pagine pubblicitarie che si aprono da sole

[8ottavio8]

Ciao!
Anch'io ho un problema con la navigazione (con Chrome). Si aprono continuamente pagine correlate alle voci che ricerco.
Ho fatto pulizia con Ccleaner, un controllo con Malwarebytes e una scansione(lunghissima) con Combofix.
Il report è il seguente:
ComboFix 12-12-29.02 - claudia 29/12/2012 11:20:52.1.4 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1013.175 [GMT 1:00]
Eseguito da: c:\users\claudia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-28 al 2012-12-29 )))))))))))))))))))))))))))))))))))
.
.
2012-12-29 10:56 . 2012-12-29 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 09:54 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{389B6AC0-89FC-40AB-9A78-E75B80B339FF}\mpengine.dll
2012-12-28 18:05 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-28 18:05 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-28 18:05 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-28 18:05 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-28 18:05 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-28 18:05 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-28 18:04 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-28 18:04 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-28 18:04 . 2012-12-28 18:04 -------- d-----w- c:\programdata\AVAST Software
2012-12-28 18:04 . 2012-12-28 18:04 -------- d-----w- c:\program files\AVAST Software
2012-12-22 10:07 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 10:07 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 08:07 . 2012-11-22 07:43 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 08:06 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 08:06 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 08:05 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 20:34 . 2012-11-28 15:49 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2011-02-24 600688]
"AutosetFrequency"="c:\windows\AutosetFrequency.exe" [2010-01-26 51712]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 715296]
"OMEA"="c:\program files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" [2009-06-04 184320]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 PowerOffer Service;Pos Service;c:\users\claudia\AppData\Local\PosService\Pos.exe [x]
R2 ServUpdater;Serv Updater;c:\users\claudia\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Packard Bell\Registration\GREGsvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585621252-1082573099-3632840775-1000Core.job
- c:\users\claudia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 16:32]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585621252-1082573099-3632840775-1000UA.job
- c:\users\claudia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 16:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
mStart Page = hxxp://search.findeer.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0AFDB503-F1FB-4C3E-A6C8-4800FC745F86}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{0AFDB503-F1FB-4C3E-A6C8-4800FC745F86}\14C6963656D21303332343034363: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{447DA4E9-A778-4076-9A8E-2612FF9406CF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5332)
c:\program files\Packard Bell\Packard Bell Power Management\SysHook.dll
.
Ora fine scansione: 2012-12-29 12:03:03
ComboFix-quarantined-files.txt 2012-12-29 11:02
.
Pre-Run: 207.608.004.608 byte disponibili
Post-Run: 207.919.280.128 byte disponibili
.
- - End Of File - - 55FA1A1C21BC9AB6AF4ED334FC37059C

Attendo news, grazie 1000!!!!!

[shel]

ciao scarica adwcleaner clicca su delete e allegai ll log

Scarica OTL, http://oldtimer.geekstogo.com/OTL.exe salvalo sul desktop,doppio click sulla sua icona.
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.

A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt) che dovrai allegare insieme al log di adwcleaner

[8ottavio8]

OTL:

OTL logfile created on: 30/12/2012 03:18:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\claudia\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1013,09 Mb Total Physical Memory | 41,11 Mb Available Physical Memory | 4,06% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 193,95 Gb Free Space | 88,25% Space Free | Partition Type: NTFS

Computer Name: CLAUDIA-PC | User Name: claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\claudia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Programmi\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programmi\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programmi\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Programmi\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programmi\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Programmi\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Windows\AutosetFrequency.exe ( )
PRC - C:\Programmi\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - c:\Programmi\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programmi\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\471c9203ac2cc166ab3321f63d3bbc4a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ff1a3712e3bbd4944ffb5c78fd9c7bca\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Programmi\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Programmi\Launch Manager\CdDirIo.dll ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Programmi\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programmi\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (PowerOffer Service) -- C:\Users\claudia\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\claudia\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Programmi\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Programmi\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Updater Service) -- C:\Programmi\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Programmi\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Programmi\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\claudia\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\claudia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\claudia\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\claudia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\claudia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\claudia\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\claudia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\claudia\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\claudia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programmi\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programmi\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutosetFrequency] C:\Windows\AutosetFrequency.exe ( )
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [ETDCtrl] C:\Programmi\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [OMEA] C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe (Ours Technology Inc.)
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O4 - Startup: C:\Users\claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFDB503-F1FB-4C3E-A6C8-4800FC745F86}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFDB503-F1FB-4C3E-A6C8-4800FC745F86}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447DA4E9-A778-4076-9A8E-2612FF9406CF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2012/12/30 03:16:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\claudia\Desktop\OTL.exe
[2012/12/29 12:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/29 12:22:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/12/29 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\claudia\AppData\Roaming\Malwarebytes
[2012/12/29 12:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/29 12:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/29 12:21:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/29 12:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/29 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\claudia\AppData\Local\Programs
[2012/12/29 12:01:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/29 11:12:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/29 11:12:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/29 11:12:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/29 11:12:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/29 11:10:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/29 10:56:44 | 005,015,489 | R--- | C] (Swearware) -- C:\Users\claudia\Desktop\ComboFix.exe
[2012/12/28 19:05:57 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/12/28 19:05:57 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/12/28 19:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/28 19:05:54 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/12/28 19:05:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/12/28 19:05:51 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/12/28 19:05:48 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/12/28 19:04:56 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/28 19:04:55 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/12/28 19:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/28 19:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/28 19:01:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/22 11:07:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/22 11:07:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/13 21:37:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/13 21:37:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/13 21:37:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/13 21:37:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/13 21:37:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/13 21:37:47 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/13 21:37:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/13 21:37:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/13 09:07:55 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/13 09:07:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/13 09:07:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/13 09:07:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 09:07:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 09:07:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 09:07:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 09:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 09:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 09:07:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 09:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/13 09:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 09:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 09:07:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 09:07:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 09:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 09:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 09:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 09:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 09:07:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 09:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 09:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 09:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 09:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 09:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 09:07:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 09:07:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 09:07:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 09:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 09:07:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 09:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 09:06:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/13 09:05:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/15 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/11/13 22:01:51 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/13 22:01:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/13 22:00:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/13 22:00:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/13 22:00:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/13 21:43:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/07 09:22:40 | 000,000,000 | ---D | C] -- C:\d978ea818a615351fb70
[2012/11/04 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\claudia\AppData\Roaming\Mozilla
[2012/11/01 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\claudia\AppData\Local\Windows Live

========== Files - Modified Within 60 Days ==========

[2012/12/30 03:22:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 03:22:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 03:16:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\claudia\Desktop\OTL.exe
[2012/12/30 03:13:46 | 000,000,741 | ---- | M] () -- C:\Windows\AutoSetFrequency.ini
[2012/12/30 03:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 03:13:08 | 796,725,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/30 03:05:16 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3585621252-1082573099-3632840775-1000UA.job
[2012/12/29 17:05:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3585621252-1082573099-3632840775-1000Core.job
[2012/12/29 12:26:01 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/29 12:24:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/12/29 12:21:56 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 10:58:22 | 005,015,489 | R--- | M] (Swearware) -- C:\Users\claudia\Desktop\ComboFix.exe
[2012/12/28 19:05:57 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/28 19:05:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/12/28 19:02:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/12/24 18:05:58 | 000,290,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/16 15:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/16 15:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/13 16:47:55 | 000,002,471 | ---- | M] () -- C:\Users\claudia\Desktop\Google Chrome.lnk
[2012/11/29 11:55:22 | 000,698,570 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/11/29 11:55:22 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/29 11:55:22 | 000,127,764 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/11/29 11:55:22 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/22 08:43:13 | 002,344,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/14 02:44:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/09 05:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/02 05:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

========== Files Created - No Company Name ==========

[2012/12/29 12:26:01 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/29 12:21:56 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 11:12:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/29 11:12:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/29 11:12:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/29 11:12:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/29 11:12:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/28 19:05:57 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/13 22:01:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/13 22:00:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/01/18 12:19:50 | 000,716,318 | ---- | C] () -- C:\Windows\unins000.exe
[2012/01/18 12:19:50 | 000,000,770 | ---- | C] () -- C:\Windows\unins000.dat
[2011/12/27 09:46:59 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/05/20 21:28:04 | 000,698,570 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2011/05/20 21:28:04 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2011/05/20 21:28:04 | 000,127,764 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2011/05/20 21:28:04 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2011/05/20 12:00:39 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/05/20 12:00:39 | 000,000,741 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/08 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\claudia\AppData\Roaming\OpenOffice.org
[2012/07/06 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\claudia\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >

EXTRAS:

OTL Extras logfile created on: 30/12/2012 03:18:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\claudia\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1013,09 Mb Total Physical Memory | 41,11 Mb Available Physical Memory | 4,06% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 193,95 Gb Free Space | 88,25% Space Free | Partition Type: NTFS

