Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Ieri ho eliminato 2 virus ma ho ancora dei dubbi...
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 28 Gen 2014 00:12    Oggetto: Ieri ho eliminato 2 virus ma ho ancora dei dubbi... Rispondi citando
Ciao ragazzi,

ieri ho eliminato un paio di virus che mi ero preso ma non sono sicuro al 100% che sia tutto a posto, potete per cortesia aiutarmi per togliermi tutti i dubbi? Embarassed

Vi elenco i dati:
Sistema operativo: Windows 7
Programmi usati per le scansioni: Nod32 e Spyware Terminator

Ed ecco il log appena fatto con Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:15, on 27/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\dcmsvc\dcmsvc.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10609 bytes


Vedete qualche anomalia?
Grazie a tutti!
Ale Wink
Top
Profilo Invia messaggio privato
menatwork
Dio minore
Dio minore


Registrato: 07/10/11 16:58
Messaggi: 506
MessaggioInviato: 28 Gen 2014 00:22    Oggetto: Rispondi citando
ciao Ale88 facciamo una verifica piu' ''incisiva'' hijackthis oramai non da info come una volta

scarica farbar-recovery e mettilo sul desktop


Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

Avvialo e clicca su yes quando ti chiede di accettare le condizioni

Clicca su SCAN

Una volta terminata la scansione il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
Allegalo nella tua risposta
Top
Profilo Invia messaggio privato Yahoo MSN
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 28 Gen 2014 00:50    Oggetto: Rispondi citando
Ciao Menatwork, eccoti il log di Farbar Wink
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 28 Gen 2014 00:53    Oggetto: Rispondi citando
Aspetta, ho visto solo ora che quel log era salvato in un file di testo chiamato "Addition", ed è uscito pochi secondi dopo il primo, chiamato "FRST", suo log è:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Alex (administrator) on ALEX-PC on 27-01-2014 23:47:29
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe
() C:\Program Files (x86)\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV\TurboV.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2716216 2009-11-16] (ESET)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-24] (VIA)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [5507072 2009-09-10] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Turbo Key] - C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1870848 2009-09-10] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [dcmsvc] - C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2009-11-24] (AMD)
HKCU\...\Run: [Facebook Update] - C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-08] (Facebook Inc.)
MountPoints2: G - G:\Autoruns.exe /oem
MountPoints2: {614e23da-4cb3-11df-9feb-90e6babca254} - F:\autorun.exe
MountPoints2: {6543bdb9-fbf7-11df-8859-90e6babca254} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F19AB5EFBDFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
SearchScopes: HKCU - DefaultScope {403B2926-9467-4417-A04A-087983493025} URL = http://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKCU - {403B2926-9467-4417-A04A-087983493025} URL = http://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKCU - {CACC5FE0-735F-4A9A-B344-CDD1DB6BC193} URL = http://it.wikipedia.org/w/index.php?title=Speciale:Ricerca&search={searchTerms}
SearchScopes: HKCU - {FA79C20D-3B16-481C-9654-F6F00BF24CAF} URL = http://ricerca.virgilio.it/ricerca?qs={searchTerms}&f=ie8vs
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\..\Interfaces\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default
FF Homepage: hxxp://it.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\en-gb@flyingtophat.co.uk [2013-12-02]
FF Extension: Diccionario de Español/España - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\es-es@dictionaries.addons.mozilla.org [2013-07-21]
FF Extension: Dizionario italiano - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Webmail Ad Blocker - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\gmailnoads@mywebber.com.xpi [2013-03-23]
FF Extension: English (GB) Language Pack - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-01-12]
FF Extension: Español (España) Language Pack - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2014-01-12]
FF Extension: Italiano (IT) Language Pack - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\langpack-it@firefox.mozilla.org.xpi [2014-01-12]
FF Extension: New Tab Homepage - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012-03-11]
FF Extension: Linux Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0395s2e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-19]

