www.MegaLab.it

[stevens]

riesegui roguekiller, quando finisce la scansione lascia la spunta a queste voci in rosso e togli tutte le altre spunte devono rimanere selezionate solo le voci in rosso


[V2][ROGUE ST] 4778 : wscript.exe - C:\Users\XXX\AppData\Local\Temp\launchie.vbs //B -> Trovato
[V2][ROGUE ST] Plus-HD-2.2-firefoxinstaller : C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe - /installxpi /agentregpath='Plus-HD-2.2' /extensionfilepath='C:\Program Files (x86)\Plus-HD-2.2\33036.xpi' /appid=33036 /srcid='000126' /subid='0' /zdata='0' /bic=37F1D696F2B0429AABF867CC5379368AIE /verifier=154b7d064ebd07672aac44535a2d0b90 /installerversion=1_27_153 /installerfullversion=1.27.153.6 /installationtime=1373841972 /statsdomain=hxxp://stats.myserverstat.com /errorsdomain=hxxp://errors.myserverstat.com /waitforbrowser=300 /extensionid=4fdacf00-e9c4-4ad5-b4cf-bf ... a102a9.com /extensionversion=0.91 /prefsbranch=a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33036.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> Trovato


Clicca su "Delete".
Finita l'eliminazione clicca su "Report".
Postalo qui nel forum

[Pancrazio]

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : XXX [Admin rights]
Mode : Remove -- Date : 12/05/2013 12:40:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NON SELEZIONATO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NON SELEZIONATO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NON SELEZIONATO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> NON SELEZIONATO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NON SELEZIONATO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NON SELEZIONATO

¤¤¤ Le attività pianificate : 2 ¤¤¤
[V2][ROGUE ST] 4778 : wscript.exe - C:\Users\XXX\AppData\Local\Temp\launchie.vbs //B -> Cancellato
[V2][ROGUE ST] Plus-HD-2.2-firefoxinstaller : C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe - /installxpi /agentregpath='Plus-HD-2.2' /extensionfilepath='C:\Program Files (x86)\Plus-HD-2.2\33036.xpi' /appid=33036 /srcid='000126' /subid='0' /zdata='0' /bic=37F1D696F2B0429AABF867CC5379368AIE /verifier=154b7d064ebd07672aac44535a2d0b90 /installerversion=1_27_153 /installerfullversion=1.27.153.6 /installationtime=1373841972 /statsdomain=hxxp://stats.myserverstat.com /errorsdomain=hxxp://errors.myserverstat.com /waitforbrowser=300 /extensionid=4fdacf00-e9c4-4ad5-b4cf-bf ... a102a9.com /extensionversion=0.91 /prefsbranch=a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33036.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> Cancellato

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
%SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] e46c10d441063b6b0eb1d2b30684b480
[BSP] 15cb3de73ea06e52aa242339fb0c3167 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238456 Mo
1 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 488359936 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD5001AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] e2cd4087aa4fae86f93467a1cb4cecb2
[BSP] 557f5765d6157bab9ce117296c0ce44e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12052013_124048.txt >>
RKreport[0]_S_12052013_114009.txt;RKreport[0]_S_12052013_123117.txt

[stevens]

devi mettere la spunta SOLO A QUELLE IN ROSSO qui te l'ho segnato in grassetto, sono quelle due voci accanto a [V2][ROGUE ST le altre spunte TOGLILE


[V2][ROGUE ST] 4778 : wscript.exe - C:\Users\XXX\AppData\Local\Temp\launchie.vbs //B -> Trovato
[V2][ROGUE ST] Plus-HD-2.2-firefoxinstaller : C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe - /installxpi /agentregpath='Plus-HD-2.2' /extensionfilepath='C:\Program Files (x86)\Plus-HD-2.2\33036.xpi' /appid=33036 /srcid='000126' /subid='0' /zdata='0' /bic=37F1D696F2B0429AABF867CC5379368AIE /verifier=154b7d064ebd07672aac44535a2d0b90 /installerversion=1_27_153 /installerfullversion=1.27.153.6 /installationtime=1373841972 /statsdomain=hxxp://stats.myserverstat.com /errorsdomain=hxxp://errors.myserverstat.com /waitforbrowser=300 /extensionid=4fdacf00-e9c4-4ad5-b4cf-bf ... a102a9.com /extensionversion=0.91 /prefsbranch=a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/33036.rdf /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x][x][x] -> Trovato

[Pancrazio]

Lo so che non centra nulla con l'argomento ma sul mio task manager è apparso un programma che non ho mai visto e che si chiama 'Ielowutil.exe'. Che cos'è e potrebbe centrare con questa storia? E su un mio disco rigido è apparso un file denominato 'bootsqm'.

[stevens]

sembra un'infezione

per ora disinstalla firefox e reinstallalo pulito dal sito ufficiale , riavvia il pc e controlla se hai ancora quel rilevamento

disattiva il ripristino e lascialo disattivato fino a quando non avremo terminato

[Pancrazio]

sembra un'infezione

per ora disinstalla firefox e reinstallalo pulito dal sito ufficiale , riavvia il pc e controlla se hai ancora quel rilevamento

disattiva il ripristino e lascialo disattivato fino a quando non avremo terminato

Ma io non ho installato Firefox su questo computer!

[stevens]

scusa ho sbagliato

vai nelle pannello di controllo / nelle installazioni e vedi se hai Plus-HD-2.2 rimuovilo anche da li'

[Pancrazio]

scusa ho sbagliato

vai nelle pannello di controllo / nelle installazioni e vedi se hai Plus-HD-2.2 rimuovilo anche da li'

Non fa niente ma comunque non c'è.

[stevens]

disattiva il ripristino poi riavvia il pc e dimmi se hai ancora quel problema, dopo vediamo di eliminare altre eventuali infezioni

[Pancrazio]

disattiva il ripristino poi riavvia il pc e dimmi se hai ancora quel problema, dopo vediamo di eliminare altre eventuali infezioni

Scusa la mia ignoranza ma come si disattiva?

[stevens]

http://windows.microsoft.com/it-it/wind ... -on-or-off

[Pancrazio]

disattiva il ripristino poi riavvia il pc e dimmi se hai ancora quel problema, dopo vediamo di eliminare altre eventuali infezioni

Ho riavviato il computer(il ripristino era già disattivato)ma il problema persiste... .

[stevens]

riesegui rogue killer come prima, stesse indicazioni e fammi anche una scansione con otl

ScaricaOTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,

[Pancrazio]

http://wikisend.com/download/680238/OTL.Txt
http://wikisend.com/download/497920/Extras.Txt

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : XXX [Admin rights]
Mode : Scan -- Date : 12/05/2013 13:42:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> Trovato
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> Trovato
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
%SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] e46c10d441063b6b0eb1d2b30684b480
[BSP] 15cb3de73ea06e52aa242339fb0c3167 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238456 Mo
1 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 488359936 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD5001AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] e2cd4087aa4fae86f93467a1cb4cecb2
[BSP] 557f5765d6157bab9ce117296c0ce44e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12052013_134227.txt >>

[stevens]

adesso apri otl e copia /incolla questo codice poi clicca sul pulsante run fix e allega il log che otterrai quando sara' finita la scansione

Codice: Seleziona tutto

:OTL
IE - HKU\S-1-5-21-3921747392-2553898906-1385633397-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60446
IE - HKU\S-1-5-21-3921747392-2553898906-1385633397-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DEDAF650-12B8-48f5-A843-BBA100716106}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll File not found
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
[2013/03/06 00:50:37 | 000,000,176 | ---- | C] () -- C:\ProgramData\-CGArUgsuXIlier
[2013/03/06 00:50:37 | 000,000,176 | ---- | C] () -- C:\ProgramData\-CGArUgsuXIlie
[2013/07/15 11:33:54 | 000,000,000 | ---D | M] -- C:\Users\Adolfo\AppData\Roaming\Giywol
[2013/11/01 11:15:15 | 104,493,738 | ---- | M] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\錧�¡
[2013/11/01 11:15:15 | 104,493,738 | ---- | C] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\錧�¡
[2013/10/30 10:23:30 | 104,098,187 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔲东D
[2013/10/30 10:23:30 | 104,098,187 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔲东D
[2013/10/21 17:33:09 | 102,171,793 | ---- | M] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\ꁛ5
[2013/10/21 17:33:09 | 102,171,793 | ---- | C] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\ꁛ5
[2013/10/19 13:14:53 | 101,916,422 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\遲뮊ž
[2013/10/19 13:14:53 | 101,916,422 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\遲뮊ž
[2013/10/06 10:11:41 | 099,399,748 | ---- | M] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\ꦪ뫽=
[2013/10/06 10:11:41 | 099,399,748 | ---- | C] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\ꦪ뫽=
[2013/10/02 11:27:27 | 098,743,819 | ---- | M] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\꥘셗A
[2013/10/02 11:27:27 | 098,743,819 | ---- | C] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\꥘셗A
[2013/10/01 17:25:58 | 098,609,570 | ---- | M] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\�ᄹH
[2013/10/01 17:25:58 | 098,609,570 | ---- | C] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\�ᄹH
[2013/09/11 11:19:02 | 097,080,355 | ---- | M] ()(C:\Windows\SysWow64\?e?G) -- C:\Windows\SysWow64\εG
[2013/09/11 11:19:02 | 097,080,355 | ---- | C] ()(C:\Windows\SysWow64\?e?G) -- C:\Windows\SysWow64\εG
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD


:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
[Reboot]


[Pancrazio]

adesso apri otl e copia /incolla questo codice poi clicca sul pulsante run fix e allega il log che otterrai quando sara' finita la scansione

Codice: Seleziona tutto

:OTL
IE - HKU\S-1-5-21-3921747392-2553898906-1385633397-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60446
IE - HKU\S-1-5-21-3921747392-2553898906-1385633397-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DEDAF650-12B8-48f5-A843-BBA100716106}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll File not found
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
[2013/03/06 00:50:37 | 000,000,176 | ---- | C] () -- C:\ProgramData\-CGArUgsuXIlier
[2013/03/06 00:50:37 | 000,000,176 | ---- | C] () -- C:\ProgramData\-CGArUgsuXIlie
[2013/07/15 11:33:54 | 000,000,000 | ---D | M] -- C:\Users\Adolfo\AppData\Roaming\Giywol
[2013/11/01 11:15:15 | 104,493,738 | ---- | M] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\錧�¡
[2013/11/01 11:15:15 | 104,493,738 | ---- | C] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\錧�¡
[2013/10/30 10:23:30 | 104,098,187 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔲东D
[2013/10/30 10:23:30 | 104,098,187 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔲东D
[2013/10/21 17:33:09 | 102,171,793 | ---- | M] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\ꁛ5
[2013/10/21 17:33:09 | 102,171,793 | ---- | C] ()(C:\Windows\SysWow64\???5) -- C:\Windows\SysWow64\ꁛ5
[2013/10/19 13:14:53 | 101,916,422 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\遲뮊ž
[2013/10/19 13:14:53 | 101,916,422 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\遲뮊ž
[2013/10/06 10:11:41 | 099,399,748 | ---- | M] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\ꦪ뫽=
[2013/10/06 10:11:41 | 099,399,748 | ---- | C] ()(C:\Windows\SysWow64\???=) -- C:\Windows\SysWow64\ꦪ뫽=
[2013/10/02 11:27:27 | 098,743,819 | ---- | M] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\꥘셗A
[2013/10/02 11:27:27 | 098,743,819 | ---- | C] ()(C:\Windows\SysWow64\???A) -- C:\Windows\SysWow64\꥘셗A
[2013/10/01 17:25:58 | 098,609,570 | ---- | M] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\�ᄹH
[2013/10/01 17:25:58 | 098,609,570 | ---- | C] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\�ᄹH
[2013/09/11 11:19:02 | 097,080,355 | ---- | M] ()(C:\Windows\SysWow64\?e?G) -- C:\Windows\SysWow64\εG
[2013/09/11 11:19:02 | 097,080,355 | ---- | C] ()(C:\Windows\SysWow64\?e?G) -- C:\Windows\SysWow64\εG
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD


:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
[Reboot]


E'normale che mi si sia riavviato il computer automaticamente?

Files\Folders moved on Reboot...
C:\Users\Adolfo\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Adolfo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE1RN7YP\gazzetta_it[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE1RN7YP\serie-b[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE1RN7YP\signin[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE1RN7YP\signin[2].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LOMRWZGM\auth[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LOMRWZGM\livescore_betradar_com[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LOMRWZGM\template[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LOMRWZGM\V5[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\adv_multibar_new[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\feed.html[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\Impression@x96[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\postmessageRelay[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\recommendations[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\serie-a[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\viewtopic[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\xd_arbiter[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZQYJNBQ\xd_arbiter[3].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3IBLI64Z\105[1].htm moved successfully.
C:\Users\Adolfo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3IBLI64Z\badge[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[stevens]

si e' normale ho messo io il comando pe r il riavvio....non vedo le cartelle eliminate nel log, lo hai copiato tutto?

se sei in dubbio rieseguimi otl

[Pancrazio]

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3921747392-2553898906-1385633397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-3921747392-2553898906-1385633397-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}\ not found.
File C:\ProgramData\-CGArUgsuXIlier not found.
File C:\ProgramData\-CGArUgsuXIlie not found.
Folder C:\Users\XXX\AppData\Roaming\Giywol\ not found.
File C:\Windows\SysWow64\錧�¡ not found.
File C:\Windows\SysWow64\錧�¡ not found.
File C:\Windows\SysWow64\䔲东D not found.
File C:\Windows\SysWow64\䔲东D not found.
File C:\Windows\SysWow64\ꁛ5 not found.
File C:\Windows\SysWow64\ꁛ5 not found.
File C:\Windows\SysWow64\遲뮊ž not found.
File C:\Windows\SysWow64\遲뮊ž not found.
File C:\Windows\SysWow64\ꦪ뫽= not found.
File C:\Windows\SysWow64\ꦪ뫽= not found.
File C:\Windows\SysWow64\꥘셗A not found.
File C:\Windows\SysWow64\꥘셗A not found.
File C:\Windows\SysWow64\�ᄹH not found.
File C:\Windows\SysWow64\�ᄹH not found.
File C:\Windows\SysWow64\εG not found.
File C:\Windows\SysWow64\εG not found.
Unable to delete ADS C:\ProgramData\TEMP:7E95B6FD .
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Adolfo\Desktop\cmd.bat deleted successfully.
C:\Users\Adolfo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adolfo
->Temp folder emptied: 177855 bytes
->Temporary Internet Files folder emptied: 129194070 bytes
->Java cache emptied: 13040829 bytes
->Flash cache emptied: 3035 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 13628208 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2297420 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 151,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12052013_212400

Files\Folders moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\XXX\AppData\Local\Temp\~DF2C771EB5F8B02307.TMP not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DF69275DB640D477B7.TMP not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DF8B7E58142BFACF19.TMP not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DFFA4AFAD6BA1B4F7E.TMP not found!
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZA2GLOP4\Impression@x96[1].htm moved successfully.
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\47R9SY0N\viewtopic[1].htm moved successfully.
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[stevens]

riesegui una scansione con otl

[Pancrazio]

http://wikisend.com/download/431054/OTL.Txt