Computer Name: CLAUDIA-PC | User Name: claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3585621252-1082573099-3632840775-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A620382B-9EC4-4029-BA37-8F6BFEB73A06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8461872-4002-4118-BAFF-63FCD9474F86}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D90A261-919C-4A61-9902-CF5D2D71DD99}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{537347AB-6AB3-4C1A-9F71-77C8BF27CD22}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{93C463A6-7B0F-474A-A411-A3999AEB0399}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A2CCF4AD-4E4F-434A-A835-116F533B9DC3}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A6B38141-E1D1-4E8B-8DF4-B8852376D7A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E1793630-A53D-48FC-AA46-06937CF07B80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F330148B-9CE9-43D5-8811-0990480A9955}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{15D4C4F7-E0A6-43B0-9BB9-5779A853FE7E}" = Windows Live Movie Maker
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A845A64-3F80-41D7-9F33-6146E56997E6}" = OpenOffice.org 3.3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E70F8B2-2ADE-4F83-8AD8-BDB602985E98}_is1" = Vlc versione 1.1.8
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9EB6EAE1-5CFC-46F1-9FB9-5FDA335DDE3D}" = Packard Bell XSync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X86 8.0.6.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{9EB6EAE1-5CFC-46F1-9FB9-5FDA335DDE3D}" = Packard Bell XSync
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"VLC media player" = VLC media player 1.1.8
"VMidi" = vanBasco's Karaoke Player
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088226" = Bejeweled 2 Deluxe
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088376" = Blackhawk Striker 2
"WT088396" = Dora's Carnival Adventure
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088444" = Jewel Quest
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"WT088656" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3585621252-1082573099-3632840775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/11/2012 12:35:04 | Computer Name = claudia-PC | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 28/11/2012 11:39:31 | Computer Name = claudia-PC | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 28/11/2012 11:41:05 | Computer Name = claudia-PC | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 28/11/2012 12:52:46 | Computer Name = claudia-PC | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file manifesto
o dei criteri "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 28/11/2012 15:46:11 | Computer Name = claudia-PC | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file manifesto
o dei criteri "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 29/11/2012 04:39:12 | Computer Name = claudia-PC | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 29/11/2012 04:40:43 | Computer Name = claudia-PC | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 30/11/2012 16:44:39 | Computer Name = claudia-PC | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 30/11/2012 16:46:10 | Computer Name = claudia-PC | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 01/12/2012 03:51:38 | Computer Name = claudia-PC | Source = PowerOffer Service | ID = 0
Description = Impossibile avviare il servizio. System.ArgumentException: Nessun
valore con il nome specificato. in System.ThrowHelper.ThrowArgumentException(ExceptionResource
resource) in Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue)

in Microsoft.Win32.RegistryKey.DeleteValue(String name) in PowerOfferService.Helper.RegistryHelper.SetRunRegistry()

in PowerOfferService.Service1.OnStart(String[] args) in System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

[ System Events ]
Error - 25/06/2012 07:39:16 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio Netman.

Error - 26/06/2012 07:55:34 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio fdPHost.

Error - 27/06/2012 11:36:09 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio NlaSvc.

Error - 27/06/2012 11:36:09 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio Netman.

Error - 28/06/2012 06:15:55 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio wuauserv.

Error - 28/06/2012 11:35:34 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio ShellHWDetection.

Error - 28/06/2012 16:22:20 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio ShellHWDetection.

Error - 29/06/2012 10:45:12 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio Wlansvc.

Error - 29/06/2012 14:34:20 | Computer Name = claudia-PC | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 29/06/2012 14:42:59 | Computer Name = claudia-PC | Source = Microsoft Antimalware | ID = 2001
Description =


< End of report >

[8ottavio8]

ADW

# AdwCleaner v2.104 - Logfile creato il 30/12/2012 alle 03:11:51
# Aggiornamento 29/12/2012 by Xplode
# Sistema Operativo : Windows 7 Starter (32 bits)
# Utente : claudia - CLAUDIA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\claudia\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

File Eliminato : C:\Users\Public\Desktop\eBay.lnk

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.22] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/", "hxxp://www.google.it/" ]
Eliminata [l.2230] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/", "hxxp://www.google.it/" ]

*************************

AdwCleaner[S1].txt - [5838 octets] - [30/12/2012 03:11:51]

########## EOF - C:\AdwCleaner[S1].txt - [5898 octets] ##########

Grazie per la rapida risposta, a presto!!!

[shel]

apri otl e copia questo codice nel box bianco

:OTL
PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService)
SRV - (PowerOffer Service) -- C:\Users\claudia\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\claudia\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-3585621252-1082573099-3632840775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFDB503-F1FB-4C3E-A6C8-4800FC745F86}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447DA4E9-A778-4076-9A8E-2612FF9406CF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
[2012/12/29 11:12:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/29 10:56:44 | 005,015,489 | R--- | C] (Swearware) -- C:\Users\claudia\Desktop\ComboFix.exe

:Files
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Reboot]

premi run fix e allega il nuovo log devi allegarlo, non copiarlo

[Marco.Erre]

Buonasera anche io ho lo stesso problema,si aprono pagine pubblicitarie all'improvviso...
allego i log.Grazie dell'aiuto.

ComboFix 12-12-30.01 - MARCO 31/12/2012 15:52:46.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.1013.436 [GMT 1:00]
Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MARCO\AppData\Local\{4F43B7A5-40BC-4D19-8623-6E9EA8F7AB3D}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-28 al 2012-12-31 )))))))))))))))))))))))))))))))))))
.
.
2012-12-31 15:09 . 2012-12-31 15:10 -------- d-----w- c:\users\MARCO\AppData\Local\temp
2012-12-31 15:09 . 2012-12-31 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 14:15 . 2012-12-31 14:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A312D2D-AA58-4BCA-AB48-54016851CA0B}\offreg.dll
2012-12-31 01:33 . 2012-12-31 13:21 -------- d-----w- c:\program files\JDownloader
2012-12-31 01:20 . 2012-12-31 01:22 -------- d-----w- c:\programdata\SweetIM
2012-12-31 01:20 . 2012-12-31 01:22 -------- d-----w- c:\program files\SweetIM
2012-12-30 17:53 . 2012-12-30 17:53 100864 ----a-w- C:\fwloypog.sys
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\users\MARCO\AppData\Local\DownTango
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\program files\Red Sky
2012-12-28 12:53 . 2012-12-28 12:53 -------- d-----w- c:\users\MARCO\AppData\Roaming\Malwarebytes
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 12:51 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 12:51 . 2012-12-28 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\users\MARCO\AppData\Local\Programs
2012-12-27 15:02 . 2012-12-28 01:22 -------- d-----w- c:\users\MARCO\AppData\Roaming\PDFCreatorPackages
2012-12-27 15:01 . 2012-12-27 15:01 -------- d-----w- c:\program files\GPLGS
2012-12-27 15:01 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-12-27 15:00 . 2012-12-28 01:18 -------- d-----w- c:\program files\PDFCreator
2012-12-22 22:13 . 2012-12-22 22:13 -------- d-----w- c:\users\MARCO\AppData\Roaming\Leadertech
2012-12-22 22:13 . 2012-12-22 22:13 53248 ----a-r- c:\users\MARCO\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-22 22:12 . 2012-12-22 22:12 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-22 22:10 . 2012-12-22 22:10 -------- d-----w- c:\programdata\Logitech
2012-12-22 22:09 . 2012-12-22 22:16 -------- d-----w- c:\programdata\Logishrd
2012-12-22 22:09 . 2012-12-22 22:09 -------- d-----w- c:\program files\Logitech
2012-12-22 22:03 . 2012-12-22 22:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-12-22 22:01 . 2012-12-22 22:15 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logitech
2012-12-22 22:01 . 2012-12-22 22:03 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logishrd
2012-12-21 19:48 . 2012-12-21 19:48 -------- d-----w- c:\windows\it
2012-12-21 14:41 . 2012-12-21 21:51 -------- d-----w- c:\windows\system32\Adobe
2012-12-21 12:44 . 2012-12-21 12:44 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-21 12:44 . 2012-12-21 19:36 -------- d-----w- c:\program files\Windows Live
2012-12-21 12:41 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-21 12:41 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-21 12:41 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-21 12:41 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-12-21 12:31 . 2012-12-21 12:31 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DSETUP.dll
2012-12-21 12:31 . 2012-12-21 12:31 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DXSETUP.exe
2012-12-21 12:31 . 2012-12-21 12:31 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\dsetup32.dll
2012-12-21 12:30 . 2012-12-21 12:30 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DSETUP.dll
2012-12-21 12:30 . 2012-12-21 12:30 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DXSETUP.exe
2012-12-21 12:30 . 2012-12-21 12:30 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\dsetup32.dll
2012-12-21 12:29 . 2012-12-21 12:29 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DXSETUP.exe
2012-12-21 12:29 . 2012-12-21 12:29 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DSETUP.dll
2012-12-21 12:29 . 2012-12-21 12:29 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\dsetup32.dll
2012-12-21 11:14 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-21 11:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-12-21 11:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-12-21 11:11 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-12-21 03:18 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 03:18 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:59 . 2012-12-21 02:59 -------- d-----w- c:\windows\system32\RTCOM
2012-12-21 02:57 . 2012-12-21 02:57 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-21 02:57 . 2012-12-21 02:57 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-21 02:50 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\users\MARCO\AppData\Roaming\InstallShield
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\programdata\Atheros
2012-12-21 02:42 . 2012-12-21 02:55 -------- d-----w- c:\program files\Intel
2012-12-21 02:42 . 2012-01-16 10:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-12-21 02:32 . 2005-01-12 10:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2012-12-21 02:32 . 2004-09-28 10:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2012-12-21 02:32 . 2004-08-11 14:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2012-12-21 02:32 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2012-12-21 02:32 . 2004-03-08 23:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2012-12-21 02:32 . 2004-03-08 23:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2012-12-21 02:32 . 2004-03-08 23:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-12-21 02:32 . 2012-12-21 02:34 -------- d-----w- c:\program files\Driver Magician
2012-12-21 00:02 . 2012-12-30 20:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-21 00:02 . 2012-12-21 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-20 11:56 . 2012-12-20 11:56 -------- d-----w- c:\users\MARCO\AppData\Local\PowerOffer
2012-12-20 11:56 . 2012-12-21 03:05 -------- d-----w- c:\users\MARCO\AppData\Local\ServUpdater
2012-12-20 11:56 . 2012-12-20 12:00 -------- d-----w- c:\users\MARCO\AppData\Local\PosService
2012-12-20 04:40 . 2012-12-20 11:57 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater
2012-12-20 04:40 . 2012-12-20 04:40 -------- d-----w- c:\users\MARCO\AppData\Roaming\Sibelius Software
2012-12-20 04:31 . 2012-12-20 04:31 -------- d-----w- c:\program files\Sibelius Software
2012-12-16 13:33 . 2012-12-16 13:33 -------- d-----w- c:\program files\uTorrent
2012-12-16 13:31 . 2012-12-31 14:43 -------- d-----w- c:\users\MARCO\AppData\Roaming\uTorrent
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 19:49 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 19:49 . 2012-10-04 16:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 19:49 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 19:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 19:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 02:52 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-11 02:52 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-11 02:52 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-11 02:52 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-11 02:52 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-11 02:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-09 17:15 . 2012-12-09 17:15 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-05 04:53 . 2012-12-05 04:53 -------- d-----w- c:\users\MARCO\AppData\Roaming\AVG2013
2012-12-05 04:48 . 2012-12-05 04:51 -------- d-----w- c:\programdata\AVG2013
2012-12-05 04:46 . 2012-12-05 04:46 -------- d-----w- c:\program files\AVG
2012-12-05 04:43 . 2012-12-31 12:00 -------- d-----w- c:\programdata\MFAData
2012-12-05 04:43 . 2012-12-21 00:46 -------- d-----w- c:\users\MARCO\AppData\Local\Avg2013
2012-12-05 04:43 . 2012-12-05 04:43 -------- d-----w- c:\users\MARCO\AppData\Local\MFAData
2012-12-05 04:35 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A312D2D-AA58-4BCA-AB48-54016851CA0B}\mpengine.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin7.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin6.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin5.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin4.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin3.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin2.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin.dll
2012-12-04 22:44 . 2012-12-04 22:46 -------- d-----w- c:\program files\QuickTime
2012-12-04 22:44 . 2012-12-04 22:44 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:27 . 2012-08-29 20:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 01:27 . 2012-08-29 20:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-16 07:39 . 2012-11-28 10:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-09 17:40 . 2012-11-14 09:28 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:28 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-05 18:07 . 2012-10-05 18:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 18:07 . 2012-10-05 18:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-03 16:58 . 2012-11-14 09:29 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 09:29 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 09:29 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 09:29 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:29 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:29 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 09:29 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 09:29 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-29 02:06 . 2012-10-29 02:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GoogleChromeAutoLaunch_CF36761AC810CC34B713C060EB63AD6C"="c:\users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-16 929688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-02-26 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\MARCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrazione prodotti.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 15:07 4272640 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-10-12 23:54 1088424 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ServUpdater;Serv Updater;c:\users\MARCO\AppData\Local\ServUpdater\ServiceUpd.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 01:27]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000Core.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000UA.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\MARCO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9070BA3A-DCBD-4C65-B516-E2D8CAAD5BA4}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8D61914-82B8-496A-811F-3D7F07A57698}\A4556554D454254414: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.IT
FF - ExtSQL: 2012-12-22 23:10; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-12-27 16:10; jsonview@brh.numbera.com; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\jsonview@brh.numbera.com.xpi
FF - ExtSQL: 2012-12-31 01:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-31 13:30; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3423937484-4017244598-2803407167-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-12-31 16:14:42
ComboFix-quarantined-files.txt 2012-12-31 15:14
.
Pre-Run: 145.721.458.688 byte disponibili
Post-Run: 145.531.482.112 byte disponibili
.
- - End Of File - - 795B245CB7A228F107756C4F502A2ED4


----------------------------------------------------------------------------------------------------------------------------------------------------


--------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:43, on 31/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\MARCO\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CF36761AC810CC34B713C060EB63AD6C] "C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\MARCO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Realtek87B - Realtek - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

--
End of file - 9247 bytes

[shel]

Marco.Erre apri una nuova discussione non accodarti a questa

Grazie

[8ottavio8]

Mitici! Non sto avendo più problemi!!! -grandissimi!!

[spizzo9]

Salva tutti,
anch'io ho lo stesso problma, mentre nvigo mi si aprono pagine pubblicitari e trovoil pc piuttosto rallntato rispetto a prima...
Ho gia scaricato ComboFix e questo è il report:

ComboFix 13-02-07.02 - Fabrizio 11/02/2013 12.47.08.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.700 [GMT 1:00]
Eseguito da: c:\documents and settings\Fabrizio\Desktop\ComboFix.exe
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-11 al 2013-02-11 )))))))))))))))))))))))))))))))))))
.
.
2013-02-10 17:36 . 2013-02-10 17:36 -------- d-----w- c:\documents and settings\Fabrizio\Dati applicazioni\Malwarebytes
2013-02-10 17:36 . 2013-02-10 17:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-01-29 14:22 . 2013-01-29 14:22 -------- d-----w- c:\programmi\HomeKeylogger
2013-01-29 13:45 . 2013-02-10 17:17 -------- d-----w- c:\documents and settings\Fabrizio\Impostazioni locali\Dati applicazioni\Lollipop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 17:18 . 2012-10-18 16:15 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 17:18 . 2011-12-23 16:39 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"lollipop"="c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\lollipop\lollipop.exe" [2013-01-29 1457152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [25/03/2010 9.49.06 82360]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [21/11/2007 17.37.06 152832]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 17:19]
.
2012-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Waiting1690 - c:\windows\stid1690.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 12:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2013-02-11 12:55:30
ComboFix-quarantined-files.txt 2013-02-11 11:55
.
Pre-Run: 28.760.485.888 byte disponibili
Post-Run: 28.783.804.416 byte disponibili
.
- - End Of File - - 4F7A2F35D4B42E292FEBF34311212859


Spero possiate aiutarmi, anche perchè io nn me ne intendo molto...
Grazie mille.

[Luke57]

Ciao, scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Inserisci il file con estensione .zip nella in questo sito per poterlo vedere (lo carichi e indichi il link che ti sarà fornito)
http://wikisend.com/

Ricordati d'effettuare la scansione senza connessione attiva.

NB:
ricordati di disattivare l'antivirus prima di scaricare il programma e prima d'effettuare la scansione e di riattivarlo prima di riconnetterti ad internet.

[spizzo9]

Grazie mille per l'aiuto...
ho seguito quello che mi hai detto, ed ecco il file .zip

http://wikisend.com/download/926364/11_ ... report.zip

[Luke57]

Ciao, apri un file di testo dal blocco note, copia e incolla al suo interno il seguente script in rosso:


Windows Registry Editor Version 5.00
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"lollipop"=-
;

clicca in alto a sx su File e successivamente su "Salva con nome" > Al fianco di "Nome file" scrivi fix.reg > Al fianco di "Salva come" seleziona (dal menu a tendina) "Tutti i file (*.*)" Il file va salvato sul desktop.

Esegui il file fix.reg accetta l'unione del nuovo valore al registro, ma NON riavviare.

Poi apri systemscan, clicca su RemovalScript, nllo spazio bianco copia e incolla il seguente script all'interno del codice:

Codice: Seleziona tutto

Folders to delete:
C:\DOCUME~1\Fabrizio\IMPOST~1\Temp
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Lollipop

Files to delete:
C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Registry keys to delete:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop]

Clicca su "Proceed with removal", dopo il riavvio portati in C:\ copia/incolla il contenuto del file avenger.txt

2) -Scarica TDSS killer e salvalo sul desktop
http://support.kaspersky.com/downloads/ ... killer.exe
Doppio click su TDSSKILLER.exe per avviare l'applicazione.In change parameters metti la spunta su "detect tdlfs file system" e "verify file digital signature"
Clicca su start scan.

Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Allega il report che si trova in C in questa forma "TDSSKiller.[Date]_[Time]_log.txt"

[spizzo9]

Questo è il contenuto del file avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop]


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nigdkdnc

*******************

Script file located at: \??\C:\WINDOWS\system32\vfdtrebs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\DOCUME~1\Fabrizio\IMPOST~1\Temp deleted successfully.
Folder C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\Lollipop deleted successfully.
File C:\Documents and Settings\Fabrizio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini deleted successfully.
Program C:\Documents and Settings\Fabrizio\Desktop\sys96252.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

E poi in C ho trovato due file TDSSkiller, li carico entrambi:

primo:

19:03:49.0031 2072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:03:49.0234 2072 ============================================================
19:03:49.0234 2072 Current date / time: 2013/02/11 19:03:49.0234
19:03:49.0234 2072 SystemInfo:
19:03:49.0234 2072
19:03:49.0234 2072 OS Version: 5.1.2600 ServicePack: 2.0
19:03:49.0234 2072 Product type: Workstation
19:03:49.0234 2072 ComputerName: AS-96CE7B7CFD49
19:03:49.0234 2072 UserName: Fabrizio
19:03:49.0234 2072 Windows directory: C:\WINDOWS
19:03:49.0234 2072 System windows directory: C:\WINDOWS
19:03:49.0234 2072 Processor architecture: Intel x86
19:03:49.0234 2072 Number of processors: 1
19:03:49.0234 2072 Page size: 0x1000
19:03:49.0234 2072 Boot type: Normal boot
19:03:49.0234 2072 ============================================================
19:03:51.0125 2072 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:51.0125 2072 Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:51.0140 2072 ============================================================
19:03:51.0140 2072 \Device\Harddisk0\DR0:
19:03:51.0140 2072 MBR partitions:
19:03:51.0140 2072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
19:03:51.0140 2072 \Device\Harddisk1\DR1:
19:03:51.0140 2072 MBR partitions:
19:03:51.0140 2072 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
19:03:51.0140 2072 ============================================================
19:03:51.0171 2072 C: <-> \Device\Harddisk0\DR0\Partition1
19:03:51.0281 2072 D: <-> \Device\Harddisk1\DR1\Partition1
19:03:51.0281 2072 ============================================================
19:03:51.0281 2072 Initialize success
19:03:51.0281 2072 ============================================================
19:04:14.0437 2828 ============================================================
19:04:14.0437 2828 Scan started
19:04:14.0437 2828 Mode: Manual; SigCheck; TDLFS;
19:04:14.0437 2828 ============================================================
19:04:14.0875 2828 ================ Scan system memory ========================
19:04:14.0875 2828 System memory - ok
19:04:14.0875 2828 ================ Scan services =============================
19:04:14.0953 2828 Abiosdsk - ok
19:04:14.0953 2828 abp480n5 - ok
19:04:15.0031 2828 [ AD825CB3397C837D1FB91D566D78DE04 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:04:16.0812 2828 ACPI - ok
19:04:16.0859 2828 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:04:16.0984 2828 ACPIEC - ok
19:04:17.0093 2828 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:17.0109 2828 AdobeFlashPlayerUpdateSvc - ok
19:04:17.0109 2828 adpu160m - ok
19:04:17.0156 2828 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:04:17.0296 2828 aec - ok
19:04:17.0359 2828 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:04:17.0500 2828 AFD - ok
19:04:17.0500 2828 Aha154x - ok
19:04:17.0500 2828 aic78u2 - ok
19:04:17.0515 2828 aic78xx - ok
19:04:17.0562 2828 [ AD78B916B3CB2B7BCA9503B929E534B9 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:04:17.0671 2828 Alerter - ok
19:04:17.0703 2828 [ D4A42BF3C11302AA3CCD857034EF1E54 ] ALG C:\WINDOWS\System32\alg.exe
19:04:17.0765 2828 ALG - ok
19:04:17.0781 2828 AliIde - ok
19:04:17.0781 2828 amsint - ok
19:04:17.0937 2828 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:04:17.0953 2828 Apple Mobile Device - ok
19:04:18.0000 2828 [ 00E50CD4D9247CB56EFC1360C32AB755 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:04:18.0062 2828 AppMgmt - ok
19:04:18.0062 2828 asc - ok
19:04:18.0078 2828 asc3350p - ok
19:04:18.0078 2828 asc3550 - ok
19:04:18.0109 2828 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:04:18.0218 2828 AsyncMac - ok
19:04:18.0265 2828 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:04:18.0390 2828 atapi - ok
19:04:18.0390 2828 Atdisk - ok
19:04:18.0468 2828 [ 26FA97BBA8105F5CE7ECE5111216A22E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:04:18.0671 2828 ati2mtag - ok
19:04:18.0718 2828 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:04:18.0843 2828 Atmarpc - ok
19:04:18.0921 2828 [ 15EE9EFF206DAA73B9642FCD51A69BB1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:04:19.0062 2828 AudioSrv - ok
19:04:19.0109 2828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:04:19.0250 2828 audstub - ok
19:04:19.0312 2828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:04:19.0453 2828 Beep - ok
19:04:19.0515 2828 [ 04E8321935AD5643FF59901F3EF5F4F3 ] BITS C:\WINDOWS\system32\qmgr.dll
19:04:19.0750 2828 BITS - ok
19:04:19.0875 2828 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programmi\Bonjour\mDNSResponder.exe
19:04:19.0921 2828 Bonjour Service - ok
19:04:20.0000 2828 [ 72FBF0322BE8A0F25AE722FDE36AB1E6 ] Browser C:\WINDOWS\System32\browser.dll
19:04:20.0156 2828 Browser - ok
19:04:20.0187 2828 [ BBECDA82A252A5DDD5823EA50D30568B ] CAM1690 C:\WINDOWS\system32\Drivers\cam1690.sys
19:04:20.0234 2828 CAM1690 ( UnsignedFile.Multi.Generic ) - warning
19:04:20.0234 2828 CAM1690 - detected UnsignedFile.Multi.Generic (1)
19:04:20.0406 2828 catchme - ok
19:04:20.0421 2828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:04:20.0546 2828 cbidf2k - ok
19:04:20.0593 2828 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:04:20.0718 2828 CCDECODE - ok
19:04:20.0734 2828 cd20xrnt - ok
19:04:20.0796 2828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:04:20.0921 2828 Cdaudio - ok
19:04:20.0968 2828 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:04:21.0125 2828 Cdfs - ok
19:04:21.0156 2828 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:04:21.0312 2828 Cdrom - ok
19:04:21.0312 2828 Changer - ok
19:04:21.0359 2828 [ C4E84243292E37CA3B6FAF4A1855B8A7 ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:04:21.0484 2828 CiSvc - ok
19:04:21.0515 2828 [ 0A215E4BAC9A1A9381D88C67517C850B ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:04:21.0640 2828 ClipSrv - ok
19:04:21.0656 2828 CmdIde - ok
19:04:21.0687 2828 [ DC62C3FF470A3908061349B82E51DE7C ] CnxTrLan C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
19:04:21.0703 2828 CnxTrLan ( UnsignedFile.Multi.Generic ) - warning
19:04:21.0703 2828 CnxTrLan - detected UnsignedFile.Multi.Generic (1)
19:04:21.0750 2828 [ A90AD2BBA356043DE1E6B1B239A8BDCE ] CnxTrUsb C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
19:04:21.0781 2828 CnxTrUsb ( UnsignedFile.Multi.Generic ) - warning
19:04:21.0781 2828 CnxTrUsb - detected UnsignedFile.Multi.Generic (1)
19:04:21.0796 2828 COMSysApp - ok
19:04:21.0812 2828 Cpqarray - ok
19:04:21.0859 2828 [ E0CC838265401128097D182FB583889A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:04:21.0984 2828 CryptSvc - ok
19:04:22.0031 2828 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:04:22.0171 2828 ctljystk - ok
19:04:22.0171 2828 dac2w2k - ok
19:04:22.0187 2828 dac960nt - ok
19:04:22.0250 2828 [ 0C015AB735A4624C44CB5696E9208C4C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:04:22.0453 2828 DcomLaunch - ok
19:04:22.0500 2828 [ 3D6F9B5C5C396BFBC14DC565CE624CEF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:04:22.0656 2828 Dhcp - ok
19:04:22.0687 2828 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:04:22.0828 2828 Disk - ok
19:04:22.0843 2828 dmadmin - ok
19:04:22.0890 2828 [ 6570B4C952F0D8FEE4C6EF2FF5E10C08 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:04:23.0156 2828 dmboot - ok
19:04:23.0203 2828 [ C57D35621782C7F40770F3E5CA20A182 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:04:23.0343 2828 dmio - ok
19:04:23.0390 2828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:04:23.0515 2828 dmload - ok
19:04:23.0593 2828 [ 499FFF7BCA07009A23447776286F0510 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:04:23.0750 2828 dmserver - ok
19:04:23.0781 2828 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:04:23.0890 2828 DMusic - ok
19:04:23.0953 2828 [ 1A4CCB390093D1A6F0EEC063F44AFF31 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:04:24.0078 2828 Dnscache - ok
19:04:24.0078 2828 dpti2o - ok
19:04:24.0156 2828 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:04:24.0296 2828 drmkaud - ok
19:04:24.0375 2828 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
19:04:24.0531 2828 emu10k - ok
19:04:24.0578 2828 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
19:04:24.0718 2828 emu10k1 - ok
19:04:24.0765 2828 [ FF547B3876B6E652431412345FB8EE11 ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:04:24.0890 2828 ERSvc - ok
19:04:24.0953 2828 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] Eventlog C:\WINDOWS\system32\services.exe
19:04:25.0078 2828 Eventlog - ok
19:04:25.0109 2828 [ 16A4DE76313DD3ABF7635565BAAF1512 ] EventSystem C:\WINDOWS\system32\es.dll
19:04:25.0265 2828 EventSystem - ok
19:04:25.0343 2828 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:04:25.0484 2828 Fastfat - ok
19:04:25.0531 2828 [ 500E8EF27757B1C463A4A263ED2C95D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:04:25.0671 2828 FastUserSwitchingCompatibility - ok
19:04:25.0703 2828 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:04:25.0859 2828 Fdc - ok
19:04:25.0906 2828 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
19:04:26.0062 2828 FETNDIS - ok
19:04:26.0093 2828 [ 333FBBC71BDCBB46C58A3B51B3D51184 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:04:26.0234 2828 Fips - ok
19:04:26.0281 2828 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:04:26.0406 2828 Flpydisk - ok
19:04:26.0453 2828 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:04:26.0593 2828 FltMgr - ok
19:04:26.0625 2828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:04:26.0765 2828 Fs_Rec - ok
19:04:26.0812 2828 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:04:26.0937 2828 Ftdisk - ok
19:04:26.0953 2828 [ 4216CD545E5C30807B560C5DCAA812E6 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
19:04:27.0078 2828 gagp30kx - ok
19:04:27.0125 2828 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:04:27.0250 2828 gameenum - ok
19:04:27.0296 2828 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:04:27.0312 2828 GEARAspiWDM - ok
19:04:27.0328 2828 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:04:27.0468 2828 Gpc - ok
19:04:27.0562 2828 [ 03A7A19834E2A63C445B3AC5E73AAB50 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:04:27.0703 2828 helpsvc - ok
19:04:27.0703 2828 HidServ - ok
19:04:27.0718 2828 hpn - ok
19:04:27.0781 2828 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:04:27.0921 2828 HTTP - ok
19:04:27.0937 2828 [ 730374DCF08DF00178D190F9EBD0058A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:04:28.0062 2828 HTTPFilter - ok
19:04:28.0062 2828 i2omgmt - ok
19:04:28.0078 2828 i2omp - ok
19:04:28.0109 2828 [ 30E64DFA4EFAACC8142EA07766181FB4 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:04:28.0250 2828 i8042prt - ok
19:04:28.0421 2828 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:04:28.0578 2828 Imapi - ok
19:04:28.0640 2828 [ ED7ABB35C81709FB41972D30FE15311E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:04:28.0765 2828 ImapiService - ok
19:04:28.0781 2828 ini910u - ok
19:04:28.0796 2828 IntelIde - ok
19:04:28.0828 2828 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:04:28.0953 2828 Ip6Fw - ok
19:04:28.0984 2828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:04:29.0093 2828 IpFilterDriver - ok
19:04:29.0109 2828 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:04:29.0234 2828 IpInIp - ok
19:04:29.0265 2828 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:04:29.0406 2828 IpNat - ok
19:04:29.0500 2828 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programmi\iPod\bin\iPodService.exe
19:04:29.0546 2828 iPod Service - ok
19:04:29.0609 2828 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:04:29.0734 2828 IPSec - ok
19:04:29.0796 2828 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:04:29.0828 2828 IRENUM - ok
19:04:29.0859 2828 [ EA3245A8E8758D6B84DE189A5CAAA75E ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:04:30.0000 2828 isapnp - ok
19:04:30.0031 2828 [ E883AE6EA0B313E659225AA32E449CE9 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:04:30.0171 2828 Kbdclass - ok
19:04:30.0218 2828 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:04:30.0359 2828 kmixer - ok
19:04:30.0390 2828 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:04:30.0531 2828 KSecDD - ok
19:04:30.0578 2828 [ 82A782A17AAF3AD92811F5023A94181F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:04:30.0703 2828 lanmanserver - ok
19:04:30.0781 2828 [ B96429B547C29CFE65E0A31C53F4BB06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:04:30.0906 2828 lanmanworkstation - ok
19:04:30.0921 2828 lbrtfdc - ok
19:04:30.0953 2828 [ 6E008B7EB9B67D555B5EE1C1091F3A7E ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:04:31.0093 2828 LmHosts - ok
19:04:31.0125 2828 [ 3777AB9537D05BFD404B0FBC13A140A6 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:04:31.0265 2828 Messenger - ok
19:04:31.0312 2828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:04:31.0421 2828 mnmdd - ok
19:04:31.0468 2828 [ 940A4E02B7F03C2592A52E16DDDB3E46 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:04:31.0609 2828 mnmsrvc - ok
19:04:31.0640 2828 [ B30D2DB351E3191BD71232036CFE711A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:04:31.0765 2828 Modem - ok
19:04:31.0796 2828 [ C458E314B8722253897C94A714C2E0C0 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:04:31.0937 2828 Mouclass - ok
19:04:32.0000 2828 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:04:32.0125 2828 MountMgr - ok
19:04:32.0125 2828 mraid35x - ok
19:04:32.0171 2828 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:04:32.0312 2828 MRxDAV - ok
19:04:32.0406 2828 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:04:32.0578 2828 MRxSmb - ok
19:04:32.0609 2828 [ 3124662B40761A3EF8F4254D2F32E3F4 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:04:32.0734 2828 MSDTC - ok
19:04:32.0781 2828 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:04:32.0906 2828 Msfs - ok
19:04:32.0921 2828 MSIServer - ok
19:04:32.0953 2828 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:04:33.0078 2828 MSKSSRV - ok
19:04:33.0109 2828 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:04:33.0234 2828 MSPCLOCK - ok
19:04:33.0265 2828 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:04:33.0375 2828 MSPQM - ok
19:04:33.0421 2828 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:04:33.0546 2828 mssmbios - ok
19:04:33.0640 2828 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:04:33.0765 2828 MSTEE - ok
19:04:33.0796 2828 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:04:33.0953 2828 Mup - ok
19:04:34.0031 2828 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:04:34.0171 2828 NABTSFEC - ok
19:04:34.0203 2828 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:04:34.0343 2828 NDIS - ok
19:04:34.0390 2828 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:04:34.0531 2828 NdisIP - ok
19:04:34.0578 2828 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:04:34.0703 2828 NdisTapi - ok
19:04:34.0750 2828 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:04:34.0890 2828 Ndisuio - ok
19:04:34.0953 2828 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:04:35.0078 2828 NdisWan - ok
19:04:35.0109 2828 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:04:35.0250 2828 NDProxy - ok
19:04:35.0296 2828 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:04:35.0437 2828 NetBIOS - ok
19:04:35.0500 2828 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:04:35.0656 2828 NetBT - ok
19:04:35.0687 2828 [ DE62EE316FAB09DE3D7A5180F0775ABF ] NetDDE C:\WINDOWS\system32\netdde.exe
19:04:35.0828 2828 NetDDE - ok
19:04:35.0828 2828 [ DE62EE316FAB09DE3D7A5180F0775ABF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:04:35.0937 2828 NetDDEdsdm - ok
19:04:35.0968 2828 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:04:36.0093 2828 Netlogon - ok
19:04:36.0140 2828 [ 4AD6F202266A25BC0CC1DCE2A3D91563 ] Netman C:\WINDOWS\System32\netman.dll
19:04:36.0281 2828 Netman - ok
19:04:36.0328 2828 [ 337CB52AF1F7CF6C0F57EC8BD14DC6D1 ] Nla C:\WINDOWS\System32\mswsock.dll
19:04:36.0468 2828 Nla - ok
19:04:36.0578 2828 [ 2681C88281F34E59D1A0B2CEDEBF8924 ] nlsvc D:\Programmi\NetLimiter 2 Monitor\nlsvc.exe
19:04:36.0609 2828 nlsvc ( UnsignedFile.Multi.Generic ) - warning
19:04:36.0609 2828 nlsvc - detected UnsignedFile.Multi.Generic (1)
19:04:36.0671 2828 [ 015CE611F7ACF34AFDFF58A581EC6904 ] nltdi C:\WINDOWS\system32\drivers\nltdi.sys
19:04:36.0687 2828 nltdi - ok
19:04:36.0734 2828 [ 357DDB51E03CAE598C096D95497373D0 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
19:04:36.0937 2828 nmwcd - ok
19:04:36.0968 2828 [ 7CD443F9D36C80E152FADB274089577A ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:04:37.0015 2828 nmwcdc - ok
19:04:37.0046 2828 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:04:37.0156 2828 Npfs - ok
19:04:37.0234 2828 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:04:37.0390 2828 Ntfs - ok
19:04:37.0421 2828 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:04:37.0515 2828 NtLmSsp - ok
19:04:37.0593 2828 [ 6D96A941EED90224486F9AF30B9666E1 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:04:37.0734 2828 NtmsSvc - ok
19:04:37.0765 2828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:04:37.0890 2828 Null - ok
19:04:37.0953 2828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:04:38.0031 2828 NwlnkFlt - ok
19:04:38.0046 2828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:04:38.0140 2828 NwlnkFwd - ok
19:04:38.0171 2828 [ 3490EAD0612BFD0E7C1B864EE24E6A4A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:04:38.0312 2828 Parport - ok
19:04:38.0343 2828 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:04:38.0421 2828 PartMgr - ok
19:04:38.0468 2828 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:04:38.0578 2828 ParVdm - ok
19:04:38.0640 2828 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:04:38.0671 2828 pccsmcfd - ok
19:04:38.0718 2828 [ 91FC1D483D900B1C0600A08B871C39D5 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:04:38.0828 2828 PCI - ok
19:04:38.0843 2828 PCIDump - ok
19:04:38.0843 2828 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:04:38.0937 2828 PCIIde - ok
19:04:38.0968 2828 [ 28F3538A2091993A03506311A05053E8 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:04:39.0062 2828 Pcmcia - ok
19:04:39.0062 2828 PDCOMP - ok
19:04:39.0078 2828 PDFRAME - ok
19:04:39.0078 2828 PDRELI - ok
19:04:39.0093 2828 PDRFRAME - ok
19:04:39.0093 2828 perc2 - ok
19:04:39.0109 2828 perc2hib - ok
19:04:39.0156 2828 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] PlugPlay C:\WINDOWS\system32\services.exe
19:04:39.0250 2828 PlugPlay - ok
19:04:39.0281 2828 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:04:39.0375 2828 PolicyAgent - ok
19:04:39.0375 2828 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:04:39.0500 2828 PptpMiniport - ok
19:04:39.0546 2828 [ 2BE7F01E46970E946AA18CBA3DE019EB ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:04:39.0671 2828 Processor - ok
19:04:39.0703 2828 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:04:39.0781 2828 ProtectedStorage - ok
19:04:39.0812 2828 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:04:39.0890 2828 PSched - ok
19:04:39.0937 2828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:04:40.0046 2828 Ptilink - ok
19:04:40.0046 2828 ql1080 - ok
19:04:40.0062 2828 Ql10wnt - ok
19:04:40.0062 2828 ql12160 - ok
19:04:40.0078 2828 ql1240 - ok
19:04:40.0078 2828 ql1280 - ok
19:04:40.0125 2828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:04:40.0234 2828 RasAcd - ok
19:04:40.0265 2828 [ 84D4005E21A887F87D943D9526020531 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:04:40.0359 2828 RasAuto - ok
19:04:40.0406 2828 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:04:40.0484 2828 Rasl2tp - ok
19:04:40.0515 2828 [ EDE7D761426CC2AFFF20A3A460F9C85E ] RasMan C:\WINDOWS\System32\rasmans.dll
19:04:40.0609 2828 RasMan - ok
19:04:40.0625 2828 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:04:40.0734 2828 RasPppoe - ok
19:04:40.0765 2828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:04:40.0890 2828 Raspti - ok
19:04:40.0921 2828 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:04:41.0015 2828 Rdbss - ok
19:04:41.0031 2828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:04:41.0125 2828 RDPCDD - ok
19:04:41.0187 2828 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:04:41.0312 2828 rdpdr - ok
19:04:41.0375 2828 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:04:41.0484 2828 RDPWD - ok
19:04:41.0531 2828 [ CC0693C481502844A24EF71B90A7195E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:04:41.0687 2828 RDSessMgr - ok
19:04:41.0750 2828 [ A8EEE004A16AF1D583D9DE9F6DE250E0 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:04:41.0828 2828 redbook - ok
19:04:41.0875 2828 [ D9FF0C4EB3A3AEDBA4E7D75A74097F3C ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:04:41.0968 2828 RemoteAccess - ok
19:04:42.0000 2828 [ 78FBE7DA29307EDE7ED0E33F1C4969BC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:04:42.0109 2828 RemoteRegistry - ok
19:04:42.0156 2828 [ 33A8F0FE0005B2D79DF53441679F5149 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:04:42.0265 2828 RpcLocator - ok
19:04:42.0312 2828 [ 0C015AB735A4624C44CB5696E9208C4C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:04:42.0453 2828 RpcSs - ok
19:04:42.0484 2828 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:04:42.0593 2828 RSVP - ok
19:04:42.0625 2828 [ 0815E8DA286775FA432C7C9EE5E10BA1 ] SamSs C:\WINDOWS\system32\lsass.exe
19:04:42.0718 2828 SamSs - ok
19:04:42.0765 2828 [ 74B1E7FCFCA9A3A23871AA014144013E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:04:42.0859 2828 SCardSvr - ok
19:04:42.0921 2828 [ 546254D4769E165CDC3388D74B201FCB ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:04:43.0046 2828 Schedule - ok
19:04:43.0078 2828 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:04:43.0140 2828 Secdrv - ok
19:04:43.0171 2828 [ 241D074DAB2A67D2D7616CE7C8B05650 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:04:43.0281 2828 seclogon - ok
19:04:43.0312 2828 [ 688BE760C858E347A4E23186B725C86B ] SENS C:\WINDOWS\system32\sens.dll
19:04:43.0421 2828 SENS - ok
19:04:43.0468 2828 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:04:43.0593 2828 serenum - ok
19:04:43.0625 2828 [ DBAB3260E7EB3398CB87267D1410FAD4 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:04:43.0718 2828 Serial - ok
19:04:43.0859 2828 [ 8988D1F32F56B3CD3F0F6C39F8A91A98 ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
19:04:43.0984 2828 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:04:43.0984 2828 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:04:44.0015 2828 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:04:44.0109 2828 Sfloppy - ok
19:04:44.0109 2828 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
19:04:44.0234 2828 sfman - ok
19:04:44.0296 2828 [ 1DA364FA673E18BC1DE8F5CDF3657DBD ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:04:44.0437 2828 SharedAccess - ok
19:04:44.0484 2828 [ 500E8EF27757B1C463A4A263ED2C95D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:04:44.0593 2828 ShellHWDetection - ok
19:04:44.0593 2828 Simbad - ok
19:04:44.0656 2828 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:04:44.0765 2828 SLIP - ok
19:04:44.0781 2828 Sparrow - ok
19:04:44.0812 2828 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:04:44.0906 2828 splitter - ok
19:04:44.0921 2828 [ 216F8454A9415DD3E451B169DC3121C4 ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:04:45.0031 2828 Spooler - ok
19:04:45.0093 2828 [ 896F566AFC498077172EAE8A50E8BAF8 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:04:45.0125 2828 sr - ok
19:04:45.0156 2828 [ BA4E8AC9A60C4527C969D08F3ABE9D36 ] srservice C:\WINDOWS\system32\srsvc.dll
19:04:45.0234 2828 srservice - ok
19:04:45.0281 2828 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:04:45.0437 2828 Srv - ok
19:04:45.0468 2828 [ 1FBF38A525EEDD7402BFA7E27236A64F ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:04:45.0546 2828 SSDPSRV - ok
19:04:45.0609 2828 [ 2BB718BB4252909C389B3966492B0F30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:04:45.0734 2828 stisvc - ok
19:04:45.0781 2828 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:04:45.0890 2828 streamip - ok
19:04:45.0921 2828 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:04:46.0031 2828 swenum - ok
19:04:46.0093 2828 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:04:46.0171 2828 swmidi - ok
19:04:46.0187 2828 SwPrv - ok
19:04:46.0187 2828 symc810 - ok
19:04:46.0203 2828 symc8xx - ok
19:04:46.0203 2828 sym_hi - ok
19:04:46.0218 2828 sym_u3 - ok
19:04:46.0234 2828 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:04:46.0343 2828 sysaudio - ok
19:04:46.0390 2828 [ BC8B8694DEF74B4E6C626322D4321A54 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:04:46.0500 2828 SysmonLog - ok
19:04:46.0546 2828 [ 2F8CBA2D2A332EB5D2A7DC084E3B30B3 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:04:46.0671 2828 TapiSrv - ok
19:04:46.0734 2828 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:04:46.0843 2828 Tcpip - ok
19:04:46.0890 2828 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:04:46.0984 2828 TDPIPE - ok
19:04:47.0000 2828 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:04:47.0093 2828 TDTCP - ok
19:04:47.0125 2828 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:04:47.0234 2828 TermDD - ok
19:04:47.0312 2828 [ C06CD1890279603E15020757E02DE56B ] TermService C:\WINDOWS\System32\termsrv.dll
19:04:47.0437 2828 TermService - ok
19:04:47.0484 2828 [ 500E8EF27757B1C463A4A263ED2C95D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:04:47.0578 2828 Themes - ok
19:04:47.0609 2828 [ 2A9DAAEF2CC0333DB6F129F2F8B3D3FD ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:04:47.0656 2828 TlntSvr - ok
19:04:47.0671 2828 TosIde - ok
19:04:47.0703 2828 [ 6C7F265BD43A1D85103EC5CB1251D2B6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:04:47.0828 2828 TrkWks - ok
19:04:47.0843 2828 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:04:47.0937 2828 Udfs - ok
19:04:47.0937 2828 ultra - ok
19:04:47.0984 2828 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:04:48.0078 2828 Update - ok
19:04:48.0156 2828 [ 55D9782BFE8C70B70E892E51566BF7D4 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:04:48.0218 2828 upnphost - ok
19:04:48.0234 2828 [ 15629E4D65F97AB5432D6D9597CF6A33 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:04:48.0281 2828 upperdev - ok
19:04:48.0312 2828 [ E4896F38A3F8DACEA6EA8D7EC9889D91 ] UPS C:\WINDOWS\System32\ups.exe
19:04:48.0406 2828 UPS - ok
19:04:48.0453 2828 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:04:48.0453 2828 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:04:48.0453 2828 USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:04:48.0500 2828 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:04:48.0593 2828 usbehci - ok
19:04:48.0625 2828 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:04:48.0750 2828 usbhub - ok
19:04:48.0781 2828 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
19:04:48.0890 2828 usbser - ok
19:04:48.0921 2828 [ 5C17E6A11AA8BE53F79FD364BA19F0CE ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:04:48.0968 2828 UsbserFilt - ok
19:04:49.0015 2828 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:04:49.0125 2828 USBSTOR - ok
19:04:49.0171 2828 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:04:49.0281 2828 usbuhci - ok
19:04:49.0312 2828 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:04:49.0390 2828 VgaSave - ok
19:04:49.0437 2828 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:04:49.0515 2828 ViaIde - ok
19:04:49.0531 2828 [ 698869E82C57169F2140C04A272BF12B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:04:49.0625 2828 VolSnap - ok
19:04:49.0656 2828 [ 147C653AD61BD01556723B3C8C4FAFC8 ] VSS C:\WINDOWS\System32\vssvc.exe
19:04:49.0734 2828 VSS - ok
19:04:49.0781 2828 [ 8B97D00E5C6A593EBB605CE4B8A5CAA5 ] W32Time C:\WINDOWS\system32\w32time.dll
19:04:49.0890 2828 W32Time - ok
19:04:49.0937 2828 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:04:50.0062 2828 Wanarp - ok
19:04:50.0109 2828 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:04:50.0171 2828 Wdf01000 - ok
19:04:50.0171 2828 WDICA - ok
19:04:50.0203 2828 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:04:50.0296 2828 wdmaud - ok
19:04:50.0312 2828 [ EBA8DEA9E279A9A50B608BFF3CBC2CDE ] WebClient C:\WINDOWS\System32\webclnt.dll
19:04:50.0406 2828 WebClient - ok
19:04:50.0500 2828 [ A91ACDD987DC3E0E1FCEDDA6F1FFEF2A ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:04:50.0609 2828 winmgmt - ok
19:04:50.0656 2828 [ 68B975F737FA8F063F4036F9F8432F0A ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:04:50.0750 2828 WmdmPmSN - ok
19:04:50.0843 2828 [ 09BB0A2C325F7085E24FAE6134DE2D16 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:04:51.0046 2828 Wmi - ok
19:04:51.0093 2828 [ 0EE2A2754039B13A632489726689DAD0 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:04:51.0234 2828 WmiApSrv - ok
19:04:51.0296 2828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:04:51.0406 2828 WS2IFSL - ok
19:04:51.0484 2828 [ 17F70F4E37452A30C35565052AB68BE9 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:04:51.0609 2828 wscsvc - ok
19:04:51.0640 2828 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:04:51.0750 2828 WSTCODEC - ok
19:04:51.0812 2828 [ 4CBB7CC975E5B67022A7F95DFC6EF9EC ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:04:51.0890 2828 wuauserv - ok
19:04:51.0984 2828 [ 312913174D070ED81E9D78DA7B648774 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:04:52.0125 2828 WZCSVC - ok
19:04:52.0156 2828 [ 3208BAD59EFA3F4FCCCFBF1317F2A1C1 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:04:52.0250 2828 xmlprov - ok
19:04:52.0265 2828 ================ Scan global ===============================
19:04:52.0312 2828 [ 7B37B598B55BF80415C15BFFE7A992A2 ] C:\WINDOWS\system32\basesrv.dll
19:04:52.0343 2828 [ 09A89DEE6E15E360B52E556E2A46D97C ] C:\WINDOWS\system32\winsrv.dll
19:04:52.0390 2828 [ 09A89DEE6E15E360B52E556E2A46D97C ] C:\WINDOWS\system32\winsrv.dll
19:04:52.0406 2828 [ E77F6FA2A15390F1727F4C1C55B69DA6 ] C:\WINDOWS\system32\services.exe
19:04:52.0406 2828 [Global] - ok
19:04:52.0406 2828 ================ Scan MBR ==================================
19:04:52.0437 2828 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
19:04:52.0468 2828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
19:04:52.0468 2828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
19:04:52.0468 2828 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:04:52.0468 2828 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:04:52.0484 2828 [ 86189AF0A46B8BE8BAB644B1DAD971B4 ] \Device\Harddisk1\DR1
19:04:52.0484 2828 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - infected
19:04:52.0484 2828 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Sinowal.b (0)
19:04:52.0531 2828 ================ Scan VBR ==================================
19:04:52.0531 2828 [ 0756B9D2F2AF40998785816CE08A59C8 ] \Device\Harddisk0\DR0\Partition1
19:04:52.0531 2828 \Device\Harddisk0\DR0\Partition1 - ok
19:04:52.0546 2828 [ 36B561A5BF95DC76739960C17CFC3B20 ] \Device\Harddisk1\DR1\Partition1
19:04:52.0546 2828 \Device\Harddisk1\DR1\Partition1 - ok
19:04:52.0546 2828 ============================================================
19:04:52.0546 2828 Scan finished
19:04:52.0546 2828 ============================================================
19:04:52.0687 2812 Detected object count: 9
19:04:52.0687 2812 Actual detected object count: 9
19:05:30.0078 2812 CAM1690 ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0078 2812 CAM1690 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0078 2812 CnxTrLan ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0078 2812 CnxTrLan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0093 2812 CnxTrUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0093 2812 CnxTrUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0093 2812 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0093 2812 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0093 2812 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0093 2812 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0093 2812 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:30.0093 2812 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:30.0578 2812 \Device\Harddisk0\DR0\# - copied to quarantine
19:05:30.0578 2812 \Device\Harddisk0\DR0 - copied to quarantine
19:05:30.0640 2812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
19:05:30.0765 2812 \Device\Harddisk0\DR0 - ok
19:05:30.0765 2812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
19:05:30.0765 2812 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:05:30.0765 2812 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:05:30.0984 2812 \Device\Harddisk1\DR1\# - copied to quarantine
19:05:30.0984 2812 \Device\Harddisk1\DR1 - copied to quarantine
19:05:31.0000 2812 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
19:05:31.0078 2812 \Device\Harddisk1\DR1 - ok
19:05:31.0078 2812 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
19:05:46.0265 2052 Deinitialize success



e secondo:

19:10:52.0750 1248 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:10:54.0453 1248 ============================================================
19:10:54.0453 1248 Current date / time: 2013/02/11 19:10:54.0453
19:10:54.0453 1248 SystemInfo:
19:10:54.0453 1248
19:10:54.0453 1248 OS Version: 5.1.2600 ServicePack: 2.0
19:10:54.0453 1248 Product type: Workstation
19:10:54.0453 1248 ComputerName: AS-96CE7B7CFD49
19:10:54.0468 1248 UserName: Fabrizio
19:10:54.0468 1248 Windows directory: C:\WINDOWS
19:10:54.0468 1248 System windows directory: C:\WINDOWS
19:10:54.0468 1248 Processor architecture: Intel x86
19:10:54.0468 1248 Number of processors: 1
19:10:54.0468 1248 Page size: 0x1000
19:10:54.0468 1248 Boot type: Normal boot
19:10:54.0468 1248 ============================================================
19:10:57.0546 1248 BG loaded
19:10:58.0109 1248 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:10:58.0312 1248 Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:10:58.0515 1248 ============================================================
19:10:58.0515 1248 \Device\Harddisk0\DR0:
19:10:58.0531 1248 MBR partitions:
19:10:58.0531 1248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
19:10:58.0531 1248 \Device\Harddisk1\DR1:
19:10:58.0578 1248 MBR partitions:
19:10:58.0578 1248 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
19:10:58.0578 1248 ============================================================
19:10:58.0671 1248 C: <-> \Device\Harddisk0\DR0\Partition1
19:10:58.0796 1248 D: <-> \Device\Harddisk1\DR1\Partition1
19:10:58.0828 1248 ============================================================
19:10:58.0828 1248 Initialize success
19:10:58.0828 1248 ============================================================
19:12:24.0265 0168 Deinitialize success


Grazie tante ancora

[Luke57]

Ciao, ok, l'infezione all'MBR è stata eliminata, adesso Scarica OTL,
http://oldtimer.geekstogo.com/OTL.exe
salvalo sul desktop,doppio click sulla sua icona.
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output

A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)
Inserisci su wikisend otl.txt.

[spizzo9]

Ecco fatto... Sei un grande!!

http://wikisend.com/download/146388/OTL.Txt

[Luke57]

Ciao, apri otl.exe. copia e incolla il seguente scipt sul box bianco e premi runfix.
Al riavvio, posta il report

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-1482476501-854245398-839522115-1003..\Run: [lollipop] "c:\documents and settings\fabrizio\impostazioni locali\dati applicazioni\lollipop\lollipop.exe" lollipop File not found

:commands
[emptytemp]

[spizzo9]

Ecco il report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1482476501-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fabrizio
->Temp folder emptied: 1676234 bytes
->Temporary Internet Files folder emptied: 243960144 bytes
->Flash cache emptied: 3082 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295124 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122013_160038

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Fabrizio\Impostazioni locali\Temp\~DF769A.tmp not found!
File\Folder C:\Documents and Settings\Fabrizio\Impostazioni locali\Temp\~DF86A4.tmp not found!
C:\Documents and Settings\Fabrizio\Impostazioni locali\Temporary Internet Files\Content.IE5\YC2G5ZHS\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Fabrizio\Impostazioni locali\Temporary Internet Files\Content.IE5\XL7AV2LE\ads[8].htm moved successfully.
C:\Documents and Settings\Fabrizio\Impostazioni locali\Temporary Internet Files\Content.IE5\XL7AV2LE\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Fabrizio\Impostazioni locali\Temporary Internet Files\Content.IE5\TS8C7UX5\ads[9].htm moved successfully.
C:\Documents and Settings\Fabrizio\Impostazioni locali\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[spizzo9]

Finalmente nn sto piu avendo problemi, grazie mille veramente!
Un'ultima cosa: ho letto in qualche posto indietro che si consiglia poi l'uso di alcuni programmini ( TFC / OTC) per eliminare file e programmi utilizzati per la pulizia del pc, devo farlo anch'io? Anche perchè adesso ho sul desktop ancora tutti i programmi scaricati e i report salvati...
Bunaserata e grazie ancora per la pazienza!

[Luke57]

Ciao, apri otl.exe e premi il tasto cleanup. Rimuoverai otl e combofix.
fai pulizia dei file temp con ccleaner
http://www.filehippo.com/download_ccleaner/
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

[leleg84]

Ciao Luke57.. anche io ho lo stesso problema relativo a fastidiose pagine pubblicitarie che si aprono da sole, inerenti a parole che ricerco quando sono su google!! ..potresti aiutare anche me perfavore?? ho scaricato combofix come suggerito e questo è il log che mi ha rilasciato:

ComboFix 13-02-26.01 - user 27/02/2013 22:25:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8173.6597 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\DealScout
c:\program files (x86)\DealScout\dealscout.dll
c:\program files (x86)\DealScout\installer.ico
c:\program files (x86)\DealScout\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\users\Public\sdelevURL.tmp
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\windows\SysWow64\tmp75FA.tmp
c:\windows\SysWow64\tmp75FB.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-27 al 2013-02-27 )))))))))))))))))))))))))))))))))))
.
.
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\windows\SysWow64\Extensions
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\programdata\BrowserProtect
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\users\user\AppData\Roaming\BabSolution
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\program files (x86)\Delta
2013-02-27 21:10 . 2013-02-27 21:10 -------- d-----w- c:\users\user\AppData\Roaming\Delta
2013-02-27 21:08 . 2013-02-27 21:08 -------- d-----w- c:\users\user\AppData\Local\Tiger Savings
2013-02-27 21:08 . 2013-02-27 21:08 -------- d-----w- c:\users\user\AppData\Local\Updater12767
2013-02-27 21:08 . 2013-02-27 21:08 -------- d-----w- c:\users\user\AppData\Roaming\Searchya
2013-02-27 21:08 . 2013-02-27 21:08 -------- d-----w- c:\program files (x86)\Tiger Savings
2013-02-27 21:07 . 2013-02-27 21:08 -------- d-----w- c:\program files (x86)\SearchYa!
2013-02-27 19:57 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-27 19:57 . 2013-02-27 19:57 -------- d-----w- c:\program files\iPod
2013-02-27 19:57 . 2013-02-27 19:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-27 19:57 . 2013-02-27 19:57 -------- d-----w- c:\program files\iTunes
2013-02-27 19:57 . 2013-02-27 19:57 -------- d-----w- c:\program files (x86)\iTunes
2013-02-27 19:56 . 2013-02-27 19:56 -------- d-----w- c:\program files\Bonjour
2013-02-27 19:56 . 2013-02-27 19:56 -------- d-----w- c:\program files (x86)\Bonjour
2013-02-27 10:08 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3BB9EAD-6C7F-484F-933A-25D3442DE091}\mpengine.dll
2013-02-25 20:37 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-13 12:11 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:11 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:09 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-13 12:09 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-13 11:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 11:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 11:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 11:06 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 11:06 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 11:06 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 11:06 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 11:06 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 11:06 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 11:06 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 11:06 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 11:06 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 21:16 . 2013-02-11 21:16 -------- d-----w- c:\users\user\AppData\Roaming\IsolatedStorage
2013-02-11 21:16 . 2013-02-11 21:16 -------- d-----w- c:\programdata\IsolatedStorage
2013-02-11 21:16 . 2013-02-11 21:16 -------- d-----w- c:\users\user\AppData\Local\_
2013-01-30 10:55 . 2013-01-30 10:56 -------- d-----w- c:\windows\SysWow64\jmdp
2013-01-30 10:55 . 2013-01-30 10:55 -------- d-----w- c:\windows\SysWow64\ARFC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:18 . 2012-03-30 19:39 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 22:18 . 2011-12-17 22:39 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 12:13 . 2011-12-15 19:33 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-29 12:37 . 2012-09-04 14:18 1361200 ----a-w- c:\windows\system32\dmwu.exe
2013-01-29 12:36 . 2012-09-04 14:18 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-04 21:52 . 2013-01-04 21:52 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-01-04 21:52 . 2013-01-04 21:52 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-04 21:52 . 2013-01-04 21:52 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-01-04 21:52 . 2013-01-04 21:52 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-01-04 21:52 . 2013-01-04 21:52 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-01-04 21:52 . 2013-01-04 21:52 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-01-04 21:52 . 2013-01-04 21:52 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-01-04 21:52 . 2013-01-04 21:52 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-01-04 21:52 . 2013-01-04 21:52 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-01-04 21:52 . 2013-01-04 21:52 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-01-04 21:52 . 2013-01-04 21:52 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-01-04 21:52 . 2013-01-04 21:52 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-01-04 21:52 . 2013-01-04 21:52 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-01-04 21:52 . 2013-01-04 21:52 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-01-04 21:52 . 2013-01-04 21:52 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-01-04 21:52 . 2013-01-04 21:52 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-01-04 21:52 . 2013-01-04 21:52 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-01-04 21:52 . 2013-01-04 21:52 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-01-04 21:52 . 2013-01-04 21:52 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-01-04 21:52 . 2013-01-04 21:52 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-01-04 21:52 . 2013-01-04 21:52 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-01-04 21:52 . 2013-01-04 21:52 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-04 21:52 . 2013-01-04 21:52 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-04 21:52 . 2013-01-04 21:52 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-01-04 21:52 . 2013-01-04 21:52 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-01-04 21:52 . 2013-01-04 21:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-04 21:52 . 2013-01-04 21:52 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-04 21:52 . 2013-01-04 21:52 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-04 21:52 . 2013-01-04 21:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-04 21:52 . 2013-01-04 21:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-04 21:52 . 2013-01-04 21:52 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-04 21:52 . 2013-01-04 21:52 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-04 21:51 . 2013-01-04 21:51 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-04 21:51 . 2013-01-04 21:51 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-04 04:43 . 2013-02-13 11:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 14:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 14:52 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:52 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 08:59 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 08:59 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 08:59 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:59 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 08:59 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 08:59 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 08:59 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 08:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 08:59 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 08:59 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 08:59 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 08:59 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 08:59 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 08:59 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 08:59 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 08:59 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 08:59 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 08:59 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:59 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:59 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 08:59 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:59 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:59 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:59 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:59 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:59 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:59 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:59 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 08:59 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:59 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:59 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 08:59 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 08:58 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 08:58 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 08:58 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 08:58 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 08:58 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 08:58 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 08:58 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111271167}]
2013-02-27 21:08 704392 ----a-w- c:\program files (x86)\Tiger Savings\Tiger Savings.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}]
2013-02-27 21:07 247856 ----a-w- c:\program files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:28 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{33AA308B-B565-4376-AC66-59EE9B6AD13E}"= "c:\program files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll" [2013-02-27 322096]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{33aa308b-b565-4376-ac66-59ee9b6ad13e}]
[HKEY_CLASSES_ROOT\ironsource.searchyadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\ironsource.searchyadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MagicTuneLauncher"="c:\program files (x86)\MagicTune Premium\MagicTuneLauncher.exe" [2011-01-04 51712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files (x86)\MagicTune Premium\GammaTray.exe [2011-12-17 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\user\AppData\Local\PosService\Pos.exe [2011-12-16 164352]
R2 ServUpdater;Serv Updater;c:\users\user\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-04 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-04 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-01-04 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-02-21 2561488]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-01-29 1361200]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-29 188760]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-10 279616]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:18]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2272092710-309658758-1312883273-1000Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 11:36]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2272092710-309658758-1312883273-1000UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 11:36]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 22:39]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2011-05-26 53760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=1195 ... dae9e95a64
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.searchya.com/?f=1&a=grupo1y& ... 745392&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6FF80D01-79CC-4E0B-B8E6-2453F31ACF21}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - c:\program files (x86)\DealScout\dealscout.dll
AddRemove-DealScout - c:\program files (x86)\DealScout\uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2272092710-309658758-1312883273-1000\Software\Magic Tune\MagicTune\MONINFO\type(LCD)model(300)mccs_ver(2.0)vcp(04 05 08 10 12 14(03 04 02 07 08 0B) 16 18 1A 60(01 03) 87 B0(01 02) B6 C6 C8 C9 D6(01 04) DC(01 02 03 06 F0 FB) DB(00 04 FD FE) DF E8(00 07 09 0A FE) E9 EB(00 01 09 FD) EC(00 01 02 03 04 06 05) F0(00 01 02 03) F2 F6 F7(00 02 03) )mswhql(1))*]
"Manufacturer"="UNKNOWN"
"Description"=""
"Plug and Play ID"="@@@0000"
"Serial Number"=""
"Manufacture Date"="0 Week,1990 Year"
"EDID Revision"="Version 0.0"
"Display Type and Signal"="Analog 0.700,0.300 (1.00 Vp-p)"
"Timing Recommendation"=" @0.0 Hz"
"Screen Size"="0 x 0 mm"
"Display Gamma"="1.000"
"Red Chromaticity"="Rx 0.000 - Ry 0.000"
"Green Chromaticity"="Gx 0.000 - Gy 0.000"
"Blue Chromaticity"="Bx 0.000 - By 0.000"
"White Point"="Wx 0.000 - Wy 0.000"
"EEPROM Version"=dword:000000ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\jmdp\stij.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2013-02-27 22:34:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-02-27 21:34
.
Pre-Run: 1.849.154.670.592 byte disponibili
Post-Run: 1.848.789.544.960 byte disponibili
.
- - End Of File - - 13A32FC73C1027664E3A235F81B17284