Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus ukash ransomware [Closed]

Started by maxperozzi , Apr 23 2014 12:21 AM

  • This topic is locked This topic is locked

#1
maxperozzi
Posted 23 April 2014 - 12:21 AM

maxperozzi

    New Member

  • Member
  • Pip
  • 1 posts

I have my computer infected by this virus.

After I used combofix, malwarebytes, tdskiller, the firewall is still out.

I have xp pro service pack 3.

I post otl.txt and extras.txt.

Thank you for your help.

 

Max

 

OTL logfile created on: 23/04/2014 7.46.04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\Gigino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,10% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programmi
Drive C: | 48,83 Gb Total Space | 28,53 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive D: | 27,48 Gb Total Space | 4,71 Gb Free Space | 17,15% Space Free | Partition Type: FAT32
 
Computer Name: ORG-CEFISGJM7KR | User Name: Gigino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Documents and Settings\Gigino\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Programmi\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - D:\Programmi\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - D:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - D:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - D:\Programmi\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\WINDOWS\system32\msdmo.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vadvapi32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vntdll.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vshell32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vmsvcrt.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vuser32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vuxtheme.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vcomctl32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vkernel32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vgdiplus.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vdwmapi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer9) -- D:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- D:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- D:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- D:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- D:\Programmi\File comuni\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (IDriverT) -- D:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhfrywjo) -- D:\WINDOWS\system32\drivers\xhfrywjo.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (ossrv) -- system32\drivers\ctoss2k.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RtkHDAud.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (gmcsersa) -- D:\WINDOWS\system32\drivers\gmcsersa.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- D:\DOCUME~1\Gigino\IMPOST~1\Temp\catchme.sys File not found
DRV - (WsAudio_Device(3) -- D:\WINDOWS\system32\drivers\VirtualAudio3.sys (Wondershare)
DRV - (WsAudio_Device(2) -- D:\WINDOWS\system32\drivers\VirtualAudio2.sys (Wondershare)
DRV - (WsAudio_Device(1) -- D:\WINDOWS\system32\drivers\VirtualAudio1.sys (Wondershare)
DRV - (cpuidlep) -- D:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (LVUVC) -- D:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- D:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (MPE) -- D:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- D:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- D:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- D:\WINDOWS\system32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)
DRV - (AsIO) -- D:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- D:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PfModNT) -- D:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (sfman) -- D:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- D:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- D:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 1B 04 FA 55 06 CF 01  [binary data]
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{215784F3-A78E-4D00-9B68-5F0FFF215A63}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{877CB1A2-1CE6-4995-A5B6-DB0ABC79700C}: "URL" = http://www.google.it...fca69c98b5d77d7
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Cerca..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B524B8EF8-C312-11DB-8039-536F56D89593%7D:4.39.0.0
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7Bc2921baa-9930-4d73-a203-f69db688f139%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62667
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programmi\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: D:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Programmi\Mozilla Firefox\plugins [2013/12/25 12.36.52 | 000,000,000 | ---D | M]
 
[2011/04/10 06.53.36 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Extensions
[2011/08/24 03.48.42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions
[2011/08/24 03.48.54 | 000,010,285 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi
[2012/08/19 11.01.14 | 000,050,279 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2012/08/23 16.10.00 | 000,042,336 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/08/23 16.34.58 | 000,003,714 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{c2921baa-9930-4d73-a203-f69db688f139}.xpi
[2013/12/23 03.36.12 | 000,714,654 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/12/25 12.36.52 | 000,000,000 | ---D | M] (No name found) -- D:\Programmi\Mozilla Firefox\extensions
[2013/12/25 12.36.54 | 000,000,000 | ---D | M] (No name found) -- D:\Programmi\Mozilla Firefox\browser\extensions
[2013/12/25 12.36.54 | 000,000,000 | ---D | M] (Default) -- D:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/01/04 01.41.32 | 000,000,779 | RHS- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] D:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartupDelayer] D:\Programmi\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] D:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] D:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\Gigino\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a html2pop3.lnk = D:\html2pop3249f\html2pop3.jar ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu =  [binary data]
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Accoda collegamento con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Accoda la pagina corrente con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Apri la pagina corrente con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Apri la pagina corrente con BID Link Explorer - D:\Programmi\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: Apri link con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidlink.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C131726F-8793-4068-8C0D-1309A3574C16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C131726F-8793-4068-8C0D-1309A3574C16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE40AA11-5A25-4BD4-9B4C-C276498D2B88}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (vistaui.exe) - D:\WINDOWS\System32\vistaui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/01/03 19.09.16 | 000,000,000 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2014/04/23 07.42.33 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Gigino\Desktop\OTL.exe
[2014/04/23 07.35.03 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/04/21 01.46.07 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2014/04/21 01.03.49 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/21 01.03.35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
[2014/04/21 01.03.19 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/21 01.03.19 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/04/21 01.03.19 | 000,000,000 | ---D | C] -- D:\Programmi\Malwarebytes Anti-Malware
[2014/04/21 00.45.08 | 000,000,000 | -HSD | C] -- D:\Recycled
[2014/04/21 00.17.26 | 000,000,000 | --SD | C] -- D:\ComboFix
[2014/04/21 00.17.21 | 000,000,000 | ---D | C] -- D:\Qoobox
[2014/04/21 00.09.10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
[2014/04/20 22.05.26 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Gigino\Recent
[2014/04/20 16.44.14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Gigino\Dati applicazioni\TeamViewer
[2014/04/20 16.44.07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Avvio\Programmi\TeamViewer 9
[2014/04/20 16.43.58 | 000,000,000 | ---D | C] -- D:\Programmi\TeamViewer
[2014/04/04 16.58.30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Gigino\Documenti\Nuova cartella
[2014/02/28 16.09.50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
[2014/02/28 16.03.52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\NVIDIA Corporation
[2014/02/28 16.03.22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrshe.dll
[2014/02/28 16.03.22 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsfr.dll
[2014/02/28 16.03.22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsit.dll
[2014/02/28 16.03.22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrses.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrspt.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsnl.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsja.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsesm.dll
[2014/02/28 16.03.22 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsru.dll
[2014/02/28 16.03.22 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsptb.dll
[2014/02/28 16.03.22 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsko.dll
[2014/02/28 16.03.22 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrshu.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrstr.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssl.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssk.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrspl.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsth.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssv.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsno.dll
[2014/02/28 16.03.22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsfi.dll
[2014/02/28 16.03.22 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrszhc.dll
[2014/02/28 16.03.22 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrszht.dll
[2014/02/28 16.03.21 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsar.dll
[2014/02/28 16.03.21 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsel.dll
[2014/02/28 16.03.21 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsde.dll
[2014/02/28 16.03.21 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsda.dll
[2014/02/28 16.03.21 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrseng.dll
[2014/02/28 16.03.21 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrscs.dll
[2014/02/28 16.03.21 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcolor.exe
[2014/02/28 16.03.20 | 015,517,472 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2014/02/28 16.03.19 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2014/02/28 16.03.16 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2014/02/28 16.01.54 | 019,189,760 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvoglnt.dll
[2014/02/28 16.01.54 | 007,536,640 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuda.dll
[2014/02/28 16.01.54 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2014/02/28 16.01.54 | 002,581,792 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvid.dll
[2014/02/28 16.01.54 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvenc.dll
[2014/02/28 16.01.54 | 001,010,464 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco32.dll
[2014/02/28 16.01.54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco32.dll
[2014/02/28 16.01.46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcompiler.dll
[2014/02/28 16.01.46 | 002,389,504 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvapi.dll
[2014/02/28 16.01.17 | 000,000,000 | ---D | C] -- D:\Programmi\NVIDIA Corporation
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2014/04/23 07.50.02 | 000,000,436 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{7BDB5661-0CA4-4032-85BA-EF1F5206B7B0}.job
[2014/04/23 07.49.30 | 000,000,398 | -H-- | M] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/23 07.49.00 | 000,000,358 | -H-- | M] () -- D:\WINDOWS\tasks\MpIdleTask.job
[2014/04/23 07.45.28 | 000,001,130 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/23 07.43.02 | 000,000,978 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/23 07.42.02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Gigino\Desktop\OTL.exe
[2014/04/23 07.39.06 | 000,001,126 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/23 07.39.02 | 000,000,262 | ---- | M] () -- D:\WINDOWS\tasks\Controllo volume.job
[2014/04/23 07.38.58 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2014/04/21 01.42.18 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2014/04/21 01.04.06 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/21 01.03.36 | 000,000,657 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/21 00.10.36 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\jlkodeyz.dat
[2014/04/21 00.10.02 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\peufxjif.dat
[2014/04/21 00.09.34 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\dvyqsfem.dat
[2014/04/20 21.38.14 | 000,147,608 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/19 19.00.54 | 000,000,578 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\INPS GIGINO.url
[2014/04/19 18.49.50 | 000,004,327 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\ilCiriaco.it » Quotidiano on line della provincia di Avellino (2).url
[2014/04/18 19.43.36 | 000,000,679 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Ottopagine.net - Quotidiano online.url
[2014/04/14 19.24.34 | 000,000,516 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\il Quaderno.url
[2014/04/09 17.08.58 | 000,002,517 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Microsoft Word.lnk
[2014/04/04 15.25.48 | 000,004,376 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Corriere della Sera.url
[2014/04/03 09.51.06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09.50.56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/04/01 17.36.52 | 000,000,259 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\L'Irpinia che vuole cambiare  Il blog di Romeo Castiglione.url
[2014/04/01 16.50.00 | 000,965,692 | ---- | M] () -- D:\Documents and Settings\All Users\Dati applicazioni\3mqbnzjhbn.bbr
[2014/03/23 19.20.08 | 000,000,220 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\La Repubblica.it - Homepage.url
[2014/03/21 20.06.42 | 000,002,241 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/03/21 19.57.20 | 000,001,550 | ---- | M] () -- D:\WINDOWS\System32\drivers\kmjmppes.dat
[2014/03/06 11.52.24 | 000,000,256 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Google Traduttore.url
[2014/03/01 21.52.04 | 000,520,652 | ---- | M] () -- D:\WINDOWS\System32\perfh010.dat
[2014/03/01 21.52.04 | 000,473,858 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2014/03/01 21.52.04 | 000,089,836 | ---- | M] () -- D:\WINDOWS\System32\perfc010.dat
[2014/03/01 21.52.04 | 000,076,744 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2014/03/01 10.42.18 | 009,961,472 | ---- | M] () -- D:\Documents and Settings\Gigino\ntuser.bak
[2014/02/28 16.02.36 | 001,072,544 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/28 16.02.36 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2014/02/28 16.02.22 | 001,072,544 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/28 16.02.22 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\nvdrswr.lk
[2014/02/28 15.52.58 | 000,001,984 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2014/02/28 15.47.04 | 000,000,010 | ---- | M] () -- D:\WINDOWS\WININIT.INI
[2014/02/24 15.05.00 | 000,000,835 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Panorama.url
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/21 01.03.35 | 000,000,657 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/21 00.10.34 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\jlkodeyz.dat
[2014/04/21 00.09.59 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\peufxjif.dat
[2014/04/21 00.09.32 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\dvyqsfem.dat
[2014/03/23 11.05.57 | 000,965,692 | ---- | C] () -- D:\Documents and Settings\All Users\Dati applicazioni\3mqbnzjhbn.bbr
[2014/03/21 19.57.17 | 000,001,550 | ---- | C] () -- D:\WINDOWS\System32\drivers\kmjmppes.dat
[2014/02/28 16.28.03 | 000,000,259 | ---- | C] () -- D:\Documents and Settings\Gigino\Desktop\L'Irpinia che vuole cambiare  Il blog di Romeo Castiglione.url
[2014/02/28 16.02.22 | 001,072,544 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/28 16.02.21 | 001,072,544 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/28 16.02.21 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2014/02/28 16.02.21 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\nvdrswr.lk
[2014/02/28 16.01.54 | 002,816,504 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2014/02/28 16.01.54 | 000,015,449 | ---- | C] () -- D:\WINDOWS\System32\nvinfo.pb
[2014/02/28 15.46.44 | 000,000,010 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2013/12/31 12.14.03 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2013/12/05 17.24.37 | 000,346,998 | ---- | C] () -- D:\Documents and Settings\Gigino\Carol.zip
[2013/12/05 17.24.37 | 000,031,186 | ---- | C] () -- D:\Documents and Settings\Gigino\R. Verdesca ed altri 001.jpg
[2013/10/28 18.24.04 | 000,149,483 | ---- | C] () -- D:\Documents and Settings\Gigino\attoACQ (1).pdf
[2013/10/22 17.07.29 | 005,646,336 | ---- | C] () -- D:\Documents and Settings\Gigino\17- Alfred+de+Musset-Venise.pps
[2013/09/29 20.07.20 | 006,777,344 | ---- | C] () -- D:\Documents and Settings\Gigino\Montenegro (fm K).pps
[2013/09/29 19.49.57 | 013,196,024 | ---- | C] () -- D:\Documents and Settings\Gigino\ADYA_GEISHA_-_CHERUBINOS_ARIA_Official_Video.flv
[2013/08/24 11.10.17 | 000,000,600 | ---- | C] () -- D:\Documents and Settings\Gigino\PUTTY.RND
[2013/08/22 13.56.22 | 000,134,042 | ---- | C] () -- D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2013/08/22 01.05.39 | 000,000,014 | ---- | C] () -- D:\WINDOWS\System32\SysInfo_Xinfire_Std.dll
[2013/08/20 10.06.45 | 000,065,536 | ---- | C] ( ) -- D:\WINDOWS\System32\a3d.dll
[2013/08/15 23.59.20 | 000,000,011 | ---- | C] () -- D:\WINDOWS\SBWIN.INI
[2013/08/15 23.59.18 | 001,048,576 | ---- | C] () -- D:\WINDOWS\System32\SFMAN.DAT
[2013/08/15 23.59.18 | 000,000,231 | ---- | C] () -- D:\WINDOWS\AC3API.INI
[2013/06/14 19.56.18 | 000,974,848 | ---- | C] () -- D:\WINDOWS\System32\cis-2.4.dll
[2013/06/14 19.56.18 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/06/14 19.56.18 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/06/14 19.56.18 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/01/11 09.31.16 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2013/01/10 20.03.41 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\Gigino\.rnd
[2013/01/06 16.45.37 | 000,008,184 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2013/01/03 18.32.24 | 000,001,152 | ---- | C] () -- D:\WINDOWS\System32\windrv.sys
[2013/01/03 13.39.01 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2013/01/03 13.39.01 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2013/01/03 13.39.01 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2013/01/03 13.39.01 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2013/01/03 13.39.01 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2013/01/02 15.29.54 | 009,961,472 | ---- | C] () -- D:\Documents and Settings\Gigino\ntuser.bak
[2012/12/30 05.31.53 | 000,000,076 | ---- | C] () -- D:\WINDOWS\FaceSwapper.ini
[2012/12/02 19.58.51 | 002,762,240 | ---- | C] () -- D:\Documents and Settings\Gigino\il camuffaggio in natura GB.pps
[2012/11/30 19.26.29 | 008,990,645 | ---- | C] () -- D:\Documents and Settings\Gigino\van1.wmv
[2012/11/30 19.26.29 | 001,450,496 | ---- | C] () -- D:\Documents and Settings\Gigino\Photos de paysages.pps
[2012/11/25 19.47.33 | 007,092,736 | ---- | C] () -- D:\Documents and Settings\Gigino\Canaux_du_monde (fm K).pps
[2012/11/25 19.47.32 | 003,930,624 | ---- | C] () -- D:\Documents and Settings\Gigino\Anna_Kostenko_Paintings_not_Photographs1.pps
[2012/09/29 01.11.42 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/08/19 00.58.40 | 000,000,026 | ---- | C] () -- D:\WINDOWS\iTouch.ini
[2012/08/17 04.21.22 | 000,001,984 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/08/15 15.42.00 | 000,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2012/08/15 15.41.59 | 000,012,664 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2012/08/15 15.40.48 | 000,017,241 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2012/08/15 12.14.30 | 000,004,484 | ---- | C] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys
[2012/08/14 19.21.45 | 000,000,516 | ---- | C] () -- D:\WINDOWS\System32\drivers\utphgqmx.dat
[2012/06/30 15.12.34 | 000,029,102 | ---- | C] () -- D:\Documents and Settings\Gigino\Menu Avvio.rar
[2011/09/02 14.22.18 | 000,000,470 | RHS- | C] () -- D:\Documents and Settings\Gigino\ntuser.pol
[2011/01/01 17.35.25 | 000,041,984 | ---- | C] () -- D:\Documents and Settings\Gigino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/04/22 18.54.24 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/01/01 17.45.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\UDL
[2011/03/05 18.30.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\IM
[2011/03/05 18.30.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
[2011/04/10 17.54.20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2011/08/15 23.55.36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Speed Soft
[2013/01/03 15.55.26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\HitmanPro
[2013/08/22 01.05.42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Xinfire
[2013/08/22 10.44.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Samsung
[2014/01/02 14.42.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Auslogics
[2014/01/05 21.55.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2014/01/08 17.40.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\r2 Studios
[2014/01/11 01.28.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Doctor Web
[2014/04/21 00.09.12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
[2011/01/01 23.24.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Styler
[2011/04/10 19.27.00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\URSoft
[2011/03/02 19.33.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Oplua
[2011/04/14 01.53.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\uTorrent
[2011/04/21 10.51.24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Anthropics
[2011/08/22 17.51.26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\EPSON
[2011/08/22 18.10.32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\XnView
[2011/08/25 16.18.52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\GetRightToGo
[2011/08/25 16.31.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Xentient
[2011/08/31 18.11.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\WinMacro
[2011/09/02 00.07.04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Morpheus Software
[2011/09/03 01.36.34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\FogelSoft
[2011/09/03 02.22.58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ChemTable Software
[2011/09/03 15.06.48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ViStart
[2012/08/17 04.56.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Oracle
[2012/08/17 19.48.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\HD Tune Pro
[2012/08/22 02.12.28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Shareaza
[2012/12/24 10.31.14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Orbit
[2012/12/24 10.33.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\GrabPro
[2012/12/24 10.33.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ProgSense
[2013/04/01 03.27.14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Wise Registry Cleaner
[2013/08/15 10.33.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\KoshyJohn.com
[2013/08/16 22.47.02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ZipGenius
[2013/08/18 00.48.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\BID
[2013/08/22 10.48.58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Samsung
[2013/09/14 11.54.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Printparade
[2013/12/26 17.57.04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\FLVPlayer4Free
[2013/12/30 23.01.36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Leadertech
[2014/01/02 14.57.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Auslogics
[2014/01/07 00.40.44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ElevatedDiagnostics
[2014/04/20 16.44.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\TeamViewer
[2014/01/05 16.45.22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dati applicazioni\Xentient
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/25 19.18.46 | 106,151,155 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䪑⻭唄6
[2013/11/25 19.18.44 | 106,151,155 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䪑⻭唄6
[2013/11/25 11.56.52 | 106,035,404 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\跀購唄6
[2013/11/25 11.56.51 | 106,035,404 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\跀購唄6
[2013/11/18 17.45.18 | 104,931,504 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\綛⊧唄6
[2013/11/18 17.45.17 | 104,931,504 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\綛⊧唄6
[2013/11/16 16.19.04 | 191,594,496 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\璆찝唄6
[2013/11/16 16.19.02 | 191,594,496 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\璆찝唄6
[2013/10/27 08.16.00 | 103,214,166 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\믔唄6
[2013/10/27 08.08.36 | 103,214,166 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\믔唄6
[2013/10/20 15.49.32 | 102,034,533 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\눯촛唄6
[2013/10/20 15.49.30 | 102,034,533 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\눯촛唄6
[2013/10/07 19.32.40 | 099,717,279 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䍕늓唄6
[2013/10/07 18.13.06 | 099,717,279 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䍕늓唄6
[2013/10/03 12.09.00 | 315,719,680 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\⣅⼑唄6
[2013/10/03 12.08.58 | 315,719,680 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\⣅⼑唄6

< End of report >

 

OTL Extras logfile created on: 23/04/2014 7.46.04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\Gigino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,10% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programmi
Drive C: | 48,83 Gb Total Space | 28,53 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive D: | 27,48 Gb Total Space | 4,71 Gb Free Space | 17,15% Space Free | Partition Type: FAT32
 
Computer Name: ORG-CEFISGJM7KR | User Name: Gigino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2F7E5F47-40EC-403E-844C-0874E07F5358}" = RealSpeak Solo per l'Italiano, Silvia
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97BE-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Aslogics BoostSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A82000000003}" = Adobe Reader 8.2.6 - Italiano
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = VAIOXP
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Software della webcam Logitech
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{EDAED426-FE30-482A-8AA7-87AD7642107F}" = Parser MSXML 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.21.0.0
"CCleaner" = CCleaner
"eMule" = eMule
"EPSON Printer and Utilities" = Software per stampante EPSON
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Guida utente" = ESDX6000_CX5900 Guida utente
"HotKeyz_is1" = HotKeyz 2.8.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versione 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 it)" = Mozilla Firefox 26.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7
"Speed TV Player_is1" = Speed TV Player 1.3.0.15
"Startup Delayer" = Startup Delayer v3.0 (build 359)
"TeamViewer 9" = TeamViewer 9
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Visual Task Tips" = Visual Task Tips 3.4
"VLC media player" = VLC media player 2.1.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xentient Thumbnails_is1" = Xentient Thumbnails v1.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/04/2014 18.43.18 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
 servizio Server  non verranno restituiti. Il codice di errore restituito si trova
 nella DWORD 0 dei dati.
 
Error - 20/04/2014 18.43.36 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 20/04/2014 18.53.55 | Computer Name = ORG-CEFISGJM7KR | Source = MsiInstaller | ID = 10005
Description = Prodotto: Microsoft Fix it 50981 -- Microsoft Fix it non valido per
 il sistema operativo o per la versione dell'applicazione in uso.
 
Error - 21/04/2014 13.31.59 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
 servizio Server  non verranno restituiti. Il codice di errore restituito si trova
 nella DWORD 0 dei dati.
 
Error - 21/04/2014 13.32.16 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 22/04/2014 3.11.36 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
 servizio Server  non verranno restituiti. Il codice di errore restituito si trova
 nella DWORD 0 dei dati.
 
Error - 22/04/2014 3.11.43 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 23/04/2014 1.20.36 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
 servizio Server  non verranno restituiti. Il codice di errore restituito si trova
 nella DWORD 0 dei dati.
 
Error - 23/04/2014 1.20.47 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 23/04/2014 1.39.34 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 23/04/2014 1.40.09 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.40.09 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.41.32 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.41.32 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.41.40 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti ""  per eseguire il server   {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
 
< End of report >

 

 


  • 0

Advertisements

#2
Machiavelli
Posted 25 April 2014 - 11:57 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello and Welcome on board maxperozzi :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Senior Team of the forum' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. 

 


After I used combofix, malwarebytes, tdskiller, the firewall is still out.

OK, I need to see all of the Logs.

1. ComboFix

The Log is located here: D:\combofix.txt. Please copy and paste the content of that textfile into your next reply.

2. TDSSKiller

The Log is located here: D:\TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please copy and paste the content of that textfile into your next reply.

3. Malwarebytes
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

  • 0

#3
Machiavelli
Posted 28 April 2014 - 07:48 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Are you still with me?
  • 0

#4
Essexboy
Posted 29 April 2014 - 08:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP