mickele

giusto per informarvi che abbiamo deciso di clonare l'HD, mi sno giàà procurato il cd di clonezillla e ci ho anche smanettato un pochino per vedere il suo funzionamento, appena riusciamo a comprare il nuovo hd e ultimare i lavori comunico il tutto

grazie, allora proverò al piu presto con la clonazione

ciao e grazie per il passaggio premetto che è dai tempi di xp che non installo piu un o.s. da zero, oramai me la cavo con il ripristino allo stato originale ed è per questo motivo che vi chiedo pazienza e la cortesia di seguirmi passo passo. Il computer è un fisso, il backup è stato fatto seguendo le istruzioni dettate dal pop up di avviso delle errore ed il seriale di seven è stato recuperato, a questo punto mi serve capire i passaggi successivi all'inserimento fisico del nuovo HD. In alternativa, la clonazione del HD con clonezilla sostituirebbe l'installazione (montato il nuovo HD clonato non servono altre operazioni per far partire il pc)? grazie

ciao a tutti, come da titolo ho la necessità di impostare il router fibra di telecom solo come modem e far gestire le connessioni da un secondo router (nel mio caso un d-link dir-300 che potrei cambiare se non va bene per quest'operazione) 1)ho cambiato l ip del dlink da farlo essere diverso da quello di telecom 2) ho disattivato le reti wifi del telecom 3) ho disattivato il firewall del telecom 4)ho disattivato laconnessione automatica del telecom 5) ho collegato il dlink al telecom e i pc e consolle al dlink e la rete c'è ma non si connette ad internet se riattivo la connessione automatica del telecom internet fuziona ma è come se avessi addirittura due reti diverse e temo di perdere le impostzioi DMZ e UPNP che andrei ad impostare col dlink dove sbaglio?

io col mio modem router netgear avevo sttato le varie porte per quanto riguarda xbox e la dmz sul nintendo 3ds e tutto andava liscio, ora con questo di telecom, che non si puo cmbiare, il ds non naviga neanche con l'apertura delle porte e l'unica,a sentire altri utenti, è quello delladmz che non ha il router telecom ma la posso ricavare solo in questo modo. comunque appena rientra in casa il ds provo e poi faccio sapere. Fosse per me risolverei buttando tutte le consolle ma non si può

uhm... in effetti non è una bella cosa. Il mio problema e di moltissimi altri utenti è che il router fornito da telecom non si riesce a settare in nesun modo con il nintendo 3ds. Allora attivando l'UPNP dovrei risolvere in un colpo solo il problema XBOX e nintendo ma questo che mi hai mostrato mi preoccupo e l'ho chiuso. Provvederò, sempre con il d-link, a settare le porte per il buon funzionamento della xbox ed eventualmente proverò a dimpostare il nintendo (che mi rientra settimana prossima) con la DMZ. A proposito, la DMZ si può impostare solo su un IP?

probabilmente ho risolto. prima di attaccare ilrouter al modem ho dovuto impostare su di esso la connessione internet PPoE. Ora sembra funzionare continuo a testarlo e quando arrivano i figli vediamo se anche sulle consolle non ci sono problemi avendo attivato l UPNP. finito i test, se tutto va bene aggiungo la descrizione sopra

ciao a tutti, ho dovuto spostare il desktop in un punto diverso della casa ed in attesa della prossima imbiancatura per poter creare una traccia murata per il cavo ethernet mi sto arrangiando con una pennetta di ricezione wireless USB D-Link AirPlus G DWL-G122. Funziona bene ma l'inconveniente è che non viene riconosciuta all'accensione del PC con SEVEN installato ma ogni volta necessita disinserirla e poi inserirla. sbaglio qualche impostazione? o meglio, visto che il riconoscimento avviene in automatico, devo impostare qualcosa? grazie in anticipo

ciao, scusa il ritardo. ho provato le prime 2 opzioni e nulla è cambiato, allora ho deciso che va bene l'ultima cioè di attaccarla solo quando mi serve

ciao, il dubbio mi è sorto quando mi sono accorto che tra i dispositivi della rete è presente un computer a me sconoscosciuto: PC-VASILE (io me ne sono accorto adesso ma mio figlio mi ha riferito che lo vede da oltre un anno). allora accedo al router per verificare di cosa si tratti ma dai dispositivi connessi non lo segnala come non lo segnala neanche Wifiguard. quello che non mi convince è che non tutti i dispositivi vengono riconosciuti nello stesso modo dai vari test: al momento del controllo erano collegati tramite cavo il computer e la xbox e tramite wifi la stampante e un cellulare . 1) tramite la visualizzazione della rete di windows non vedo ne la xbox ne il cellulare mentre vedo la stampante 2 volte 2) tramite il router vedo tutti i miei dispositivi ma la stampante che è wireless la vedo tra i cablati. 3) tramite wifi guard vedo tutto cosi come dovrebbe essere. a questo punto questo PC-Vasile esiste ed è collegato sulla mia rete o sto solo facendo una grande confusione io? allego gli screen per semplificarvi la vita

eh già, eppure la dicitura della rete di appartenenza era proprio li sotto ai miei occhi ma il solo fatto di immagginare un intruso sulla mia rete mi ha fatto annebbiare la vista :angry2: il piacere di essere stato aiutato è tutto mio

Risolto: in effetti mi sono precipitato a postare senza verificare attentamente le cose, il computer era riconosciuto dalle risorse di rete ma in effetti non era una risorsa appartenente alla mia retema un residuo della rete hamachi e mi è bastato disattivarla e riattivarla per farlo sparire. grazie comunque per la sollecita risposta

ciao a tutti, ho trovato la voce in oggetto tra i processi in avvio automativo e , siccome non mi piace tanto volevo sapere di cosa si tratta e se malevole mi serviva una mano per farla fuori ovviamnete un controllino generale è sempre gradito ciao e grazie

riprendo il post per segnalare che il testato il computer per qualche giorno, a vista non sembra dere piu alcun problema. Dichiarerei il caso concluso con successo, come sempre, su questo bel forum.

ciao, mi dispiace per quanto sopra. Certo che si tratti di un equivoco sorto solo a fin di bene, per aiutare un utente del forum, virtualmente vi invito a bere una bella birretta con me.

fatto anche questo ComboFix 13-05-18.03 - MARCO 20/05/2013 20:01:40.11.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6863 [GMT 2:00] Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe Opzioni usate :: c:\users\MARCO\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MARCO\AppData\Local\ServiceManager c:\users\MARCO\AppData\Local\ServiceManager\settings\settings.ini c:\users\MARCO\AppData\Local\ServiceManager\ssro.InstallLog c:\users\MARCO\AppData\Local\SoftwareUpdater c:\users\MARCO\AppData\Local\SoftwareUpdater\settings.ini c:\users\MARCO\AppData\Local\SoftwareUpdater\settings\settings.ini c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallLog c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallState c:\users\MARCO\AppData\Local\ssupd c:\users\MARCO\AppData\Local\ssupd\7z.dll c:\users\MARCO\AppData\Local\ssupd\AppLib.Zip.dll c:\users\MARCO\AppData\Local\ssupd\settings.ini c:\users\MARCO\AppData\Local\ssupd\settings\settings.ini c:\users\MARCO\AppData\Local\ssupd\ssupd.InstallLog c:\users\MARCO\AppData\Local\ssupd\ssupd.InstallState . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_LiveUpSC . . ((((((((((((((((((((((((( Files Creati Da 2013-04-20 al 2013-05-20 ))))))))))))))))))))))))))))))))))) . . 2013-05-20 18:04 . 2013-05-20 18:04 -------- d-----w- c:\users\Public\AppData\Local emp 2013-05-20 18:04 . 2013-05-20 18:04 -------- d-----w- c:\users\mikele\AppData\Local emp 2013-05-20 18:04 . 2013-05-20 18:04 -------- d-----w- c:\users\GIULIANO\AppData\Local emp 2013-05-20 18:04 . 2013-05-20 18:04 -------- d-----w- c:\users\Default\AppData\Local emp 2013-05-20 18:04 . 2013-05-20 18:04 -------- d-----w- c:\users\CRISTINA\AppData\Local emp 2013-05-19 17:35 . 2013-05-19 17:35 -------- d-----w- c:\program files (x86)\ESET 2013-05-19 17:22 . 2013-05-19 17:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-19 17:22 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-19 13:11 . 2013-05-19 13:11 -------- d-----w- c:\users\MARCO\AppData\Local\ElevatedDiagnostics 2013-05-19 10:30 . 2013-05-19 10:30 -------- d-----w- C:\!KillBox 2013-05-19 10:23 . 2013-05-19 10:23 -------- d-----w- c:\users\mikele\AppData\Roaming\DVDVideoSoft 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT 2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL 2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla 2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll 2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games 2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games 2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs 2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312] . c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152] R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS ap0901t.sys [2009-09-16 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers susbflt.sys [2012-08-23 57856] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] . . Contenuto della cartella 'Scheduled Tasks' . 2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . 2013-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mSearchAssistant = IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.it FF - prefs.js: network.proxy.type - 0 . - - - - CHIAVI ORFANE RIMOSSE - - - - . ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1, d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb, ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca, 53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a, 0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50, 87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64, 5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81, 62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28, e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92, 38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef, 6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46, 43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96, 84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Ora fine scansione: 2013-05-20 20:10:30 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2013-05-20 18:10 ComboFix2.txt 2013-05-20 15:43 ComboFix3.txt 2013-05-19 10:53 ComboFix4.txt 2013-05-19 09:26 ComboFix5.txt 2013-05-20 18:00 . Pre-Run: 208.818.274.304 byte disponibili Post-Run: 208.437.145.600 byte disponibili . - - End Of File - - D51B715763F9D9DB4BCAD91E70CEB34E

Ciao, ComboFix 13-05-18.03 - MARCO 20/05/2013 17:36:55.10.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6711 [GMT 2:00] Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe Opzioni usate :: c:\users\MARCO\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\All Users\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi" . . ((((((((((((((((((((((((( Files Creati Da 2013-04-20 al 2013-05-20 ))))))))))))))))))))))))))))))))))) . . 2013-05-20 15:42 . 2013-05-20 15:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-20 15:42 . 2013-05-20 15:42 -------- d-----w- c:\users\mikele\AppData\Local\temp 2013-05-20 15:42 . 2013-05-20 15:42 -------- d-----w- c:\users\GIULIANO\AppData\Local\temp 2013-05-20 15:42 . 2013-05-20 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-20 15:42 . 2013-05-20 15:42 -------- d-----w- c:\users\CRISTINA\AppData\Local\temp 2013-05-19 17:35 . 2013-05-19 17:35 -------- d-----w- c:\program files (x86)\ESET 2013-05-19 17:22 . 2013-05-19 17:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-19 17:22 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-19 13:11 . 2013-05-19 13:11 -------- d-----w- c:\users\MARCO\AppData\Local\ElevatedDiagnostics 2013-05-19 10:30 . 2013-05-19 10:30 -------- d-----w- C:\!KillBox 2013-05-19 10:23 . 2013-05-19 10:23 -------- d-----w- c:\users\mikele\AppData\Roaming\DVDVideoSoft 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT 2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL 2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla 2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll 2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-30 14:32 . 2013-05-19 17:13 -------- d-----w- c:\users\MARCO\AppData\Local\ssupd 2013-04-30 14:32 . 2013-05-19 10:02 -------- d-----w- c:\users\MARCO\AppData\Local\ServiceManager 2013-04-30 12:54 . 2013-05-10 12:35 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater 2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games 2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games 2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs 2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312] . c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LiveUpSC;LiveUpSC;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152] R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] . . Contenuto della cartella 'Scheduled Tasks' . 2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mSearchAssistant = IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.it FF - prefs.js: network.proxy.type - 0 . - - - - CHIAVI ORFANE RIMOSSE - - - - . ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1, d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb, ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca, 53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a, 0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50, 87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64, 5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81, 62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28, e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92, 38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef, 6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46, 43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96, 84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-05-20 17:43:52 ComboFix-quarantined-files.txt 2013-05-20 15:43 ComboFix2.txt 2013-05-19 10:53 ComboFix3.txt 2013-05-19 09:26 ComboFix4.txt 2013-05-19 09:17 ComboFix5.txt 2013-05-20 15:36 . Pre-Run: 209.069.797.376 byte disponibili Post-Run: 208.710.291.456 byte disponibili . - - End Of File - - 38C4531C3D3A533F4F94829166A0D28A al momento sembra andare bene, fino a ieri sera qualche finestra ogni tanto si apriva. Ora lo testo un pochettino e piu avanti ti sapro' dare indicazioni migliori intanto un grazie di cuore

OTL ========== OTL ========== No active process named ssadp.exe was found! Error: No service named SsupdService was found to stop! Service\Driver key SsupdService not found. File C:\Users\MARCO\AppData\Local\ssupd\ssupd.exe not found. Error: No service named SsroService was found to stop! Service\Driver key SsroService not found. File C:\Users\MARCO\AppData\Local\ServiceManager\ssro.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SsroService not found. File C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe not found. 127.0.0.1 localhost removed from HOSTS file successfully ========== COMMANDS ========== Error: Unable to interpret <[resethost]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 05192013_191340 MBAM Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versione database: v2013.05.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 MARCO :: MIKELE-PC [amministratore] 19/05/2013 19:25:52 mbam-log-2013-05-19 (19-25-52).txt Tipo di scansione: Scansione veloce Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 290167 Tempo impiegato: 2 minuti, 15 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 0 (non sono stati rilevati elementi nocivi) Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 0 (non sono stati rilevati elementi nocivi) File rilevati: 2 C:\Users\GIULIANO\Downloads\wirelesskeyview.zip (PUP.WirelessKeyView) -> Spostato in quarantena ed eliminato con successo. C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Spostato in quarantena ed eliminato con successo. (fine) ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK di ESET ho copiat anche quando indicato nel report " list of found threats" ed ho allegato un immagine della schermata finale dove si evince di aver trovato 23 file C:\Users\All Users\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined C:\ProgramData\Win7codecs\{97AA2780-CBFE-4B45-9B40-EA8F13EACF4A}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined C:\Users\GIULIANO\Downloads\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\install_uTorrent_(2)(1).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\install_uTorrent_(2).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_atube-catcher.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_surgeon-simulator-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\SoftonicDownloader_per_utorrent.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\Stronghold_Crusader_HD__MULTI5___PC___TiNYiSO_.exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined C:\Users\GIULIANO\Downloads\Unsecure v1.2.rar a variant of Win32/HackTool.Unsecure.A application deleted - quarantined C:\Users\MARCO\Desktop\download giochi\SoftonicDownloader_per_plants-vs-zombies.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\MARCO\Desktop\download giochi\SoftonicDownloader_per_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\MARCO\Desktop\varie\programmi\aTube_Catcher-2.9.1327.exe multiple threats cleaned by deleting - quarantined C:\Users\MARCO\Downloads\SoftonicDownloader_per_hijackthis.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\mikele\Desktop\MANUTENZIONE PC\TOOL DI RIMOZIONE DEL VIRUS PHOTOALBUM\MSNFix.zip Win32/PrcView application deleted - quarantined C:\Users\mikele\Desktop\MANUTENZIONE PC\TOOL DI RIMOZIONE DEL VIRUS PHOTOALBUM\MSNFix\MSNFix\incl\Process.exe Win32/PrcView application cleaned by deleting - quarantined C:\Users\mikele\Desktop\nuova pulizia\avira_free_antivirus_it.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined C:\Users\mikele\Downloads\SoftonicDownloader_per_bookdb.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\mikele\Downloads\SoftonicDownloader_per_videospin.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\mikele\Downloads\Babylon.Pro.v9.0.1.r5.by.tano1221\Babylon Pro v9.0.1.r5\Babylon9_setup_full.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined C:\Windows\Installer\6c390.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

OTL (credo che non abbia riconosciuto il comando) ========== COMMANDS ========== Error: Unable to interpret <[resethost]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 05192013_124710 Combofix ComboFix 13-05-18.03 - MARCO 19/05/2013 12:49:16.9.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6393 [GMT 2:00] Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe Opzioni usate :: c:\users\MARCO\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2013-04-19 al 2013-05-19 ))))))))))))))))))))))))))))))))))) . . 2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\mikele\AppData\Local\temp 2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\GIULIANO\AppData\Local\temp 2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 10:52 . 2013-05-19 10:52 -------- d-----w- c:\users\CRISTINA\AppData\Local\temp 2013-05-19 10:31 . 2013-05-19 10:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\offreg.dll 2013-05-19 10:30 . 2013-05-19 10:30 -------- d-----w- C:\!KillBox 2013-05-19 10:23 . 2013-05-19 10:23 -------- d-----w- c:\users\mikele\AppData\Roaming\DVDVideoSoft 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT 2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL 2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla 2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll 2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-30 14:32 . 2013-05-19 10:02 -------- d-----w- c:\users\MARCO\AppData\Local\ServiceManager 2013-04-30 14:32 . 2013-04-30 16:03 -------- d-----w- c:\users\MARCO\AppData\Local\ssupd 2013-04-30 12:54 . 2013-05-10 12:35 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater 2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games 2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games 2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs 2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312] . c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LiveUpSC;LiveUpSC;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R2 SsupdService;Ssupd Service;c:\users\MARCO\AppData\Local\ssupd\ssupd.exe [2013-01-24 156160] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152] R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] . . Contenuto della cartella 'Scheduled Tasks' . 2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . 2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mSearchAssistant = IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.it FF - prefs.js: network.proxy.type - 0 . - - - - CHIAVI ORFANE RIMOSSE - - - - . ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1, d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb, ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca, 53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a, 0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50, 87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64, 5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81, 62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28, e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92, 38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef, 6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46, 43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96, 84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-05-19 12:53:49 ComboFix-quarantined-files.txt 2013-05-19 10:53 ComboFix2.txt 2013-05-19 09:26 ComboFix3.txt 2013-05-19 09:17 ComboFix4.txt 2013-05-19 09:05 . Pre-Run: 210.135.367.680 byte disponibili Post-Run: 209.672.843.264 byte disponibili . - - End Of File - - 0EB85C8C2558BACA24ACFB05BD3D7088 ne approfitto per ringraziarti per la pazienza e per il tempo che mi stai dedicando

ultimo OTL ========== FILES ========== < ipconfig /flushdns /c > Configurazione IP di Windows Cache del resolver DNS svuotata. C:\Users\MARCO\Desktop\cmd.bat deleted successfully. C:\Users\MARCO\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: CRISTINA ->Flash cache emptied: 0 bytes User: Default User: Default User User: GIULIANO ->Flash cache emptied: 0 bytes User: MARCO ->Flash cache emptied: 650 bytes User: mikele ->Flash cache emptied: 506 bytes User: Public Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <[RESETHOST]> in the current context! Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 05192013_104955 combofix (ho commesso un altro errore, ripetendo la scansione 2 volte mi sono perso il primo log dove aveva trovato e cancellato alcune cose) ComboFix 13-05-18.03 - MARCO 19/05/2013 11:13:26.7.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6281 [GMT 2:00] Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2013-04-19 al 2013-05-19 ))))))))))))))))))))))))))))))))))) . . 2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\mikele\AppData\Local\temp 2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\GIULIANO\AppData\Local\temp 2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 09:15 . 2013-05-19 09:15 -------- d-----w- c:\users\CRISTINA\AppData\Local\temp 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- c:\windows\ERUNT 2013-05-18 13:29 . 2013-05-18 13:29 -------- d-----w- C:\JRT 2013-05-18 12:04 . 2013-05-18 12:04 -------- d-----w- C:\_OTL 2013-05-17 19:29 . 2013-05-17 19:29 -------- d-----w- c:\users\CRISTINA\AppData\Local\Mozilla 2013-05-17 11:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02368AA9-CACC-4DE3-B337-02F72ED5FE7F}\mpengine.dll 2013-05-15 12:07 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-13 09:16 . 2013-05-13 09:16 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-30 14:32 . 2013-04-30 16:03 -------- d-----w- c:\users\MARCO\AppData\Local\ssupd 2013-04-30 14:32 . 2013-04-30 14:32 -------- d-----w- c:\users\MARCO\AppData\Local\ServiceManager 2013-04-30 14:32 . 2013-04-30 14:32 -------- d-----w- c:\users\MARCO\AppData\Local\sshelper 2013-04-30 12:54 . 2013-05-10 12:35 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater 2013-04-30 12:54 . 2013-04-30 12:54 -------- d-----w- c:\program files (x86)\MyPcCleaner 2013-04-30 12:52 . 2013-05-10 12:42 -------- d-----w- c:\program files (x86)\PopCap Games 2013-04-30 12:52 . 2013-04-30 12:52 -------- d-----w- c:\programdata\PopCap Games 2013-04-27 15:34 . 2013-04-27 15:34 -------- d-----w- c:\users\GIULIANO\AppData\Local\Programs 2013-04-24 08:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 13:18 . 2013-04-21 13:37 -------- d-----w- c:\users\GIULIANO\AppData\Roaming\File de La Battaglia per la Terra di Mezzo . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 13:08 . 2011-11-21 14:24 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 19:52 . 2012-04-05 13:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:52 . 2011-11-21 16:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 17:19 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 00:06 . 2011-11-21 12:10 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 12:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-28 11:22 . 2013-03-28 11:22 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-28 11:22 . 2013-03-28 11:22 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-28 11:22 . 2013-03-28 11:22 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] "Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312] "SsroService"="c:\users\Public\Documents\Application\CurrentFile\ssadl.exe" [2013-01-24 217600] . c:\users\mikele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\MARCO\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R1 SASDIFSV;SASDIFSV;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\mikele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LiveUpSC;LiveUpSC;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-01-25 161280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R2 SsroService;Ssro Service;c:\users\MARCO\AppData\Local\ServiceManager\ssro.exe [2013-01-24 31232] R2 SsupdService;Ssupd Service;c:\users\MARCO\AppData\Local\ssupd\ssupd.exe [2013-01-24 156160] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-29 32152] R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-26 378984] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] . . Contenuto della cartella 'Scheduled Tasks' . 2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:52] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000Core.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1000UA.job - c:\users\mikele\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-25 13:31] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001Core.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . 2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4217405360-2350075151-1383066028-1001UA.job - c:\users\MARCO\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 13:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mSearchAssistant = IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5496806A-6A8B-42B3-B11F-FB918C1A3B50}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF}: NameServer = 212.216.112.222,212.216.172.162 TCP: Interfaces\{847A0F8D-7935-4C2B-8093-6F5084CC38AD}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7}: NameServer = 212.216.112.222,212.216.172.162 FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.it FF - prefs.js: network.proxy.type - 0 . - - - - CHIAVI ORFANE RIMOSSE - - - - . ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,94,be,46,bc,f1, d3,09,de,2e,e8,e1,00,eb,16,2b,de,20,6c,e9,2c,e3,a4,22,28,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1b,cb,62,4b,bb, ac,7b,eb,46,47,15,b0,92,4b,c7,ef,50,77,e9,70,b7,de,2c,33,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,80,da,94,cf,ca, 53,bc,19,7a,45,05,fd,91,e8,6f,31,4b,81,22,68,7d,6d,a3,4c,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,bb,71,51,fe,0a, 0e,00,74,6b,65,49,6a,7e,99,74,f7,92,fc,17,6e,b4,30,40,ee,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,61,ac,49,63,50, 87,65,72,e9,02,6c,fa,fb,1d,47,57,5f,00,95,1f,72,9d,bc,a1,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,e5,de,3f,64, 5d,64,18,50,93,e5,ab,ec,6a,4e,ab,f6,d0,4d,a9,f1,15,64,50,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f7,f2,13,1b,81, 62,41,c0,97,20,4e,9a,c7,f1,35,ee,ec,25,ea,79,99,a7,5a,5b,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8a,fc,44,1b,28, e1,cd,a5,aa,52,c6,00,84,3c,26,64,38,7a,7e,7d,ea,41,33,ed,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,25,ba,43,b1,92, 38,02,0a,b2,46,9a,e2,1b,fe,1b,94,c8,9b,0c,eb,16,16,9d,b2,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,1b,14,a9,ef, 6b,35,6c,37,a4,aa,c3,a6,15,56,0a,28,d7,c0,58,03,a1,94,ba,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5b,7d,68,01,46, 43,60,34,f8,31,0f,a9,5f,a0,ec,fb,1d,58,7b,1a,83,43,76,4d,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,73,90,49,b0,96, 84,4d,12,05,73,21,dd,54,d8,4a,c5,45,6e,2b,0c,d5,37,2f,3c,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2013-05-19 11:17:01 ComboFix-quarantined-files.txt 2013-05-19 09:17 ComboFix2.txt 2013-05-19 09:05 . Pre-Run: 205.566.988.288 byte disponibili Post-Run: 205.447.626.752 byte disponibili . - - End Of File - - 122864FE3F5791F28C3F2665F8FCDAB4

log 2 roguekiller edit: mannaggia, mi sono dimenticato firefox aperto mentre facevo le scansioni di roguerkiller, devo rifarle e ripostare i log? RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MARCO [Admin rights] Mode : Remove -- Date : 05/18/2013 20:00:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> NON RIMOSSO, USA RIPARA DNS [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Cancellato [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Cancellato [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Cancellato [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Sostituito (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Sostituito (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++ --- User --- [MBR] 26bf45d746bc8c91541ae5752d79534e [bSP] 9776fdbff546bcfbb65f599bc564e9ce : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37955584 | Size: 317667 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_D_05182013_02d2000.txt >> RKreport[1]_D_05182013_02d2000.txt log 3 roguekiller RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MARCO [Admin rights] Mode : Shortcuts HJfix -- Date : 05/18/2013 20:02:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 24 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 51 / Fail 0 My documents: Success 1 / Fail 1 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 619 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume5 -- 0x3 --> Restored [D:] \Device\HarddiskVolume9 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\CdRom1 -- 0x5 --> Skipped [K:] \Device\HarddiskVolume2 -- 0x3 --> Restored [L:] \Device\HarddiskVolume6 -- 0x3 --> Restored [M:] \Device\HarddiskVolume7 -- 0x3 --> Restored [N:] \Device\HarddiskVolume8 -- 0x3 --> Restored [O:] \Device\HarddiskVolume4 -- 0x3 --> Restored [P:] \Device\HarddiskVolume10 -- 0x2 --> Restored [Q:] \Device\HarddiskVolume11 -- 0x2 --> Restored [R:] \Device\HarddiskVolume12 -- 0x2 --> Restored [s:] \Device\HarddiskVolume13 -- 0x2 --> Restored [T:] \Device\HarddiskVolume14 -- 0x2 --> Restored Finished : << RKreport[1]_SC_05182013_02d2002.txt >> RKreport[1]_SC_05182013_02d2002.txt

========== OTL ========== HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "ChatZumSearch" removed from browser.search.defaultenginename Prefs.js: "ChatZumSearch" removed from browser.search.order.1 C:\Users\mikele\AppData\Roaming\mozilla\firefox\profiles\azwabnvp.default\searchplugins\findeer.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-4217405360-2350075151-1383066028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979 not found. ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Configurazione IP di Windows Cache del resolver DNS svuotata. C:\Users\MARCO\Desktop\cmd.bat deleted successfully. C:\Users\MARCO\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: CRISTINA ->Flash cache emptied: 492 bytes User: Default User: Default User User: GIULIANO ->Flash cache emptied: 586 bytes User: MARCO ->Flash cache emptied: 1087 bytes User: mikele ->Flash cache emptied: 650 bytes User: Public Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <[RESETHOST]> in the current context! Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 05182013_140421 log1 roguekiller RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : MARCO [Admin rights] Mode : Scan -- Date : 05/18/2013 19:56:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> Trovato [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> Trovato [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7826114B-1D8E-467B-A500-447A310A3DEF} : NameServer (212.216.112.222,212.216.172.162) -> Trovato [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D10767A0-30B1-4AF2-ADF2-BCA4DDACFFC7} : NameServer (212.216.112.222,212.216.172.162) -> Trovato [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> Trovato [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> Trovato [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++ --- User --- [MBR] 26bf45d746bc8c91541ae5752d79534e [bSP] 9776fdbff546bcfbb65f599bc564e9ce : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 37955584 | Size: 317667 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05182013_02d1956.txt >> RKreport[1]_S_05182013_02d1956.txt

ultimo log : JRT (attendo istruzioni) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by MARCO on 18/05/2013 at 15:29:26,19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-4217405360-2350075151-1383066028-1001\software\web assistant" Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\MARCO\appdata\locallow\datamngr" ~~~ FireFox Emptied folder: C:\Users\MARCO\AppData\Roaming\mozilla\firefox\profiles\rslv1v7e.default\minidumps [216 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/05/2013 at 15:31:18,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

log adwcleaner (mi sembra di capire che Marco è quello che è meno attento alle installazioni dei software da softonic) # AdwCleaner v2.301 - Logfile creato il 18/05/2013 alle 15:16:58 # Aggiornamento 16/05/2013 by Xplode # Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits) # Utente : MARCO - MIKELE-PC # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\MARCO\Desktop\adwcleaner.exe # Opzioni [Elimina] ***** [servizi] ***** ***** [File / Cartelle] ***** Cartella Eliminato : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Cartella Eliminato : C:\ProgramData\Ask Cartella Eliminato : C:\Users\GIULIANO\AppData\LocalLow\AskToolbar Cartella Eliminato : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\extensions\staged Cartella Eliminato : C:\Users\MARCO\AppData\Local\PackageAware File Eliminato : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\searchplugins\Askcom.xml ***** [Registro] ***** Chiave Eliminata : HKCU\Software\APN PIP Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong Chiave Eliminata : HKCU\Software\AppDataLow\Software\searchqutoolbar Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar Chiave Eliminata : HKCU\Software\ChatZum Toolbar Chiave Eliminata : HKCU\Software\Headlight Chiave Eliminata : HKCU\Software\IM Chiave Eliminata : HKCU\Software\ImInstaller Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Chiave Eliminata : HKCU\Software\Softonic Chiave Eliminata : HKCU\Software\Somoto Chiave Eliminata : HKLM\Software\ChatZum Toolbar Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASAPI32 Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASMANCS Chiave Eliminata : HKLM\Software\PIP Chiave Eliminata : HKLM\Software\SoftwareUpdater Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Chiave Eliminata : HKLM\SOFTWARE\Software ***** [browser Internet] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registro Pulito. -\\ Mozilla Firefox v20.0.1 (it) File : C:\Users\mikele\AppData\Roaming\Mozilla\Firefox\Profiles\azwabnvp.default\prefs.js Eliminata : user_pref("browser.search.defaultenginename", "ChatZumSearch"); Eliminata : user_pref("browser.search.order.1", "ChatZumSearch"); Eliminata : user_pref("id_chatzum_softonic_installed_version", "1.0.20"); File : C:\Users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\rslv1v7e.default\prefs.js Eliminata : user_pref("browser.search.defaultengine", "Ask.com"); Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", ""); Eliminata : user_pref("id_chatzum_softonic.firstlaunch", "0"); Eliminata : user_pref("id_chatzum_softonic.guid", "%7B065CD27F-3EC7-FD08-48CA-ADE5F4FA6685%7D"); Eliminata : user_pref("id_chatzum_softonic.hiddenvisual", 0); Eliminata : user_pref("id_chatzum_softonic.popupblockedcnt", "6"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar10", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar2", "%12%1A%1B%17%16%1A%14%11%11%10"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar3", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar4", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar5", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar6", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar7", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar8", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.SVar9", "%13"); Eliminata : user_pref("id_chatzum_softonic.variables.Var1", "62"); Eliminata : user_pref("id_chatzum_softonic.variables.Var10", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var2", "1984597223"); Eliminata : user_pref("id_chatzum_softonic.variables.Var3", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var4", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var5", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var6", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var7", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var8", "0"); Eliminata : user_pref("id_chatzum_softonic.variables.Var9", "0"); Eliminata : user_pref("id_chatzum_softonic_installed_version", "1.0.20"); File : C:\Users\GIULIANO\AppData\Roaming\Mozilla\Firefox\Profiles\3mbqoanp.default\prefs.js Eliminata : user_pref("browser.search.defaultengine", "Ask.com"); Eliminata : user_pref("browser.search.defaultenginename", "ChatZumSearch"); Eliminata : user_pref("browser.search.order.1", "ChatZumSearch"); Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", ""); File : C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\y0e00uvg.default\prefs.js [OK] File Pulito. ************************* AdwCleaner[s1].txt - [5922 octets] - [18/05/2013 15:16:58] ########## EOF - C:\AdwCleaner[s1].txt - [5982 octets] ##########

mi scuso in anticipo ma se incollo il log OTL non mi consente l'invio del messaggio in quanto troppo lungo lo allego OTLnuovo.rar