Problema pc lentissimo...causa virus o malware?

[ale221286]

Ciao a tutti, da circa una settimana ho l'hard disk del pc che lavora di continuo, con la spia rossa sempre accesa o lampeggiante...ma non ci sono applicazioni in background aperte che consumino chissà quali risorse.
Ho fatto varie ricerche su internet e alla fine ho notato, tra l'altro, vari processi svchost.exe in esecuzione che, analizzati, sembra diano qualche problema...ma non riesco a individuarli e chiuderli.
Altra cosa...ho provato a fare il log di hijackthis ma non mi salva il file. Ho usato Rkill e questo è quanto:

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/03/2014 02:28:18 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\Admin\Desktop\rkill\rkill-01-03-2014-02-28-22.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/03/2014 02:32:43 PM
Execution time: 0 hours(s), 4 minute(s), and 25 seconds(s)


come posso procedere? quali altre scansioni e con quali programmi posso capire cosa non va?

Grazie in anticipo,

Alessandro

[FDACCC]

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
link alternativo: http://www.combofix.org/downloadlink.php
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"

● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer; inoltre potrebbe impostarlo come browser predefinito

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
● esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce e aumentare la sicurezza del Computer: quando inserisci un dispositivo esterno, dovrai avviarlo "manualmente" dalle Risorse del computer. Se vuoi che il PC torni come prima, comunicalo nel tuo prossimo post
● se ComboFix rileva Bootkit/Rootkit in attività sul tuo sistema, dopo un avviso ti verrà richiesto di riavviare la macchina: acconsenti (al riavvio la macchina potrebbe mostrare una finestra nera per alcuni minuti, è normale)
● se dopo aver eseguito il programma ricevi un qualunque tipo di messaggio riguardo chiavi di registro cancellate, riavvia la macchina e il problema scomparirà (le chiavi di registro non verranno cancellate, tranquillo)

[pumadel47]

Se come S.O. hai Windows XP, leggiti attentamente questo link e con molta probabilità risolverai il problema:
http://www.ilsoftware.it/articoli.asp?t ... -SP3_10338

[ale221286]

Ecco qua il rapporto di Combofix:

ComboFix 14-01-04.03 - Admin 06/01/2014 1.26.13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2047.1133 [GMT 1:00]
Eseguito da: c:\users\Admin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\users\Admin\001.JPG
c:\users\Admin\153.JPG
c:\users\Admin\250.jpg
c:\users\Admin\Acrobat
c:\users\Admin\Acrobat\AdbeRdr810_en_US.exe
c:\users\Admin\Acrobat\AdbeRdr810_fr_FR.exe
c:\users\Admin\AppData\Local\Tempcheck.exe
c:\users\Admin\AppData\Roaming\Adminlog.dat
c:\users\Admin\AppData\Roaming\Explorer
c:\users\Admin\AppData\Roaming\explorer\svchost.exe
c:\users\Admin\AppData\Roaming\OfferBox
c:\users\Admin\AppData\Roaming\OfferBox\config.xml
c:\windows\IsUn0410.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\tmp3BDF.tmp
c:\windows\system32\tmp3C2E.tmp
c:\windows\system32\tmpBA5D.tmp
c:\windows\system32\tmpBA7D.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2013-12-06 al 2014-01-06 )))))))))))))))))))))))))))))))))))
.
.
2014-01-06 00:38 . 2014-01-06 00:38 -------- d-----w- c:\users\Admin\AppData\Local\temp
2014-01-06 00:38 . 2014-01-06 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 00:20 . 2014-01-06 00:20 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13EC62A5-01AD-41F1-8B08-7AAF1C71E2F4}\MpKslff91642e.sys
2014-01-06 00:00 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13EC62A5-01AD-41F1-8B08-7AAF1C71E2F4}\mpengine.dll
2014-01-04 11:36 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 13:16 . 2014-01-03 13:16 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 13:16 . 2014-01-03 13:16 -------- d-----w- c:\program files\Trend Micro
2014-01-03 12:41 . 2014-01-03 13:06 -------- d-----w- c:\programdata\SecTaskMan
2014-01-03 12:41 . 2014-01-03 12:41 -------- d-----w- c:\program files\Security Task Manager
2014-01-03 12:33 . 2014-01-03 12:33 -------- d-----w- c:\users\Admin\AppData\Local\SvchostViewer
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\users\Admin\.android
2014-01-03 12:10 . 2014-01-03 12:16 -------- d-----w- c:\users\Admin\AppData\Local\cache
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\users\Admin\AppData\Local\genienext
2014-01-03 12:10 . 2014-01-03 12:11 -------- d-----w- c:\users\Admin\AppData\Local\Mobogenie
2014-01-03 12:10 . 2014-01-03 12:10 -------- d-----w- c:\programdata\Raxco
2014-01-03 12:09 . 2014-01-03 12:09 -------- d-----w- c:\program files\Common Files\Raxco
2014-01-03 12:09 . 2014-01-03 12:09 -------- d-----w- c:\program files\Raxco
2014-01-03 12:08 . 2014-01-03 12:13 -------- d-----w- c:\program files\Mobogenie
2014-01-03 12:05 . 2014-01-03 19:33 -------- d-----w- c:\program files\MyPC Backup
2014-01-03 11:37 . 2014-01-03 11:37 -------- d-----w- c:\program files\What's my computer doing
2014-01-02 09:08 . 2014-01-03 14:31 -------- d-----w- c:\users\Admin\AppData\Local\Spotify
2014-01-02 09:07 . 2014-01-04 14:30 -------- d-----w- c:\users\Admin\AppData\Roaming\Spotify
2013-12-26 10:32 . 2013-12-26 10:32 1931296 ----a-w- c:\windows\system32\Codejock.Controls.v15.3.1.ocx
2013-12-24 10:35 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-24 10:35 . 2013-12-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-19 07:55 . 2013-12-19 07:55 -------- d-----w- c:\programdata\UAB
2013-12-19 07:55 . 2013-12-19 07:55 -------- d-----w- c:\users\Admin\AppData\Local\PC_Drivers_Headquarters
2013-12-19 07:54 . 2013-12-19 07:54 -------- d-----w- c:\programdata\Driver Mender
2013-12-19 07:50 . 2013-12-19 07:50 -------- d-----w- c:\program files\Driver Mender
2013-12-19 07:20 . 2013-12-19 07:14 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{650BA28D-3FFE-4BB3-991E-6F42286888A3}\gapaengine.dll
2013-12-17 10:30 . 2013-12-17 10:30 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e0c507a1cefb132b\InstallManager_WLE_WLE.exe
2013-12-17 10:29 . 2013-12-17 10:29 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c8d98a1cefb1220\MeshBetaRemover.exe
2013-12-17 10:28 . 2013-12-17 10:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DXSETUP.exe
2013-12-17 10:28 . 2013-12-17 10:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DSETUP.dll
2013-12-17 10:28 . 2013-12-17 10:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\dsetup32.dll
2013-12-17 10:28 . 2013-12-17 10:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DXSETUP.exe
2013-12-17 10:28 . 2013-12-17 10:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\dsetup32.dll
2013-12-17 10:28 . 2013-12-17 10:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DSETUP.dll
2013-12-17 10:25 . 2013-12-17 10:25 -------- d-----w- c:\users\Admin\AppData\Local\Windows Live
2013-12-17 10:23 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-12-17 10:12 . 2013-12-17 10:12 -------- d-----w- c:\windows\Migration
2013-12-17 09:55 . 2013-12-17 09:56 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-17 09:48 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2013-12-15 15:07 . 2013-12-15 15:07 -------- d-----w- C:\File Originali WOT
2013-12-13 18:06 . 2013-12-13 18:06 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2013-12-13 17:58 . 2013-12-19 13:07 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-13 17:58 . 2013-12-19 13:07 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-13 17:58 . 2013-12-13 17:56 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-13 17:57 . 2013-12-13 17:59 -------- d-----w- c:\programdata\Avira
2013-12-13 17:57 . 2013-12-13 17:57 -------- d-----w- c:\program files\Avira
2013-12-13 17:53 . 2013-12-13 17:53 -------- d-----w- c:\program files\CCleaner
2013-12-13 07:54 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD48098-4574-4724-A45C-4253335A78C0}\mpengine.dll
2013-12-11 21:19 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 15:02 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 15:02 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 15:02 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 15:02 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 15:02 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 15:02 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 15:02 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 15:02 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 15:02 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 15:02 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-26 10:32 . 2004-09-08 17:56 158208 ----a-w- c:\windows\system32\UNRAR.DLL
2013-12-24 11:23 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 15:56 . 2012-04-02 08:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 15:56 . 2011-05-14 08:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-03 07:17 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2006-11-02 10:25 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-22 09:00 . 2013-10-22 09:00 94632 ------w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-11 02:08 . 2013-11-14 08:37 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 08:37 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-19 684600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk
backup=c:\windows\pss\What's my computer doing.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-26 16:27 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2013-12-19 13:05 684600 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Mender]
2013-09-19 09:04 4044656 ----a-w- c:\program files\Driver Mender\Driver Mender\DriverMender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 10:59 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 10:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 06:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
2014-01-03 12:11 761536 ----a-w- c:\program files\Mobogenie\DaemonProcess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-10-23 13:55 948440 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-04 09:22 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-01-02 09:08 5951488 ----a-w- c:\users\Admin\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-02 09:08 1168896 ----a-w- c:\users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSLFF91642E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:56]
.
2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59]
.
.
------- Scansione supplementare -------
.
uStart Page = gamezona.org
IE: Download with iphone-transfer-platinum - c:\program files\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-08-31 12:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-24 12:00; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-PoService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-CheckSound - c:\program files\Common Files\Audio\snddrv.exe
MSConfigStartUp-CnxDslTaskBar - c:\program files\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
MSConfigStartUp-ctfupd - c:\program files\Common Files\Sysupdate\ctfupd.exe
MSConfigStartUp-PlusService - c:\program files\Messenger Plus! Live\PlusService.exe
AddRemove-1efa552d-e5a6-4610-a9d1-8cd285646842 - c:\program files\PassShow\Uninstall.exe
AddRemove-CarmageddonDeinstKey - c:\program files\Games\Carmageddon\DeIsL2.isu
AddRemove-Rollcage Stage II - c:\windows\IsUn0410.exe
AddRemove-sarngvgofjluxba - c:\windows\system32\sarngvgofjluxba.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-06 01:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA3C5FE3-5B3F-E9BC-1869-460747E1408C}*]
"haodfjkmbhelmffb"=hex:6b,61,69,65,68,62,6e,66,64,63,63,63,64,62,6b,6d,68,6e,
6c,65,64,64,00,00
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,0a,b7,ef,d8,a7,24,c9,29,bd,4c,92,33,1b,a4,46,b3,0d,e3,6c,4f,70,69,
47,68,a2,22,db,f7,ed,6b,61,79,16,31,98,96,bc,4e,39,9d,22,bc,e9,9c,4b,1b,4b,\
"??"=hex:05,0f,12,98,88,a0,4b,63,04,d1,0d,64,6d,92,10,c2
.
[HKEY_USERS\S-1-5-21-3721440691-2519285905-3807245221-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,f1,55,78,23,11,dc,01,88,be,db,be,7c,2a,7f,13,28,8c,ca,59,f6,
3b,be,67,66,ff,5e,9d,9f,5a,1b,d6,e5,65,f3,46,14,5d,73,30,69,6d,65,87,7d,59,\
"rkeysecu"=hex:ac,e7,80,4c,cf,80,ea,a6,33,38,58,e1,3e,2e,78,bb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2014-01-06 01:42:09
ComboFix-quarantined-files.txt 2014-01-06 00:42
.
Pre-Run: 69.788.442.624 byte disponibili
Post-Run: 69.628.497.920 byte disponibili
.
- - End Of File - - E59DAB6137AC2367934FF5E0923A29FA
5C616939100B85E558DA92B899A0FC36


