Impossibile accedere ad alcuni siti

[Federico.]

Buon pomeriggio a tutti, mi sono iscritto poco fa: ) Ho visto che sapete parecchie cose, spero che qualcuno di voi mi possa dare una mano. Il mio problema è il seguente: Vorrei scaricare un buon antivirus gratis, ma non mi è permesso accedere a nessun sito per scaricare antivirus. Ho già letto altre discussioni a riguardo ma mi è sembrato di capire che ogni caso è a se, quindi spero di non sbagliare ad aprire questo topic. Cosa potrei fare per risolvere? P.S. io ne capisco veramente poco di queste cose, quindi se esiste una soluzione mi potreste spiegare passo per passo? Grazie mille a chi avrà voglia di aiutarmi. Federico: )

[shel]

ciao scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[Federico.]

Grazie shel: ) Ecco quello che mi hai chiesto:

ComboFix 14-04-09.02 - Stefano 10/04/2014 0.47.31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.713 [GMT 2:00]
Eseguito da: c:\documents and settings\Stefano\Documenti\Download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Stefano\Dati applicazioni\inst.exe
c:\windows\IsUn0410.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\i
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSWINDOWS
-------\Legacy_NET_SERVICE
.
.
((((((((((((((((((((((((( Files Creati Da 2014-03-09 al 2014-04-09 )))))))))))))))))))))))))))))))))))
.
.
2014-03-30 09:55 . 2014-03-30 09:55 55232 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-30 08:24 . 2014-03-30 08:24 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2014-03-30 08:24 . 2014-03-30 08:24 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 08:22 . 2014-03-30 10:21 -------- d-----w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 08:22 . 2014-03-30 08:24 -------- d-----w- c:\programmi\File Type Assistant
2014-03-30 08:21 . 2014-03-30 14:50 -------- d-----w- c:\programmi\Mega Browse
2014-03-29 22:31 . 2014-03-29 22:41 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Movienizer
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\FileViewPro
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\IsolatedStorage
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2014-03-29 21:13 . 2014-03-29 21:17 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Solvusoft
2014-03-29 21:11 . 2014-03-29 21:11 -------- d-----w- C:\Spacekace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 05:57 . 2013-01-02 18:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 05:57 . 2011-12-26 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-03 20:10 339968 ----a-w- c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 14:39 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
2001-12-20 00:00 28672 ------w- c:\programmi\Creative\Splash Screen\CTEaxSpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-04 17:52 136176 ----atw- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\programmi\Creative\SBAudigy\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 12:37 135536 ----a-w- c:\programmi\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 10:22 589824 ----a-w- c:\programmi\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]
2002-05-08 00:00 122880 ----a-w- c:\programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
2001-06-29 00:00 163840 ----a-w- c:\programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 09:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File Type Assistant\\tsassist.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5621:TCP"= 5621:TCP:rxhacc
"12186:TCP"= 12186:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [30/03/2014 11.55.07 55232]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 16.19.22 39056]
S2 ivfvuk;Update Windows;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S2 mlkkd;xlqbdmpqf;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S2 pkvsyinu;Monitor Center;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 13.55.20 161536]
S2 vphwgg;Update Config;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S2 xvsmlg;mljvx;c:\windows\system32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [11/01/2012 8.11.20 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [22/02/2012 12.34.36 22400]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [28/05/2012 19.14.58 30576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19/12/2010 11.49.37 47360]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pkvsyinu
vphwgg
ivfvuk
xvsmlg
mlkkd
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 05:57]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004Core.job
- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 17:52]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004UA.job
- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 17:52]
.
2014-03-30 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\programmi\File Type Assistant\TSASetup.exe [2014-03-30 11:52]
.
2014-04-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\programmi\File Type Assistant\tsassist.exe [2014-03-30 11:02]
.
2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Free YouTube Download - c:\documents and settings\Stefano\Dati applicazioni\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\m5k843n4.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
MSConfigStartUp-ApnUpdater - c:\programmi\Ask.com\Updater\Updater.exe
MSConfigStartUp-ManyCam - c:\programmi\ManyCam\Bin\ManyCam.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0410.EXE
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\programmi\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-10 00:54
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivfvuk]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlkkd]
"ServiceDll"="c:\windows\system32\xfdrx.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkvsyinu]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vphwgg]
.
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xvsmlg]
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\CTsvcCDA.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\MsPMSPSv.exe
.
**************************************************************************
.
Ora fine scansione: 2014-04-10 00:56:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-04-09 22:56
.
Pre-Run: 19.648.155.648 byte disponibili
Post-Run: 19.555.639.296 byte disponibili
.
- - End Of File - - 8663DD3C404833827A227FCC22A3AB38
828E02D5C4A4FBE53441EE9DBEE51F43


Spero di non aver sbagliato niente. Tra l'altro, è normale che dal nulla sul desktop mi è comparsa l'icona di Internet Explorer? A presto: )

[shel]

sposta combofix dalla cartella download e mettilo sul desktop come ti avevo indicato dall'inizio

apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Codice: Seleziona tutto

file::
c:\windows\system32\xfdrx.dll
c:\windows\system32\drivers\tStLibG.sys

driver::
xvsmlg
ivfvuk
mlkkd
xlqbdmpqf
vphwgg
mljvx
pkvsyinu

NetSvcs::
pkvsyinu
vphwgg
ivfvuk
xvsmlg
mlkkd

registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivfvuk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlkkd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkvsyinu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vphwgg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xvsmlg]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5621:TCP"=-

salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file CFScript.txt sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[Federico.]

Ecco qui:

ComboFix 14-04-09.02 - Stefano 10/04/2014 14.26.10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.612 [GMT 2:00]
Eseguito da: c:\documents and settings\Stefano\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\Stefano\Documenti\Download\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\windows\system32\drivers\tStLibG.sys"
"c:\windows\system32\xfdrx.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\tStLibG.sys
c:\windows\system32\xfdrx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IVFVUK
-------\Legacy_MLKKD
-------\Legacy_PKVSYINU
-------\Legacy_VPHWGG
-------\Legacy_XVSMLG
-------\Service_ivfvuk
-------\Service_mlkkd
-------\Service_pkvsyinu
-------\Service_vphwgg
-------\Service_xvsmlg
-------\Legacy_tStLibG
-------\Service_tStLibG
.
.
((((((((((((((((((((((((( Files Creati Da 2014-03-10 al 2014-04-10 )))))))))))))))))))))))))))))))))))
.
.
2014-03-30 08:24 . 2014-03-30 08:24 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2014-03-30 08:24 . 2014-03-30 08:24 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 08:22 . 2014-03-30 10:21 -------- d-----w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 08:22 . 2014-03-30 08:24 -------- d-----w- c:\programmi\File Type Assistant
2014-03-30 08:21 . 2014-03-30 14:50 -------- d-----w- c:\programmi\Mega Browse
2014-03-29 22:31 . 2014-03-29 22:41 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Movienizer
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\FileViewPro
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\IsolatedStorage
2014-03-29 21:15 . 2014-03-29 21:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2014-03-29 21:13 . 2014-03-29 21:17 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Solvusoft
2014-03-29 21:11 . 2014-03-29 21:11 -------- d-----w- C:\Spacekace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 05:57 . 2013-01-02 18:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 05:57 . 2011-12-26 16:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-03 20:10 339968 ----a-w- c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 14:39 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
2001-12-20 00:00 28672 ------w- c:\programmi\Creative\Splash Screen\CTEaxSpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-04 17:52 136176 ----atw- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 ----a-w- c:\programmi\Creative\SBAudigy\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 12:37 135536 ----a-w- c:\programmi\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 10:22 589824 ----a-w- c:\programmi\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]
2002-05-08 00:00 122880 ----a-w- c:\programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
2001-06-29 00:00 163840 ----a-w- c:\programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 09:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File Type Assistant\\tsassist.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12186:TCP"= 12186:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 16.19.22 39056]
R2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 13.55.20 161536]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [11/01/2012 8.11.20 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [22/02/2012 12.34.36 22400]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [28/05/2012 19.14.58 30576]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19/12/2010 11.49.37 47360]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 05:57]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004Core.job
- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 17:52]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004UA.job
- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-04 17:52]
.
2014-03-30 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\programmi\File Type Assistant\TSASetup.exe [2014-03-30 11:52]
.
2014-04-10 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\programmi\File Type Assistant\tsassist.exe [2014-03-30 11:02]
.
2014-04-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Free YouTube Download - c:\documents and settings\Stefano\Dati applicazioni\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\m5k843n4.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-10 14:32
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\CTsvcCDA.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\System32\NOTEPAD.EXE
c:\windows\System32\NOTEPAD.EXE
.
**************************************************************************
.
Ora fine scansione: 2014-04-10 14:34:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-04-10 12:34
ComboFix2.txt 2014-04-09 22:56
.
Pre-Run: 19.560.734.720 byte disponibili
Post-Run: 19.547.463.680 byte disponibili
.
- - End Of File - - 9410C5AD41FB72540D2D19734367D74E
828E02D5C4A4FBE53441EE9DBEE51F43

[shel]

vedi se ora riesci a scaricare un antivirus serio come = > avira free

aggiornalo e fai una scansione completa del sistema, allega il log di fine scansione

[Federico.]

Devo darti una brutta notizia shel, purtroppo non mi fa ancora accedere al sito: (
Mi conviene rinunciarci o c'è ancora qualche speranza?
Eppure fino a un po' di tempo fa riuscivo, poi non so cosa sia successo... : (
Intanto, grazie ancora per la tua pazienza; )

[shel]

fai questa scansione

scarica FRST e mettilo sul desktop scegli la versione per il tuo S.O. 32 o 64 bit
quando ti chiede di accettare le condizioni clicca YES e poi scegli SCAN
finita la scansione il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.

Allegalo nella tua prossima risposta

[Federico.]

Eccolo:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Stefano (administrator) on STEFANO-SFTT3T5 on 11-04-2014 02:14:51
Running from C:\Documents and Settings\Stefano\Desktop
Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: Italian Standard
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe
(Creative Technology Ltd) C:\WINDOWS\System32\CTsvcCDA.exe
(Oracle Corporation) C:\Programmi\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Programmi\Microsoft LifeCam\MSCamS32.exe
() C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\MsPMSPSv.exe
(Mozilla Corporation) C:\Programmi\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\AtiExtEvent: C:\windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: []

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Indirizzo - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - Co&llegamenti - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8413184 2004-08-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C5B35E0-0557-45D1-BFC2-A8D5370A6EC0}: [NameServer]85.37.17.40 85.38.28.85

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\m5k843n4.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programmi\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\m5k843n4.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-09-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.it/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Programmi\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programmi\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Programmi\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Programmi\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2012-05-17]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 6to4; C:\windows\System32\6to4svc.dll [100352 2004-08-19] (Microsoft Corporation)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-05-03] ()
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
R2 JavaQuickStarterService; C:\Programmi\Java\jre7\bin\jqs.exe [182184 2013-06-12] (Oracle Corporation)
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-29] (Mozilla Foundation)
R2 MSCamSvc; C:\Programmi\Microsoft LifeCam\MSCamS32.exe [135536 2010-12-13] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SkypeUpdate; C:\Programmi\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\windows\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R3 gameenum; C:\windows\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation)
R3 ha10kx2k; C:\windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
S3 nm; C:\windows\System32\DRIVERS\NMnt.sys [40320 2004-08-03] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
R3 rtl8139; C:\windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\windows\System32\DRIVERS\secdrv.sys [27440 2003-04-08] ()
R1 Tcpip6; C:\windows\System32\DRIVERS\tcpip6.sys [223616 2004-08-04] (Microsoft Corporation)
R0 viaagp1; C:\windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 viamraid; C:\windows\System32\DRIVERS\viamraid.sys [60928 2005-04-26] (VIA Technologies inc,.ltd)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; System32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; System32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; No ImagePath
U4 RemoteRegistry;
U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)
U3 TlntSvr;
U3 mbr; \??\C:\DOCUME~1\Stefano\IMPOST~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: zchqmsw -> No Registry Path.

==================== One Month Created Files and Folders ========

2014-04-11 02:14 - 2014-04-11 02:14 - 00015757 _____ () C:\Documents and Settings\Stefano\Desktop\FRST.txt
2014-04-11 02:12 - 2014-04-11 02:13 - 00000000 ____D () C:\FRST
2014-04-11 02:10 - 2014-04-11 02:11 - 01145856 _____ (Farbar) C:\Documents and Settings\Stefano\Desktop\FRST.exe
2014-04-10 14:34 - 2014-04-10 14:34 - 00012934 _____ () C:\ComboFix.txt
2014-04-10 14:18 - 2014-04-10 14:18 - 00000644 _____ () C:\Documents and Settings\Stefano\Desktop\Collegamento a ComboFix.exe.lnk
2014-04-10 00:52 - 2014-04-10 14:56 - 00012336 _____ () C:\windows\WindowsUpdate.log
2014-04-10 00:52 - 2014-04-10 14:31 - 00008192 ____H () C:\windows\system32\config\SECURITY.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\system.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\software.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\SAM.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\default.tmp.LOG
2014-04-10 00:45 - 2014-04-10 14:35 - 00000000 ____D () C:\Qoobox
2014-04-10 00:45 - 2014-04-10 14:30 - 00000000 ____D () C:\windows\erdnt
2014-04-10 00:45 - 2014-04-10 00:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Documenti\Video
2014-04-10 00:45 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-10 00:45 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-10 00:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-10 00:45 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Menu Avvio\Programmi
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Menu Avvio
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 10:22 - 2014-04-10 14:32 - 00000382 _____ () C:\windows\Tasks\ProgramUpdateCheck.job
2014-03-30 10:22 - 2014-03-30 12:21 - 00000000 ____D () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 10:22 - 2014-03-30 10:24 - 00000438 _____ () C:\windows\Tasks\ProgramRefresh-ATFST.job
2014-03-30 10:22 - 2014-03-30 10:24 - 00000000 ____D () C:\Programmi\File Type Assistant
2014-03-30 10:21 - 2014-03-30 16:50 - 00000000 ____D () C:\Programmi\Mega Browse
2014-03-30 10:11 - 2014-03-30 10:11 - 00000000 ___RD () C:\Documents and Settings\Stefano\Documenti\Video
2014-03-30 00:31 - 2014-03-30 00:41 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\Movienizer
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\FileViewPro
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\IsolatedStorage
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\IsolatedStorage
2014-03-29 23:13 - 2014-03-29 23:17 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\Solvusoft
2014-03-29 23:11 - 2014-03-29 23:11 - 00000000 ____D () C:\Spacekace
2014-03-29 12:34 - 2014-03-30 13:55 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\MOTEL9
2014-03-29 12:28 - 2014-03-29 12:28 - 00000000 ____D () C:\Programmi\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-11 02:14 - 2014-04-11 02:14 - 00015757 _____ () C:\Documents and Settings\Stefano\Desktop\FRST.txt
2014-04-11 02:14 - 2013-01-22 19:11 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\Download
2014-04-11 02:13 - 2014-04-11 02:12 - 00000000 ____D () C:\FRST
2014-04-11 02:11 - 2014-04-11 02:10 - 01145856 _____ (Farbar) C:\Documents and Settings\Stefano\Desktop\FRST.exe
2014-04-11 02:06 - 2012-01-04 19:52 - 00001250 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004UA.job
2014-04-11 02:04 - 2010-12-19 07:38 - 00000000 ____D () C:\windows\system32\Restore
2014-04-11 01:56 - 2013-01-02 20:44 - 00000978 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 00:20 - 2012-01-04 19:54 - 00002352 _____ () C:\Documents and Settings\Stefano\Desktop\Google Chrome.lnk
2014-04-10 14:56 - 2014-04-10 00:52 - 00012336 _____ () C:\windows\WindowsUpdate.log
2014-04-10 14:56 - 2010-12-19 07:45 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-10 14:35 - 2014-04-10 00:45 - 00000000 ____D () C:\Qoobox
2014-04-10 14:35 - 2011-12-29 12:49 - 00000000 ___HD () C:\Documents and Settings\Administrator\Impostazioni locali
2014-04-10 14:35 - 2010-12-19 07:46 - 00000000 ___HD () C:\Documents and Settings\Stefano\Impostazioni locali
2014-04-10 14:35 - 2010-12-19 07:45 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Impostazioni locali
2014-04-10 14:35 - 2010-12-19 07:45 - 00000000 ___HD () C:\Documents and Settings\LocalService\Impostazioni locali
2014-04-10 14:34 - 2014-04-10 14:34 - 00012934 _____ () C:\ComboFix.txt
2014-04-10 14:32 - 2014-03-30 10:22 - 00000382 _____ () C:\windows\Tasks\ProgramUpdateCheck.job
2014-04-10 14:32 - 2014-02-19 03:25 - 00000274 _____ () C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
2014-04-10 14:32 - 2012-05-28 18:53 - 00000159 _____ () C:\windows\wiadebug.log
2014-04-10 14:32 - 2012-05-28 18:53 - 00000050 _____ () C:\windows\wiaservc.log
2014-04-10 14:32 - 2010-12-19 07:40 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-10 14:32 - 2003-04-08 14:00 - 00000227 _____ () C:\windows\system.ini
2014-04-10 14:31 - 2014-04-10 00:52 - 00008192 ____H () C:\windows\system32\config\SECURITY.tmp.LOG
2014-04-10 14:31 - 2010-12-19 08:14 - 00001080 _____ () C:\windows\system32\settingsbkup.sfm
2014-04-10 14:31 - 2010-12-19 08:14 - 00001080 _____ () C:\windows\system32\settings.sfm
2014-04-10 14:31 - 2010-12-19 08:14 - 00000024 _____ () C:\windows\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
2014-04-10 14:31 - 2010-12-19 08:14 - 00000024 _____ () C:\windows\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
2014-04-10 14:31 - 2010-12-19 07:46 - 00000194 ___SH () C:\Documents and Settings\Stefano\ntuser.ini
2014-04-10 14:31 - 2010-12-19 04:12 - 18698240 _____ () C:\windows\system32\config\software.bak
2014-04-10 14:31 - 2010-12-19 04:12 - 05242880 _____ () C:\windows\system32\config\system.bak
2014-04-10 14:31 - 2010-12-19 04:12 - 00454656 _____ () C:\windows\system32\config\default.bak
2014-04-10 14:31 - 2010-12-19 03:13 - 00049152 _____ () C:\windows\system32\config\SECURITY.bak
2014-04-10 14:31 - 2010-12-19 03:13 - 00024576 _____ () C:\windows\system32\config\SAM.bak
2014-04-10 14:30 - 2014-04-10 00:45 - 00000000 ____D () C:\windows\erdnt
2014-04-10 14:29 - 2010-12-19 03:14 - 00000000 ____D () C:\Programmi\File comuni
2014-04-10 14:26 - 2010-12-19 07:46 - 00000000 __RHD () C:\Documents and Settings\Stefano\Dati applicazioni
2014-04-10 14:24 - 2010-12-19 07:45 - 00032490 _____ () C:\windows\SchedLgU.Txt
2014-04-10 14:18 - 2014-04-10 14:18 - 00000644 _____ () C:\Documents and Settings\Stefano\Desktop\Collegamento a ComboFix.exe.lnk
2014-04-10 04:57 - 2012-12-29 11:48 - 00524288 _____ () C:\windows\system32\config\ACEEvent.evt
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\system.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\software.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\SAM.tmp.LOG
2014-04-10 00:52 - 2014-04-10 00:52 - 00000000 ____H () C:\windows\system32\config\default.tmp.LOG
2014-04-10 00:45 - 2014-04-10 00:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Documenti\Video
2014-04-10 00:45 - 2010-12-19 07:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Documenti
2014-04-09 19:17 - 2011-12-26 16:10 - 00000000 ___SD () C:\Documents and Settings\Stefano\UserData
2014-04-09 19:17 - 2010-12-19 07:46 - 00000000 ____D () C:\Documents and Settings\Stefano
2014-04-09 15:17 - 2003-04-08 14:00 - 00002422 _____ () C:\windows\system32\wpa.dbl
2014-04-09 02:28 - 2014-02-19 03:25 - 00000282 _____ () C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1993962763-682003330-1004.job
2014-03-30 23:57 - 2010-12-19 07:46 - 00000000 ___RD () C:\Documents and Settings\Stefano\Documenti
2014-03-30 16:50 - 2014-03-30 10:21 - 00000000 ____D () C:\Programmi\Mega Browse
2014-03-30 13:55 - 2014-03-29 12:34 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\MOTEL9
2014-03-30 12:21 - 2014-03-30 10:22 - 00000000 ____D () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 11:55 - 2003-04-08 14:00 - 00000589 _____ () C:\windows\win.ini
2014-03-30 11:06 - 2012-01-04 19:52 - 00001198 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1993962763-682003330-1004Core.job
2014-03-30 10:26 - 2010-12-19 07:46 - 00000000 ___HD () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni
2014-03-30 10:26 - 2010-12-19 07:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Avvio\Programmi
2014-03-30 10:26 - 2010-12-19 07:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Avvio
2014-03-30 10:26 - 2010-12-19 03:14 - 00000000 ____D () C:\Programmi
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Menu Avvio\Programmi
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Menu Avvio
2014-03-30 10:24 - 2014-03-30 10:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\FileTypeAssistant
2014-03-30 10:24 - 2014-03-30 10:22 - 00000438 _____ () C:\windows\Tasks\ProgramRefresh-ATFST.job
2014-03-30 10:24 - 2014-03-30 10:22 - 00000000 ____D () C:\Programmi\File Type Assistant
2014-03-30 10:24 - 2010-12-19 07:45 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni
2014-03-30 10:11 - 2014-03-30 10:11 - 00000000 ___RD () C:\Documents and Settings\Stefano\Documenti\Video
2014-03-30 09:45 - 2010-12-19 03:14 - 01071834 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 09:45 - 2003-04-08 14:00 - 00478808 _____ () C:\windows\system32\perfh010.dat
2014-03-30 09:45 - 2003-04-08 14:00 - 00079292 _____ () C:\windows\system32\perfc010.dat
2014-03-30 09:44 - 2013-01-04 05:55 - 00000000 ____D () C:\Programmi\Mozilla Maintenance Service
2014-03-30 00:41 - 2014-03-30 00:31 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\Movienizer
2014-03-30 00:37 - 2013-12-15 21:01 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\Motel6 belli2
2014-03-30 00:37 - 2013-11-24 22:22 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\Ultimi motel belli 2
2014-03-30 00:37 - 2013-11-24 05:32 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\Ultimi motel belli
2014-03-30 00:37 - 2013-01-19 21:23 - 00000000 ____D () C:\Documents and Settings\Stefano\Documenti\White.Collar.S2
2014-03-30 00:37 - 2012-05-25 09:41 - 00111104 ___SH () C:\Documents and Settings\Stefano\Documenti\Thumbs.db
2014-03-30 00:37 - 2012-01-12 18:41 - 00036352 _____ () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-30 00:30 - 2010-12-19 08:11 - 03207333 _____ () C:\windows\{00000000-00000000-0000000C-00001102-00000004-00521102}.CDF
2014-03-29 23:17 - 2014-03-29 23:13 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\Solvusoft
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\Stefano\Impostazioni locali\Dati applicazioni\FileViewPro
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\IsolatedStorage
2014-03-29 23:15 - 2014-03-29 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\IsolatedStorage
2014-03-29 23:15 - 2010-12-19 07:20 - 00000000 __RHD () C:\Documents and Settings\All Users\Dati applicazioni
2014-03-29 23:11 - 2014-03-29 23:11 - 00000000 ____D () C:\Spacekace
2014-03-29 20:16 - 2013-01-07 18:36 - 00000000 ____D () C:\Documents and Settings\Stefano\Dati applicazioni\Skype
2014-03-29 20:14 - 2013-01-07 18:36 - 00002241 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-29 12:28 - 2014-03-29 12:28 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-03-29 00:14 - 2013-11-22 14:04 - 00000000 ____D () C:\Programmi\AssaultCube
2014-03-12 07:57 - 2013-01-02 20:44 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-12 07:57 - 2011-12-26 18:36 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe
[2003-04-08 14:00] - [2004-08-19 16:39] - 1034752 ____A (Microsoft Corporation) 178d42bd8fc34a9837417a6ce1d6bb7b

C:\windows\system32\winlogon.exe
[2003-04-08 14:00] - [2004-08-19 16:39] - 0504832 ____A (Microsoft Corporation) 4166454e2bcfcc20d1b8a5ac9feab243

C:\windows\system32\svchost.exe
[2003-04-08 14:00] - [2004-08-19 16:39] - 0014336 ____A (Microsoft Corporation) 73955b04f209d8a1c633867841267a96

C:\windows\system32\services.exe
[2003-04-08 14:00] - [2004-08-19 16:39] - 0108544 ____A (Microsoft Corporation) e77f6fa2a15390f1727f4c1c55b69da6

C:\windows\system32\User32.dll
[2003-04-08 14:00] - [2004-08-19 16:39] - 0578048 ____A (Microsoft Corporation) 08447bdfce5d1b1956f962602381f5c1

C:\windows\system32\userinit.exe
[2003-04-08 14:00] - [2004-08-19 16:39] - 0025088 ____A (Microsoft Corporation) c1e7fe19f98a877bf8f941bf48148695

C:\windows\system32\rpcss.dll
[2003-04-08 14:00] - [2004-08-19 16:39] - 0395776 ____A (Microsoft Corporation) 0c015ab735a4624c44cb5696e9208c4c

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\windows\system32\Drivers\volsnap.sys
[2003-04-08 14:00] - [2004-08-19 16:29] - 0053376 ____A (Microsoft Corporation) 698869e82c57169f2140c04a272bf12b


==================== End Of Log ============================

[shel]

scarica systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Allega il file con estensione .zip nella tua prossima risposta.

NON COPIARE IL LOG ma allegalo nel seguente modo

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

[Federico.]

Fatto!
11_04_2014_16_01_report.zip

[shel]

da start esegui digita services.msc e dai ok

vai nella lista servizi e cerca questi due

zchqmsw

pkvsyinu

mettili su disabilitato

segui il percorso ed elimina manualmente questo file

C:\windows\system32\xfdrx.dll

riavvia il pc

prova ora se riesci ad accedere alla pagina di avira

[Luke57]

Ciao, se non riesci nell'operazione suddetta segui questa procedura:
Disabilita la protezione del tuo antivirus:
apri SystemScan clicca poi su Removal Script. All'interno della finestra copia/incolla i valori seguenti in neretto:


Files to delete:
C:\windows\system32\xfdrx.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zchqmsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zchqmsw
HKEY_LOCAL_MACHINE\system\controlset002\services\zchqmsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pkvsyinu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pkvsyinu


Clicca su "Proceed with removal", dopo il riavvio portati in C:\ copia/incolla il contenuto del file avenger.txt

[Federico.]

Shel, purtroppo nella lista dei servizi non sono riuscito a trovare i due che mi hai scritto...
Ciao Luke, grazie anche a te per l'aiuto: ) Ho provato a fare come mi hai detto, ecco qui:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\voqdryap

*******************

Script file located at: \??\C:\windows\system32\cluqptak.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\windows\system32\xfdrx.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zchqmsw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zchqmsw deleted successfully.


Registry key HKEY_LOCAL_MACHINE\system\controlset002\services\zchqmsw not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\controlset002\services\zchqmsw failed!

Could not process line:
HKEY_LOCAL_MACHINE\system\controlset002\services\zchqmsw
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pkvsyinu not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pkvsyinu failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pkvsyinu
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pkvsyinu deleted successfully.
Program C:\Documents and Settings\Stefano\Desktop\sys36982.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

[shel]

l'importante e' aver eliminato i servizi che erano i responsabili

prova a scaricare avira dal link che ti ho postato prima e fai una scansione completa, aggiornalo prima di effettuarla

[Federico.]

Bene ragazzi, ora riesco ad accedere al sito, grazie infinite! : )
Però, con la mia solita sfiga, vuoi che i problemi fossero finiti? No, ovviamente...
Ho scaricato avira, ma quando lo apro e faccio "esegui" una finestra mi dice "Sì è verificato un errore in Avira. L'applicazione verrà chiusa"... Ho provato già un po' di volte e mi appare sempre questa finestra, cosa posso fare?

[shel]

fai questa scansione di controllo

scarica OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)

Allegali come il precedente


dopo la scansione da start esegui digita CMD e dai ok nella consolle che si apre fai copia incolla di questo comando

netsh firewall show state e dai ok

posta il risultato

[Federico.]

Ecco a te:

OTL.Txt
Extras.Txt

Mentre l'altra cosa che mi hai chiesto:
Stato firewall:
Profilo=Standard
Modalità operativa=Disable
Modalità eccezioni=Enable
Modalità risposta multicast/broadcast=Enable
Modalità notifiche=Disable
Versione criterio di gruppo=Windows Firewall
Modalità amministrazione remota=Disable
Porte attualmente aperte su tutte le interfacce di rete:
Porta Prot. Versione programma
5621 TCP Any <null>
5000 UDP Any <null>
12186 TCP Any <null>

[shel]

ora apri otl e copia nel suo spazio bianco questo script

Codice: Seleziona tutto

:OTL
[2014/04/10 00.45.27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/11 02.12.02 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 02.11.07 | 001,145,856 | ---- | M] (Farbar) -- C:\Documents and Settings\Stefano\Desktop\FRST.exe
[2014/04/10 14.18.11 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Stefano\Desktop\Collegamento a ComboFix.exe.lnk
[2014/03/30 10.21.27 | 000,000,000 | ---D | C] -- C:\Programmi\Mega Browse
[2014/02/19 03.29.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefano\Dati applicazioni\AVG
[2014/02/19 03.28.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2014/02/19 03.25.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefano\Dati applicazioni\OpenCandy
2014/04/12 15.43.05 | 000,023,472 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,023,472 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,018,672 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,018,672 | ---- | M] () -- C:\windows\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
[2014/04/12 15.43.05 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
[2014/04/12 15.19.33 | 000,060,416 | ---- | M] () -- C:\windows\System32\drivers\xlbwthb^.sys
[2014/04/12 15.19.33 | 000,060,416 | ---- | C] () -- C:\windows\System32\drivers\xlbwthb^.sys
[2012/12/22 12.21.09 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2014/02/19 03.30.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2014/02/19 03.29.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefano\Dati applicazioni\AVG
[2014/02/19 03.25.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefano\Dati applicazioni\OpenCandy

:Files
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Reboot]

clicca sul pulsante run fix e allega il log che rilascia

[shel]

escludi il precedente script , usa questo, ho apportato una modifica


:OTL
[2014/04/10 00.45.27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/11 02.12.02 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 02.11.07 | 001,145,856 | ---- | M] (Farbar) -- C:\Documents and Settings\Stefano\Desktop\FRST.exe
[2014/04/10 14.18.11 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Stefano\Desktop\Collegamento a ComboFix.exe.lnk
[2014/03/30 10.21.27 | 000,000,000 | ---D | C] -- C:\Programmi\Mega Browse
[2014/02/19 03.29.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefano\Dati applicazioni\AVG
[2014/02/19 03.28.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2014/02/19 03.25.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefano\Dati applicazioni\OpenCandy
2014/04/12 15.43.05 | 000,023,472 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,023,472 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,018,672 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,018,672 | ---- | M] () -- C:\windows\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-00521102}.rfx
[2014/04/12 15.43.05 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
[2014/04/12 15.43.05 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00521102}.dat
[2014/04/12 15.19.33 | 000,060,416 | ---- | M] () -- C:\windows\System32\drivers\xlbwthb^.sys
[2014/04/12 15.19.33 | 000,060,416 | ---- | C] () -- C:\windows\System32\drivers\xlbwthb^.sys
[2014/02/19 03.30.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG
[2014/02/19 03.29.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefano\Dati applicazioni\AVG
[2014/02/19 03.25.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefano\Dati applicazioni\OpenCandy

:Files
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Reboot]