==================== Services (Whitelisted) =================

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-11-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [735960 2009-11-16] (ESET)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-11-22] (Crawler.com)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2010-04-22] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [145336 2009-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123200 2009-12-18] (ESET)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-20] ()
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-12-11] (Windows (R) Win 7 DDK provider)
U3 a6jesl6o; C:\Windows\System32\Drivers\a6jesl6o.sys [0 ] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\Alex\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 23:47 - 2014-01-27 23:47 - 00017339 _____ C:\Users\Alex\Desktop\FRST.txt
2014-01-27 23:47 - 2014-01-27 23:47 - 00000000 ____D C:\FRST
2014-01-27 23:44 - 2014-01-27 23:44 - 00001790 _____ C:\Users\Alex\Desktop\Football Manager 2014.lnk
2014-01-27 23:32 - 2014-01-27 23:32 - 02079232 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-01-27 23:17 - 2014-01-27 23:17 - 00840945 _____ C:\Users\Alex\Desktop\Legend Killer v1.0.zip
2014-01-27 21:58 - 2014-01-27 23:04 - 00000000 ____D C:\Program Files\Hijackthis
2014-01-27 00:58 - 2014-01-27 00:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Chromium
2014-01-27 00:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-27 00:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-27 00:43 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-27 00:43 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-27 00:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-27 00:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-27 00:43 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-27 00:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-27 00:43 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-27 00:43 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-27 00:43 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-27 00:43 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-27 00:43 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-27 00:43 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-27 00:42 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-27 00:42 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-27 00:42 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-27 00:42 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-27 00:42 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-27 00:42 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-27 00:41 - 2014-01-27 00:43 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-26 15:39 - 2014-01-26 15:39 - 00070172 _____ C:\Users\Alex\Desktop\Extras.Txt
2014-01-26 15:38 - 2014-01-26 15:38 - 00129468 _____ C:\Users\Alex\Desktop\OTL.Txt
2014-01-26 15:12 - 2014-01-26 15:12 - 00602112 _____ (OldTimer Tools) C:\Users\Alex\Desktop\OTL.exe
2014-01-26 14:22 - 2011-12-14 09:58 - 17971121 _____ C:\Users\Alex\Desktop\Probably the most crazy man in the world.mp4
2014-01-21 11:13 - 2014-01-21 11:15 - 00000000 ____D C:\Users\Alex\Desktop\Passaporto
2014-01-21 01:16 - 2014-01-26 21:13 - 00000000 ____D C:\ProgramData\MxBody
2014-01-21 01:15 - 2014-01-21 01:15 - 00003055 _____ C:\Users\Alex\Desktop\MxBody.lnk
2014-01-21 01:15 - 2014-01-21 01:15 - 00003015 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MxBody.lnk
2014-01-21 01:15 - 2014-01-21 01:15 - 00000000 ____D C:\Program Files (x86)\MicheleVicario.Net
2014-01-19 19:23 - 2014-01-19 19:23 - 00001547 _____ C:\Users\Alex\Desktop\Windows Media Player.lnk
2014-01-19 15:32 - 2014-01-26 19:22 - 00000000 ____D C:\Users\Alex\Desktop\Palestra 2014
2014-01-15 21:36 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 21:36 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 21:36 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 21:36 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 21:35 - 2014-01-15 21:36 - 00005483 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 21:25 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 21:25 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 21:25 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 21:25 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:22 - 2014-01-27 21:30 - 00002083 _____ C:\Windows\setupact.log
2014-01-14 21:22 - 2014-01-14 21:22 - 00000000 _____ C:\Windows\setuperr.log
2014-01-09 21:41 - 2014-01-09 21:41 - 00000000 _____ C:\autoexec.bat
2014-01-09 21:36 - 2014-01-09 23:17 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-09 17:51 - 2014-01-14 21:55 - 00000000 ____D C:\Users\Alex\Desktop\MacBook Pro
2014-01-09 17:38 - 2014-01-27 21:31 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3101717049-741329037-2722209370-1000
2014-01-08 22:42 - 2014-01-08 22:42 - 00000000 ____D C:\Users\Alex\Desktop\SanDiskSecureAccess
2014-01-08 20:42 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-08 20:42 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-08 20:42 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-08 20:42 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-08 20:37 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-08 20:37 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-08 20:37 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-08 20:37 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-08 20:37 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-08 20:37 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-08 20:37 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-08 20:37 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-08 20:37 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-08 20:37 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-08 20:37 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-08 20:37 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-08 20:37 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-08 20:37 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-08 20:37 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-08 20:37 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-08 20:37 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-08 20:37 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-08 20:37 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-08 20:37 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-08 20:37 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-08 20:37 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-08 20:37 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-08 20:37 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-08 20:37 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-08 20:37 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-08 20:37 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-08 20:37 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-08 20:37 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-08 20:37 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-08 20:37 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-08 20:19 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-08 20:19 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-08 20:19 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-08 20:19 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-08 20:18 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-08 20:18 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-08 20:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-08 20:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-08 20:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-08 20:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-08 20:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-08 20:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-08 20:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-08 20:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-08 20:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-08 20:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-08 20:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-08 20:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-27 23:47 - 2014-01-27 23:47 - 00017339 _____ C:\Users\Alex\Desktop\FRST.txt
2014-01-27 23:47 - 2014-01-27 23:47 - 00000000 ____D C:\FRST
2014-01-27 23:44 - 2014-01-27 23:44 - 00001790 _____ C:\Users\Alex\Desktop\Football Manager 2014.lnk
2014-01-27 23:40 - 2010-04-17 10:13 - 00000177 ____H C:\dvmexp.idx
2014-01-27 23:36 - 2012-04-01 11:06 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 23:32 - 2014-01-27 23:32 - 02079232 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-01-27 23:27 - 2010-11-14 08:23 - 00000000 ____D C:\Program Files (x86)\Sports Interactive
2014-01-27 23:17 - 2014-01-27 23:17 - 00840945 _____ C:\Users\Alex\Desktop\Legend Killer v1.0.zip
2014-01-27 23:04 - 2014-01-27 21:58 - 00000000 ____D C:\Program Files\Hijackthis
2014-01-27 22:29 - 2010-04-22 21:06 - 00000000 ____D C:\Users\Alex\Documents\Sports Interactive
2014-01-27 22:07 - 2013-07-08 00:02 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3101717049-741329037-2722209370-1000UA.job
2014-01-27 21:38 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 21:38 - 2009-07-14 05:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 21:34 - 2010-04-16 18:33 - 01106844 _____ C:\Windows\WindowsUpdate.log
2014-01-27 21:31 - 2014-01-09 17:38 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3101717049-741329037-2722209370-1000
2014-01-27 21:31 - 2013-09-29 11:00 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3101717049-741329037-2722209370-1000
2014-01-27 21:31 - 2011-12-11 16:08 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-01-27 21:30 - 2014-01-14 21:22 - 00002083 _____ C:\Windows\setupact.log
2014-01-27 21:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 01:07 - 2013-07-08 00:02 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3101717049-741329037-2722209370-1000Core.job
2014-01-27 01:07 - 2010-11-13 10:26 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2014-01-27 00:58 - 2014-01-27 00:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Chromium
2014-01-27 00:43 - 2014-01-27 00:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-26 21:13 - 2014-01-21 01:16 - 00000000 ____D C:\ProgramData\MxBody
2014-01-26 19:22 - 2014-01-19 15:32 - 00000000 ____D C:\Users\Alex\Desktop\Palestra 2014
2014-01-26 15:39 - 2014-01-26 15:39 - 00070172 _____ C:\Users\Alex\Desktop\Extras.Txt
2014-01-26 15:38 - 2014-01-26 15:38 - 00129468 _____ C:\Users\Alex\Desktop\OTL.Txt
2014-01-26 15:12 - 2014-01-26 15:12 - 00602112 _____ (OldTimer Tools) C:\Users\Alex\Desktop\OTL.exe
2014-01-26 14:25 - 2009-07-14 11:53 - 00698554 _____ C:\Windows\system32\perfh010.dat
2014-01-26 14:25 - 2009-07-14 11:53 - 00127780 _____ C:\Windows\system32\perfc010.dat
2014-01-26 14:25 - 2009-07-14 06:13 - 01541618 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 14:22 - 2011-09-16 19:45 - 00006783 _____ C:\Windows\Autoruns.exe.log
2014-01-26 14:19 - 2011-09-16 19:23 - 00000000 ____D C:\Users\Alex\Desktop\chiavetta usb
2014-01-26 11:18 - 2010-04-16 18:33 - 00000000 ____D C:\Users\Alex
2014-01-25 23:24 - 2010-04-23 21:59 - 00000000 ____D C:\ProgramData\Apple
2014-01-23 23:10 - 2011-06-23 09:36 - 00001017 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 23:10 - 2010-04-19 22:12 - 00000000 ____D C:\Program Files (x86)\CCleaner
2014-01-21 11:15 - 2014-01-21 11:13 - 00000000 ____D C:\Users\Alex\Desktop\Passaporto
2014-01-21 01:15 - 2014-01-21 01:15 - 00003055 _____ C:\Users\Alex\Desktop\MxBody.lnk
2014-01-21 01:15 - 2014-01-21 01:15 - 00003015 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MxBody.lnk
2014-01-21 01:15 - 2014-01-21 01:15 - 00000000 ____D C:\Program Files (x86)\MicheleVicario.Net
2014-01-20 15:40 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:23 - 2014-01-19 19:23 - 00001547 _____ C:\Users\Alex\Desktop\Windows Media Player.lnk
2014-01-18 16:37 - 2010-04-23 21:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2014-01-18 16:35 - 2012-04-01 11:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 16:35 - 2012-04-01 11:06 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-18 16:35 - 2011-06-22 09:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 03:21 - 2009-07-14 05:45 - 00418640 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:03 - 2013-08-06 13:49 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:03 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2014-01-16 03:00 - 2010-04-19 21:47 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 01:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-15 21:48 - 2013-11-30 15:16 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 21:36 - 2014-01-15 21:35 - 00005483 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 21:36 - 2010-09-25 14:18 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-14 21:55 - 2014-01-09 17:51 - 00000000 ____D C:\Users\Alex\Desktop\MacBook Pro
2014-01-14 21:22 - 2014-01-14 21:22 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 19:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-13 13:43 - 2013-11-27 12:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-13 13:43 - 2013-03-24 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-09 23:17 - 2014-01-09 21:36 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2014-01-09 21:41 - 2014-01-09 21:41 - 00000000 _____ C:\autoexec.bat
2014-01-08 22:42 - 2014-01-08 22:42 - 00000000 ____D C:\Users\Alex\Desktop\SanDiskSecureAccess