notate qualcosa di strano?

Ale

[FDACCC]

Si, nel senso che ti aveto detto di "posizionare il file scaricato sul Desktop"

Non l'ho detto tanto per dire, ma perchè era importante.

Ora, disinstalla Spybot e AVG.
Quali altri software di sicurezza possiedi?

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● termina tutti i programmi aperti
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
● allega il log che compare al riavvio

[ale221286]

Intendi come antivirus o come programmi di pulizia? (tipo ccleaner, malwarebytes...)
Quindi riposiziono combofix nel desktop, vado ancora di scansione e allego?

[ale221286]

ecco la scansione di adwcleaner...in ogni caso ho circa 17 processi svchost.exe all'avvio, uno dei quali di circa 310.000 kb e un altro da 57.000 e qualcosa. terminandoli ricominciano, oppure appena ne termino uno gli altri iniziano a impegnare la cpu...aiuto!
Ho disinstallato avg e sto momentaneamente senza antivirus...cosa conviene mettere?

# AdwCleaner v3.016 - Report created 06/01/2014 at 12:02:44
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Admin - L02
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\FreeRIP
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Local\Tiger Savings
Folder Deleted : C:\Users\Admin\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Admin\Documents\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
File Deleted : C:\END
File Deleted : C:\Users\Admin\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\user.js
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20a82645-c095-46ed-80e3-08825760534b}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BCBF25-CBF8-4ABD-9319-068252E61A17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\pdfforge.org
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (it)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\prefs.js ]

Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1363186892412");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1363186880499");

-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13589 octets] - [06/01/2014 12:01:17]
AdwCleaner[S0].txt - [13849 octets] - [06/01/2014 12:02:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13910 octets] ##########

[ale221286]

Rifatta la scansione con Combofix, stavolta spostato nel desktop...

ComboFix 14-01-04.03 - Admin 06/01/2014 12.58.33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2047.1210 [GMT 1:00]
Eseguito da: C:\Users\Admin\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\WinRAR\Leggimi.Txt
C:\Program Files\WinRAR\Leggimi_1a.Txt
C:\Program Files\WinRAR\Licenza.Txt
C:\Program Files\WinRAR\NoteTecniche.Txt
C:\Program Files\WinRAR\Ordin.htm
C:\Program Files\WinRAR\Ordina.htm
C:\Program Files\WinRAR\SorgUnRAR.Txt
C:\Users\Admin\AUTORUN.INF
C:\Windows\wininit.ini


((((((((((((((((((((((((( Files Creati Da 2013-12-06 al 2014-01-06 )))))))))))))))))))))))))))))))))))


2014-01-06 12:07:35 . 2014-01-06 12:11:11 -------- d-----w- C:\Users\Admin\AppData\Local\temp
2014-01-06 12:07:35 . 2014-01-06 12:07:35 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-06 11:00:27 . 2014-01-06 11:03:38 -------- d-----w- C:\AdwCleaner
2014-01-03 13:16:34 . 2014-01-03 13:16:35 388096 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 13:16:32 . 2014-01-03 13:16:32 -------- d-----w- C:\Program Files\Trend Micro
2014-01-03 12:41:53 . 2014-01-03 13:06:50 -------- d-----w- C:\ProgramData\SecTaskMan
2014-01-03 12:41:45 . 2014-01-03 12:41:47 -------- d-----w- C:\Program Files\Security Task Manager
2014-01-03 12:33:28 . 2014-01-06 08:55:33 -------- d-----w- C:\Users\Admin\AppData\Local\SvchostViewer
2014-01-03 12:10:27 . 2014-01-03 12:10:29 -------- d-----w- C:\Users\Admin\.android
2014-01-03 12:10:26 . 2014-01-03 12:16:28 -------- d-----w- C:\Users\Admin\AppData\Local\cache
2014-01-03 12:10:17 . 2014-01-03 12:10:17 -------- d-----w- C:\Users\Admin\AppData\Local\genienext
2014-01-03 12:10:00 . 2014-01-03 12:10:00 -------- d-----w- C:\ProgramData\Raxco
2014-01-03 12:09:58 . 2014-01-03 12:09:58 -------- d-----w- C:\Program Files\Common Files\Raxco
2014-01-03 12:09:57 . 2014-01-03 12:09:57 -------- d-----w- C:\Program Files\Raxco
2014-01-03 11:37:55 . 2014-01-03 11:37:56 -------- d-----w- C:\Program Files\What's my computer doing
2014-01-02 09:08:24 . 2014-01-03 14:31:22 -------- d-----w- C:\Users\Admin\AppData\Local\Spotify
2014-01-02 09:07:19 . 2014-01-04 14:30:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\Spotify
2013-12-26 10:32:04 . 2013-12-26 10:32:04 1931296 ----a-w- C:\Windows\system32\Codejock.Controls.v15.3.1.ocx
2013-12-24 10:35:35 . 2013-04-04 13:50:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-12-24 10:35:34 . 2013-12-24 10:35:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-19 07:55:13 . 2013-12-19 07:55:42 -------- d-----w- C:\ProgramData\UAB
2013-12-19 07:55:00 . 2013-12-19 07:55:00 -------- d-----w- C:\Users\Admin\AppData\Local\PC_Drivers_Headquarters
2013-12-19 07:54:19 . 2013-12-19 07:54:19 -------- d-----w- C:\ProgramData\Driver Mender
2013-12-19 07:50:31 . 2013-12-19 07:50:31 -------- d-----w- C:\Program Files\Driver Mender
2013-12-17 10:30:51 . 2013-12-17 10:30:52 469256 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\e0c507a1cefb132b\InstallManager_WLE_WLE.exe
2013-12-17 10:29:42 . 2013-12-17 10:29:43 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\e5c8d98a1cefb1220\MeshBetaRemover.exe
2013-12-17 10:28:44 . 2013-12-17 10:28:45 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DXSETUP.exe
2013-12-17 10:28:44 . 2013-12-17 10:28:44 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\DSETUP.dll
2013-12-17 10:28:44 . 2013-12-17 10:28:44 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\c2b163ea1cefb1219\dsetup32.dll
2013-12-17 10:28:31 . 2013-12-17 10:28:31 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DXSETUP.exe
2013-12-17 10:28:31 . 2013-12-17 10:28:31 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\dsetup32.dll
2013-12-17 10:28:30 . 2013-12-17 10:28:30 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\ba04793a1cefb1217\DSETUP.dll
2013-12-17 10:25:54 . 2013-12-17 10:25:54 -------- d-----w- C:\Users\Admin\AppData\Local\Windows Live
2013-12-17 10:23:11 . 2009-08-04 08:02:24 754688 ----a-w- C:\Windows\system32\webservices.dll
2013-12-17 10:12:04 . 2013-12-17 10:12:04 -------- d-----w- C:\Windows\Migration
2013-12-17 09:48:46 . 2010-04-05 20:00:40 221568 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-12-15 15:07:01 . 2013-12-15 15:07:01 -------- d-----w- C:\File Originali WOT
2013-12-13 17:57:45 . 2014-01-06 10:43:06 -------- d-----w- C:\ProgramData\Avira
2013-12-13 17:53:52 . 2013-12-13 17:53:59 -------- d-----w- C:\Program Files\CCleaner
2013-12-13 07:54:31 . 2013-11-08 01:15:57 7772552 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DD48098-4574-4724-A45C-4253335A78C0}\mpengine.dll
2013-12-11 21:19:59 . 2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-12-11 15:02:59 . 2013-10-30 02:12:54 335360 ----a-w- C:\Windows\system32\SysFxUI.dll
2013-12-11 15:02:59 . 2013-10-30 01:43:04 130048 ----a-w- C:\Windows\system32\drivers\drmk.sys
2013-12-11 15:02:59 . 2013-10-30 00:43:06 167936 ----a-w- C:\Windows\system32\drivers\portcls.sys
2013-12-11 15:02:57 . 2013-10-30 00:35:24 2050560 ----a-w- C:\Windows\system32\win32k.sys
2013-12-11 15:02:54 . 2013-10-11 02:08:55 36864 ----a-w- C:\Windows\system32\wshcon.dll
2013-12-11 15:02:54 . 2013-10-11 02:08:55 131072 ----a-w- C:\Windows\system32\wshom.ocx
2013-12-11 15:02:54 . 2013-10-11 02:08:35 172032 ----a-w- C:\Windows\system32\scrrun.dll
2013-12-11 15:02:54 . 2013-10-11 00:35:42 135168 ----a-w- C:\Windows\system32\cscript.exe
2013-12-11 15:02:54 . 2013-10-11 00:35:41 155648 ----a-w- C:\Windows\system32\wscript.exe
2013-12-11 15:02:43 . 2013-10-22 07:19:59 158208 ----a-w- C:\Windows\system32\imagehlp.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-26 10:32:24 . 2004-09-08 17:56:40 158208 ----a-w- C:\Windows\system32\UNRAR.DLL
2013-12-24 11:23:03 . 2010-06-24 10:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 15:56:24 . 2012-04-02 08:51:28 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 15:56:24 . 2011-05-14 08:17:32 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21:30 . 2009-10-03 07:17:53 230048 ------w- C:\Windows\system32\MpSigStub.exe
2013-10-30 02:13:01 . 2006-11-02 10:25:29 1304064 ----a-w- C:\Windows\system32\WMALFXGFXDSP.dll
2013-10-22 09:00:05 . 2013-10-22 09:00:28 94632 ------w- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-11 02:08:02 . 2013-11-14 08:37:41 444928 ----a-w- C:\Windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 . 2013-11-14 08:37:40 596480 ----a-w- C:\Windows\system32\FWPUCLNT.DLL


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09:56 131248 ----a-w- C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 08:01:32 4431872]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 19:25:00 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 19:25:00 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 19:25:00 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=C:\Windows\pss\Exif Launcher S.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\What's my computer doing.lnk
backup=C:\Windows\pss\What's my computer doing.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=C:\Windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:38 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43:52 59720 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Mender]
2013-09-19 09:04:14 4044656 ----a-w- C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-24 10:59:55 136176 ----atw- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41:12 49208 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 10:56:02 152392 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 06:50:34 2656528 ----a-w- C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47:30 4240760 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40:44 155648 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59:04 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 11:31:24 236016 ----a-w- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-04 09:22:46 1822720 ----a-w- C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-01-02 09:08:22 5951488 ----a-w- C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-02 09:08:01 1168896 ----a-w- C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16:26 254336 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07:40 199752 ----a-w- C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38:38 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contenuto della cartella 'Scheduled Tasks'

2014-01-06 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:51:28 . 2013-12-11 15:56:25]

2014-01-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000Core.job
- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59:58 . 2011-02-24 10:59:55]

2014-01-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721440691-2519285905-3807245221-1000UA.job
- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-24 10:59:58 . 2011-02-24 10:59:55]


------- Scansione supplementare -------

uStart Page = gamezona.org
IE: Download with iphone-transfer-platinum - C:\Program Files\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\06a31int.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-08-31 12:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-24 12:00; smartwebprinting@hp.com; C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-AVG9_TRAY - C:\PROGRA~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-mobilegeni daemon - C:\Program Files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-MSC - c:\Program Files\Microsoft Security Client\msseces.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Debut - C:\Program Files\NCH Software\Debut\uninst.exe

[FDACCC]

Molto bene.
AVG era vecchio di 3-4 anni, è come se navigavi senza antivirus.

Scarica Security Check: http://screen317.spywareinfoforum.org/SecurityCheck.exe
● salva il tool sul Desktop
● esegui il programma e premi un tasto qualsiasi
● attendi la fine della scansione
● allega il log che si aprirà automaticamente al termine

Scarica CKScanner: http://downloads.malwareremoval.com/CKScanner.exe
● salva il file scaricato sul Destkop
● avvia il programma con un doppio click
● clicca sul pulsante Search For Files
● attendi il termine della scansione: dura poco più di un paio di secondi
● clicca sul pulsante Save List To File: salva il Report sul Desktop
● allega il file CKFiles.txt

[ale221286]

Ecco il log di security check:

Results of screen317's Security Check version 0.99.78
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 21
Java 7 Update 45
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Adobe Flash Player 11.9.900.170
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

e questo è quello di ckscanner:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\torrent harvester\engines\engine - cracks.am.xml
c:\users\admin\documents\mameui32\roms\cracksht.txt
scanner sequence 3.AA.11.ETAPBZ
----- EOF -----

[FDACCC]

vuoi un consiglio? disinstalla questo programma; torrent harvester
E elimina questo file, seguendo il percorso:
c:\users\admin\documents\mameui32\roms\cracksht.txt

Quale/i antivirus sono installati ora?

[ale221286]

Ho fatto queste due operazioni...al momento non sono presenti antivirus, cosa mi consigliate di installare?