(RISOLTO) Rimozione pagine pubblicitarie (GUIDA e SUPPORTO)

« Older Newer »

Aeon1972

Posted on 7/1/2015, 12:30

User deleted

ecco l'allegato otl che non avevo mandato prima

File Allegato

OTL.Txt
(Number of downloads: 66)

vicky67

Posted on 7/1/2015, 15:02

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

ciao Aeon1972
Scarica il file in allegato e copia interamente il contenuto nel box bianco di OTL.Clicca su RUN FIX.
Vai poi sul tuo browser e disinstalla componenti aggiuntivi e plugin che non conosci

File Allegato

fix.txt
(Number of downloads: 52)

Marco Giovannettone

Posted on 2/8/2015, 08:46

User deleted

ho scaricato Adwcleaner ma non c'è traccia del tasto delete. l'unico tasto attivo è analisi. l'ho cliccato. devo dire che dopo il riavvio chrome non mi ha aperto più pagine non richieste. potrei già aver risolto il problema?

vicky67

Posted on 2/8/2015, 14:17

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

Dopo la scansione(pulsante ANALISI) il tasto da premere è PULIZIA.Se non fai quella operazione non elimini niente.
Dato che nel log di FRST ho rilevato adware mi serve il log di adwcleaner per controllare se il programma lo ha eliminato altrimenti ti fornisco un fix manuale per la rimozione.

Francesco Consiglio

Posted on 19/3/2016, 01:11

Nuovo

Group: Member

Posts: 1

Status: Offline

allego il report di OTL

SPOILER (clicca per visualizzare)

OTL logfile created on: 19/03/2016 00:49:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorenzo\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1015,30 Mb Total Physical Memory | 101,36 Mb Available Physical Memory | 9,98% Memory free
2,21 Gb Paging File | 0,69 Gb Available in Paging File | 31,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 28,13 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Drive E: | 57,87 Gb Total Space | 42,27 Gb Free Space | 73,04% Space Free | Partition Type: FAT32

Computer Name: HPLORENZO | User Name: Lorenzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/03/19 00:47:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenzo\Downloads\OTL.exe
PRC - [2016/03/18 20:36:44 | 000,254,904 | ---- | M] () -- C:\Programmi\Reason\Security\Protection\rscp\bin\rscp_svc.exe
PRC - [2016/03/18 20:36:43 | 000,570,296 | ---- | M] () -- C:\Programmi\Reason\Security\Protection\rscp\bin\rscp_bg.exe
PRC - [2016/03/09 11:06:09 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2016/02/17 16:08:49 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) -- c:\Programmi\Microsoft Security Client\NisSrv.exe
PRC - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe
PRC - [2016/01/29 17:56:10 | 000,986,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Security Client\msseces.exe
PRC - [2016/01/22 06:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/06/18 13:55:10 | 001,034,584 | ---- | M] (Disc Soft Ltd) -- C:\Programmi\DAEMON Tools Lite\DiscSoftBusService.exe
PRC - [2015/05/05 14:00:44 | 000,354,064 | ---- | M] (Transaction Software, D 81829 Munich) -- C:\Programmi\Bosch\ESItronic 2.0\ESItronic\transbase\tbmux32.exe
PRC - [2015/03/13 12:10:26 | 005,529,880 | ---- | M] (Piriform Ltd) -- C:\Programmi\CCleaner\CCleaner.exe
PRC - [2014/10/21 15:02:43 | 000,352,256 | ---- | M] (FabulaTech, Inc.) -- C:\Windows\System32\ftsprsrv.exe
PRC - [2014/08/04 08:48:17 | 005,095,264 | ---- | M] (TeamViewer GmbH) -- C:\Programmi\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/25 03:57:32 | 000,211,456 | ---- | M] () -- C:\altera\13.0\quartus\bin\jtagserver.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 00:59:32 | 000,010,240 | ---- | M] (Olof Lagerkvist) -- C:\Windows\System32\imdsksvc.exe
PRC - [2011/09/20 13:51:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Bosch\DownloadManager\jre6\bin\javaw.exe
PRC - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/12/08 15:50:26 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/11/27 09:36:00 | 000,427,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/11/18 14:10:00 | 000,664,904 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/21 09:39:00 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/07/24 10:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (No Company Name) ==========

MOD - [2016/03/18 20:36:43 | 000,570,296 | ---- | M] () -- C:\Programmi\Reason\Security\Protection\rscp\bin\rscp_bg.exe
MOD - [2015/10/13 05:46:18 | 000,073,512 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2015/10/13 05:46:12 | 001,040,144 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2015/03/13 14:54:30 | 000,057,344 | ---- | M] () -- C:\Programmi\CCleaner\Lang\lang-1040.dll
MOD - [2014/12/05 12:07:06 | 000,036,864 | ---- | M] () -- C:\Windows\System32\xcd73532.dll
MOD - [2012/01/12 10:55:42 | 000,045,056 | ---- | M] () -- C:\Programmi\Bosch\DownloadManager\bin\HwID.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\RSUPPORT\MobizenService\MobizenService.exe -- (Mobizen plugin)
SRV - [2016/03/18 20:36:44 | 000,254,904 | ---- | M] () [Auto | Running] -- C:\Programmi\Reason\Security\Protection\rscp\bin\rscp_svc.exe -- (rscp)
SRV - [2016/03/11 14:36:51 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/03/09 11:06:07 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/02/08 21:28:58 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programmi\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programmi\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2015/12/24 15:39:24 | 000,082,680 | ---- | M] (Reason Software Company Inc.) [Auto | Stopped] -- C:\Programmi\Reason\Security\rsEngineSvc.exe -- (rsEngineSvc)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programmi\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/07/22 18:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/06/18 13:55:10 | 001,034,584 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Programmi\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/05/05 14:00:44 | 000,354,064 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Running] -- C:\Programmi\Bosch\ESItronic 2.0\ESItronic\transbase\tbmux32.exe -- (ESItronic 2.0 Database Service)
SRV - [2014/10/21 15:02:43 | 000,352,256 | ---- | M] (FabulaTech, Inc.) [Auto | Running] -- C:\Windows\System32\ftsprsrv.exe -- (ftsprsrv)
SRV - [2014/10/21 11:29:25 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2014/08/04 08:48:17 | 005,095,264 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programmi\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/25 03:57:32 | 000,211,456 | ---- | M] () [Auto | Running] -- C:\altera\13.0\quartus\bin\jtagserver.exe -- (JTAGServer)
SRV - [2012/11/02 00:59:32 | 000,010,240 | ---- | M] (Olof Lagerkvist) [Auto | Running] -- C:\Windows\System32\imdsksvc.exe -- (ImDskSvc)
SRV - [2010/11/20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/10/21 09:39:00 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - [2015/12/03 14:34:27 | 000,032,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2015/11/13 08:50:26 | 000,104,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2015/09/11 19:19:34 | 000,025,016 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV - [2014/10/21 15:02:43 | 000,036,608 | ---- | M] (FabulaTech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftvspr.sys -- (ftvspr)
DRV - [2014/10/21 15:02:43 | 000,035,552 | ---- | M] (FabulaTech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vportbus.sys -- (vportbus)
DRV - [2012/11/02 13:58:20 | 000,034,448 | ---- | M] (Olof Lagerkvist) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\imdisk.sys -- (ImDisk)
DRV - [2012/11/02 00:59:39 | 000,017,920 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\awealloc.sys -- (AWEAlloc)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/09/24 16:54:00 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/09/14 13:29:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/05 11:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009/06/19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www.msn.com/it-it/?ocid=iehp
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 3C E3 22 20 EA CF 01 [binary data]
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://stopblock.me/wpad.dat?8e5d73daa6b74...1151b3a62a69326

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "IT"
FF - prefs.js..browser.search.region: "IT"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 45.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 45.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/10/18 09:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Extensions
[2016/03/10 12:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Firefox\Profiles\670qyysl.default-1455650130977\extensions
[2016/03/10 12:09:28 | 000,369,917 | ---- | M] () (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\670qyysl.default-1455650130977\extensions\[email protected]
[2016/03/02 01:02:37 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\670qyysl.default-1455650130977\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/03/02 17:04:58 | 000,002,356 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\670qyysl.default-1455650130977\searchplugins\extratorrentcom-torrent-search.xml
[2016/03/09 11:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafaiapjnboakngjebdcgbaabglhjego\1.1_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm\1.0.6.4_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai\1.3.5_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.8.6_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.8.7_0\
CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016/03/18 20:36:46 | 000,002,024 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 11 more lines...
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartDDM] C:\Programmi\Bosch\DownloadManager\bin\runDDM.exe (Robert Bosch GmbH)
O4 - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000..\Run: [DAEMON Tools Lite Automount] C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000..\Run: [MurGee.com Auto Clicker] C:\Users\Lorenzo\AppData\Roaming\Auto Clicker\AutoClicker.exe (MurGee.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-1107179894-2621592132-2220281415-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D419A3-FDEC-458B-AE15-D4118691FB4E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D419A3-FDEC-458B-AE15-D4118691FB4E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFAF9F0B-4318-4DF3-9CD9-9977AF2ED189}: DhcpNameServer = 192.168.1.202 192.168.1.204
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d3a21c1-a56f-11e5-bcb6-0022644d2ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d3a21c1-a56f-11e5-bcb6-0022644d2ed7}\Shell\AutoRun\command - "" = F:\TicToc.exe
O33 - MountPoints2\{8cfd9a44-5c74-11e5-9636-0022644d2ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{8cfd9a44-5c74-11e5-9636-0022644d2ed7}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/03/18 20:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Reason
[2016/03/18 20:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
[2016/03/18 20:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reason
[2016/03/09 12:02:32 | 002,387,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016/03/09 12:02:29 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2016/03/09 12:02:22 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2016/03/09 12:02:21 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2016/03/09 12:02:15 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2016/03/09 12:02:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016/03/09 12:02:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2016/03/09 12:02:11 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2016/03/09 12:02:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2016/03/09 12:02:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016/03/09 12:02:07 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016/03/09 12:02:06 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016/03/09 12:02:06 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016/03/09 12:02:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016/03/09 12:01:35 | 002,956,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2016/03/09 12:01:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2016/03/09 12:01:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2016/03/09 12:01:35 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2016/03/09 12:01:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2016/03/09 12:01:34 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2016/03/09 12:01:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2016/03/09 12:01:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2016/03/09 12:01:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2016/03/09 12:01:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2016/03/09 12:01:16 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016/03/09 12:01:15 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016/03/09 12:01:14 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016/03/09 12:01:13 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016/03/09 12:01:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016/03/09 12:01:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016/03/09 12:01:10 | 000,341,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016/03/09 12:01:09 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016/03/09 12:01:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016/03/09 12:01:08 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016/03/09 12:01:07 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016/03/09 12:01:07 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016/03/09 12:01:07 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016/03/09 12:01:06 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016/03/09 12:01:06 | 000,687,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016/03/09 12:01:04 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016/03/09 12:01:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016/03/09 12:01:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016/03/09 12:01:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016/03/09 12:00:59 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016/03/09 12:00:57 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016/03/09 12:00:54 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016/03/09 12:00:51 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016/03/09 12:00:50 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016/03/09 12:00:44 | 004,611,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2016/03/09 11:59:25 | 001,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2016/03/09 11:59:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2016/03/09 11:59:24 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2016/03/09 11:59:24 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2016/03/09 11:59:24 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2016/03/09 11:59:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2016/03/09 11:59:23 | 000,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2016/03/09 11:59:20 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2016/03/09 11:59:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2016/03/09 11:59:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2016/03/09 11:59:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2016/03/09 11:59:17 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucrtbase.dll
[2016/03/09 11:59:17 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 11:59:17 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 11:59:17 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 11:59:17 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 11:59:17 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 11:59:17 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 11:59:16 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 11:59:16 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 11:59:16 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 11:59:16 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 11:59:16 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 11:59:16 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 11:59:16 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 11:59:16 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 11:59:16 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 11:59:15 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 11:59:15 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 11:59:15 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 11:59:15 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 11:59:15 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 11:59:15 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 11:59:15 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 11:59:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2016/03/09 11:59:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2016/03/09 11:59:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2016/03/09 11:58:57 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2016/02/29 17:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
[2016/02/29 17:30:35 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Auto Clicker
[2016/02/29 17:23:13 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\TeamViewer
[2016/02/29 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AirDroid
[2016/02/29 14:48:51 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\Documents\AirDroid
[2016/02/29 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
[2016/02/29 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2016/02/29 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\.android
[2016/02/29 14:14:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Rsupport
[2016/02/29 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Rsupport
[2016/02/29 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\Documents\Mobizen
[2016/02/29 14:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\RSUPPORT
[2016/02/26 11:09:17 | 000,000,000 | ---D | C] -- C:\Windows\Temp8C3EF4C9-B88E-A155-B208-02A019787E84-Signatures
[2016/02/23 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Deployment
[2016/02/23 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Apps
[1 C:\Users\Lorenzo\*.tmp files -> C:\Users\Lorenzo\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/03/19 00:57:21 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/03/19 00:35:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/03/18 20:52:46 | 000,741,636 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2016/03/18 20:52:46 | 000,654,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/03/18 20:52:46 | 000,147,658 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2016/03/18 20:52:46 | 000,122,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/03/18 20:31:49 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Reason Core Security.lnk
[2016/03/18 19:46:38 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/03/18 19:46:38 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/03/18 19:40:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/03/18 16:08:49 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/03/15 12:23:32 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/03/11 14:36:50 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/03/11 14:36:49 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2016/03/11 12:21:42 | 000,000,754 | ---- | M] () -- C:\Windows\ESIDATA.ini
[2016/03/11 12:19:02 | 000,421,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2016/03/11 12:17:48 | 798,466,048 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/09 11:06:31 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2016/03/02 00:56:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/02/29 14:43:51 | 000,002,267 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Avvio applicazioni di Chrome.lnk
[2016/02/29 09:47:43 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2016/02/19 19:50:25 | 000,034,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2016/02/19 19:41:49 | 000,958,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2016/02/19 15:07:31 | 001,206,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[1 C:\Users\Lorenzo\*.tmp files -> C:\Users\Lorenzo\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/03/18 20:31:49 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Reason Core Security.lnk
[2016/03/09 11:06:31 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2016/03/02 00:56:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/03/02 00:56:46 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2016/02/29 14:43:51 | 000,002,267 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Avvio applicazioni di Chrome.lnk
[2016/02/23 15:55:28 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2016/02/23 15:55:28 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/02/23 15:52:30 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/02/23 15:52:28 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/02/16 18:41:03 | 000,024,688 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2015/12/03 12:37:37 | 000,032,384 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2015/09/23 09:52:24 | 000,000,016 | -H-- | C] () -- C:\Users\Lorenzo\hsKfLshPLQ9
[2015/09/17 15:54:39 | 000,000,035 | ---- | C] () -- C:\Users\Lorenzo\quartus2.ini
[2015/09/15 22:19:28 | 000,000,000 | ---- | C] () -- C:\Users\Lorenzo\qms-bmh3.bmp
[2015/09/15 22:19:28 | 000,000,000 | ---- | C] () -- C:\Users\Lorenzo\qms-bmh2.bmp
[2015/09/15 22:19:28 | 000,000,000 | ---- | C] () -- C:\Users\Lorenzo\qms-bmh1.bmp
[2015/09/15 22:15:21 | 000,000,016 | -H-- | C] () -- C:\Users\Lorenzo\axVgnCZ1Qjb
[2015/09/15 18:52:39 | 000,038,885 | ---- | C] () -- C:\Users\Lorenzo\quartus2.qreg
[2014/11/04 17:46:33 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/21 15:02:43 | 000,008,704 | ---- | C] ( ) -- C:\Windows\System32\sprapi.dll
[2014/10/21 15:02:43 | 000,004,608 | ---- | C] ( ) -- C:\Windows\System32\axsprapi.dll
[2014/10/21 11:29:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2014/10/19 05:34:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2014/10/17 16:07:17 | 000,012,800 | ---- | C] () -- C:\Windows\System32\PWUtility.dll
[2014/10/17 16:07:17 | 000,007,168 | ---- | C] () -- C:\Windows\System32\dtctrace.dll
[2014/10/17 16:07:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xcd73532.dll
[2014/10/17 16:06:40 | 000,487,424 | ---- | C] () -- C:\Windows\esi_kl02.dat
[2014/10/17 16:06:33 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2014/10/17 16:06:33 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2014/10/17 16:05:15 | 000,000,754 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2014/10/17 15:50:20 | 000,005,336 | ---- | C] () -- C:\Windows\RbSystem.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 07:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015/11/06 23:18:35 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Burraconline
[2015/09/11 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\DAEMON Tools Lite
[2015/12/18 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Dev-Cpp
[2016/02/29 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Rsupport
[2016/02/29 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\TeamViewer
[2016/03/18 11:58:10 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\uTorrent
[2016/02/23 15:07:54 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\VisualSubSync

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\Lorenzo\Desktop\Immagine.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

ProfumoDiZolfo

Posted on 8/1/2017, 15:32

Nuovo

Group: Member

Posts: 7

Status: Offline

Questo è il log dopo aver eseguito il passo 1.

File Allegato

AdwCleaner_C0_.txt
(Number of downloads: 10)

ProfumoDiZolfo

Posted on 8/1/2017, 15:47

Nuovo

Group: Member

Posts: 7

Status: Offline

Ed i due file dopo il punto 2.

File Allegato

Addition.txt
(Number of downloads: 15)

ProfumoDiZolfo

Posted on 8/1/2017, 15:50

Nuovo

Group: Member

Posts: 7

Status: Offline

E le pagine compaiono ancora anche se bloccate da Malwarebytes.

File Allegato

FRST.txt
(Number of downloads: 55)

ProfumoDiZolfo

Posted on 8/1/2017, 18:47

Nuovo

Group: Member

Posts: 7

Status: Offline

Seguendo i passaggi con OTL credo di aver risolto il problema.
La domanda ora è:
poiché i siti di streaming continuerò ad usarli ed alcuni prevederanno sempre la sospensione di Adblock, come posso prevenirlo?
Tenendo conto che il Malwarebyte scadrà ed utilizzo Avast come antivirus?

Grazie per il supporto.

vicky67

Posted on 8/1/2017, 19:07

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

OTL non elimina nulla e le infezioni sono presenti ancora nel pc

vicky67

Posted on 8/1/2017, 19:13

Master Malware Expert

Group: Administrator

Posts: 4,519

Location: Poggio Mirteto(RI)

Status: Anonymous

Rimuovi:
Amazon 1Button App
Lyoness Browser

Poi esegui il fix che ti ho allegato mettendolo nella stessa posizione dove hai FRST,riavvia FRST e clicca sul pulsante FIX

Per prevenirlo devi solo stare attento ai siti che distribuiscono spam

File Allegato

fixlist.txt
(Number of downloads: 12)

ProfumoDiZolfo

Posted on 17/1/2017, 10:02

Nuovo