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe


Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\nosteam.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 11:50

==================== End Of Log ============================
Top
Profilo Invia messaggio privato
menatwork
Dio minore
Dio minore


Registrato: 07/10/11 16:58
Messaggi: 506
MessaggioInviato: 28 Gen 2014 12:16    Oggetto: Rispondi citando
scarica questo file e mettilo sul desktop

chiudi tutti i programmi

ora avvia nuovamente FRST e clicca su FIX

al termine della scansione verra' rilasciato un file come fixlog.txt

Allegalo come il precedente

poi

scarica RogueKiller sul desktop
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita le pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, troverai il log sul desktop.
Allegalo nella tua prossima risposta
Top
Profilo Invia messaggio privato Yahoo MSN
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 29 Gen 2014 22:03    Oggetto: Rispondi citando
Citazione:
scarica questo file e mettilo sul desktop

chiudi tutti i programmi

ora avvia nuovamente FRST e clicca su FIX

al termine della scansione verra' rilasciato un file come fixlog.txt

Allegalo come il precedente

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02
Ran by Alex at 2014-01-29 21:00:05 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
R3 ALSysIO; \??\C:\Users\Alex\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\.exe
end



*****************

ALSysIO => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.
C:\Users\Public\invokesi.exe => Moved successfully.
C:\Users\Alex\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
"C:\Users\Alex\AppData\Local\Temp\.exe" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 29 Gen 2014 22:07    Oggetto: Rispondi citando
menatwork ha scritto:
poi

scarica RogueKiller sul desktop
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita le pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, troverai il log sul desktop.
Allegalo nella tua prossima risposta

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Scan -- Date : 01/29/2014 21:06:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[DNS][PUM] HKLM\[...]\CS001\[...]\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[DNS][PUM] HKLM\[...]\CS002\[...]\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 9043cf2d8dfaa81e5c61ece7b0c722b3
[BSP] 4077b65fd59044f4ba8f26ba118d808b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) MAXTOR STM3500320AS ATA Device +++++
--- User ---
[MBR] d63ed46697d46753790f2669ab4d7835
[BSP] 488984f41e78a4b5bd51de2077c0245a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01292014_210617.txt >>
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 29 Gen 2014 22:10    Oggetto: Rispondi citando
Ho anche un piccolo dubbio: io ho 2 hard-disk, C ed E, su E ho solamente alcuni files tipo film, musica etc, tutte le cartelle dei programmi sono in C: mi devo preoccupare solamente di C quindi?
E tutti questi log riguardano entrambi gli hard-disk o solamente C? Surprised

Ah, RogueKiller dice che ha trovato 6 elementi (c'è scritto che sono tipo PUM, tipo di chiave HJ POL e HJ DESK) e mi chiede se voglio cancellarli Surprised
Top
Profilo Invia messaggio privato
menatwork
Dio minore
Dio minore


Registrato: 07/10/11 16:58
Messaggi: 506
MessaggioInviato: 30 Gen 2014 12:30    Oggetto: Rispondi citando
dimmi se i DNS che segnala Roguekiller li riconosci


[DNS][PUM] HKLM\[...]\CCSet\[...]\{EE7ABE14-FC9D-4950-8315-BB98BDB1E5AF} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
Top
Profilo Invia messaggio privato Yahoo MSN
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 30 Gen 2014 16:00    Oggetto: Rispondi citando
Perdonami, non ho capito Embarassed
So solo che i DNS c'entrano qualcosa con internet ma non so altro, in che senso se li riconosco?
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 31 Gen 2014 19:22    Oggetto: Rispondi citando
Ciao.
Rifai la scansione con RogueKiller.
Quando ha finito clicca sulla tabella DNS e poi clicca "Ripara DNS".

Quando ha finito le riparazioni, rifai una nuova scansione con RogueKiller.
Finita la scansione clicca su "Report".
Postalo qui.

Per ultimo:
Fai questa scansione con OTL.
http://forum.zeusnews.com/viewtopic.php?t=51382

Per postare i log (TUTTI) segui queste indicazioni:
Collegati ad internet e vai alla pagina WikiSend:
link
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 01 Feb 2014 12:48    Oggetto: Rispondi citando
Ciao R16,

non mi è ben chiaro questo punto:
Citazione:
Rifai la scansione con RogueKiller.
Quando ha finito clicca sulla tabella DNS e poi clicca "Ripara DNS".


Nel senso che ho fatto come mi hai detto tu però una volta che sto per uscire dal programma mi dice che "Nessun elemento è stato cancellato. Vuoi veramente uscire?"
Ed in effetti i files che il programma vuole eliminare sono sotto la voce "registro", non "DNS" (non c'è niente sotto la voce DNS) Confused

Ti allego un'immagine:


Cosa faccio quindi? Proseguo come mi hai detto tuo oppure elimino questi files prima?
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 01 Feb 2014 14:37    Oggetto: Rispondi citando
Non posso dirti di eliminarli se non vedo a cosa si riferiscono.
Posta il log completo e poi sarò più preciso.
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 02 Feb 2014 12:36    Oggetto: Rispondi citando
Edit.
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 02 Feb 2014 13:08    Oggetto: Rispondi citando
R16 ha scritto:
Per postare i log (TUTTI) segui queste indicazioni:
Collegati ad internet e vai alla pagina WikiSend:
link
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Scusa, mi ero perso questo punto, carico i log Wink

RogueKiller: _S_02022014_113358.txt]RKreport[0]_S_02022014_113358.txt

OTL file "OTL: OTL.Txt

OTL file "Extras": Extras.Txt
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 02 Feb 2014 15:58    Oggetto: Rispondi citando
Le chiavi trovate da RogueKiller sono legittime, per cui non vanno eliminate.
Dimmi come funziona il pc, e quali problemi riscontri.
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 02 Feb 2014 16:14    Oggetto: Rispondi citando
Ok, le chiavi le lascio lì allora.

Problemi non ne ho, non mi pare che sia più lento e neanche si aprono finestre strane, il mio era solamente uno scrupolo perchè volevo essere certo al 100% che il pc fosse a posto, sai a volte l'antivirus non sempre scova tutto.

Quindi posso stare tranquillo, è tutto a posto?
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 02 Feb 2014 18:44    Oggetto: Rispondi citando
Disistalla Spyware Terminator (non serve a niente, se non a rallentare notevolmente il pc)

Cestina RogueKiller assiema alla cartella RK Quarantine.

Apri OTL e clicca su CleanUP.
Si disistallerà OTL.

Fai una pulizia con CCleaner . (registro compreso)

Sempre con CCleaner:
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".

N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.

Se il pc funziona bene abbiamo concluso.
Top
Profilo Invia messaggio privato
Ale88
Mortale devoto
Mortale devoto


Registrato: 27/01/14 22:53
Messaggi: 12
MessaggioInviato: 02 Feb 2014 19:02    Oggetto: Rispondi citando
Citazione:
Disistalla Spyware Terminator (non serve a niente, se non a rallentare notevolmente il pc)

Quindi che programma mi consigli per fare un check settimale deglu eventuali spyware e cose simili? Wink
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 02 Feb 2014 19:10    Oggetto: Rispondi
Malwarebytes:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Fai attenzione a non scaricare la versione Pro. (che è a pagamento)
Devi togliere la spunta sull'ultima schermata durante l'installazione, in cui ti chiede se vuoi provare la versione Pro.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi