avira Antivirus | ID = 4117
Description =

Error - 02/12/2013 7.33.51 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avguard.exe, versione 13.6.20.2100,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x01302b17.

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3011
Description = Scaricamento delle stringhe dei contatori prestazioni per il servizio
WmiApRpl (WmiApRpl) non riuscito. Il codice di errore è il 1° DWORD nella sezione
dati.

Error - 02/12/2013 7.36.40 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.39.13 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avnotify.exe, versione 13.6.20.2100,
modulo che ha provocato l'errore avnotify.exe, versione 13.6.20.2100, indirizzo
errore 0x00001487.

[ System Events ]
Error - 02/12/2013 15.25.11 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet. OUC.

Error - 02/12/2013 15.25.11 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet. OUC non è stato avviato per il seguente
errore: %%1053

Error - 02/12/2013 15.29.12 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet. OUC.

Error - 02/12/2013 15.29.12 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet. OUC non è stato avviato per il seguente
errore: %%1053

Error - 02/12/2013 19.14.54 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.2 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 4.20.45 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.2 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 5.11.56 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.3 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 8.33.11 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio gupdatem con gli argomenti "/comsvc" per eseguire il server {9465B4B4-5216-4042-9A2C-754D3BCDC410}

Error - 03/12/2013 8.33.12 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio gupdate con gli argomenti "/comsvc" per eseguire il server {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 03/12/2013 15.24.19 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

- - - Updated - - -

Extras.Txt

- - - Updated - - -

Extras.Txt

Davide72 · 4 Dicembre 2013

il log extra non si è caricato correttamente, magari copia/incollalo nella prossima tisposta

alatriste80 · 4 Dicembre 2013

OTL Extras logfile created on: 03/12/2013 22.33.37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\fdfd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,80 Mb Total Physical Memory | 321,52 Mb Available Physical Memory | 63,95% Memory free
1,94 Gb Paging File | 1,70 Gb Available in Paging File | 87,56% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 465,75 Gb Total Space | 451,82 Gb Free Space | 97,01% Space Free | Partition Type: NTFS
Drive E: | 3,80 Gb Total Space | 1,88 Gb Free Space | 49,58% Space Free | Partition Type: FAT32

Computer Name: 77-6FA7CE2C5B32 | User Name: fdfd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe" = C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\Epson Software\Event Manager\EEventManager.exe" = C:\Programmi\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programmi\AVAST Software\Avast\AvastUI.exe" = C:\Programmi\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Free Antivirus -- (AVAST Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A84BB4-EDA1-33E8-A66A-0327EBD6D14E}" = Microsoft .NET Framework 2.0 Client Service Pack 2 - Language Pack (ITA)
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4074BFA4-3A0C-352F-BE9C-2561F6A7A623}" = Microsoft .NET Framework 3.5 Client Profile - Language Pack (ITA)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Italiano
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E5024994-2243-3ECD-BA32-BBB6382FC4CE}" = Microsoft .NET Framework 3.0 Client Profile - Language Pack (ITA)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Chiavetta Internet" = Chiavetta Internet
"C-Media Audio" = C-Media 3D Audio
"Defraggler" = Defraggler
"DMX5_is1" = DriverMax 7
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manuale
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Microsoft.Net.Client.3.5.LangPack.ita" = Microsoft .NET Framework Client Profile - Language Pack (italiano)
"Mozilla Firefox 25.0.1 (x86 it)" = Mozilla Firefox 25.0.1 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"Revo Uninstaller" = Revo Uninstaller 1.83
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1326574676-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome Frame" = Google Chrome Frame

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/12/2013 6.50.59 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore plugin-container.exe, versione
25.0.1.5064, modulo che ha provocato l'errore mozalloc.dll, versione 25.0.1.5064,
indirizzo errore 0x0000119c.

Error - 02/12/2013 5.12.50 | Computer Name = 77-6FA7CE2C5B32 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 02/12/2013 5.12.50 | Computer Name = 77-6FA7CE2C5B32 | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 02/12/2013 7.33.44 | Computer Name = 77-6FA7CE2C5B32 | Source = Avira Antivirus | ID = 4117
Description =

Error - 02/12/2013 7.33.51 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avguard.exe, versione 13.6.20.2100,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x01302b17.

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.36.36 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3011
Description = Scaricamento delle stringhe dei contatori prestazioni per il servizio
WmiApRpl (WmiApRpl) non riuscito. Il codice di errore è il 1° DWORD nella sezione
dati.

Error - 02/12/2013 7.36.40 | Computer Name = 77-6FA7CE2C5B32 | Source = LoadPerf | ID = 3001
Description =

Error - 02/12/2013 7.39.13 | Computer Name = 77-6FA7CE2C5B32 | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore avnotify.exe, versione 13.6.20.2100,
modulo che ha provocato l'errore avnotify.exe, versione 13.6.20.2100, indirizzo
errore 0x00001487.

[ System Events ]
Error - 02/12/2013 15.25.11 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet. OUC.

Error - 02/12/2013 15.25.11 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet. OUC non è stato avviato per il seguente
errore: %%1053

Error - 02/12/2013 15.29.12 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Chiavetta Internet. OUC.

Error - 02/12/2013 15.29.12 | Computer Name = 77-6FA7CE2C5B32 | Source = Service Control Manager | ID = 7000
Description = Il servizio Chiavetta Internet. OUC non è stato avviato per il seguente
errore: %%1053

Error - 02/12/2013 19.14.54 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.2 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 4.20.45 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.2 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 5.11.56 | Computer Name = 77-6FA7CE2C5B32 | Source = Dhcp | ID = 1002
Description = Il lease 192.168.0.3 dell'indirizzo IP della scheda di rete con indirizzo
00252277B8D5 è stato negato dal server DHCP 192.168.0.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 03/12/2013 8.33.11 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio gupdatem con gli argomenti "/comsvc" per eseguire il server {9465B4B4-5216-4042-9A2C-754D3BCDC410}

Error - 03/12/2013 8.33.12 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio gupdate con gli argomenti "/comsvc" per eseguire il server {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 03/12/2013 15.24.19 | Computer Name = 77-6FA7CE2C5B32 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

- - - Updated - - -

Ieri sera poi non c'ero riuscito ad incollarlo... mi si bloccava tutto... forse perché è lungo, boh...
non so perché i link non funzionino, ho fatto tutto come ha scritto R16.

Comunque... potete dirmi il responso, ma solo per la curiosità... :)
ormai il PC è stato riconsegnato al legittimo proprietario stamattina, con tanto di discorsetto! :D ;)

Vi dirò, sembrava funzionare a bomba. Avvio velocissimo, discreta navigazione... speriamo che duri per un po'.... :D

Davide72 · 5 Dicembre 2013

ogni tanto i link non funzionano, vuoi per l' antivirus che frena un pò (magari disattivalo al momento), vuoi per problemi al layout del sito , adblok, cookie vari ecc...comunque aspetta @R16 per sapere se tutto ok, anche se hai gia riconsegnato il pc;) ciao

alatriste80 · 6 Dicembre 2013

Davide72 ha detto:
ogni tanto i link non funzionano, vuoi per l' antivirus che frena un pò (magari disattivalo al momento), vuoi per problemi al layout del sito , adblok, cookie vari ecc...comunque aspetta @R16 per sapere se tutto ok, anche se hai gia riconsegnato il pc;) ciao

Ok, grazie! ;)

Oracolo R16, se ci sei batti un colpo! :D

Davide72 · 6 Dicembre 2013

invia un MP a R16

PROBLEMA Problema avvio XP, possibile malware

alatriste80

Nuovo Utente

Davide72

Ospite

alatriste80

Nuovo Utente

Davide72

Ospite

alatriste80

Nuovo Utente

Davide72

Ospite

alatriste80

Nuovo Utente

Davide72

Ospite