Accedi per seguire   
Seguaci 0
francesco59

Il Notebook Di Mia Figlia Pieno Di Tutto... W7 Home Edition

22 messaggi in questa discussione

Salve ragazzi,ho preso in mano il notebook di mia figlia che aveva un po di tutto,ma sono convinto che nonostante abbia eseguito a dovere tutte le vs indicazionidpiegate all'inizio questo pc ha ancora dei problemi. ho fatto anche la scansione online con kaspersky che mi ha trovato un abbuffo di trojan e via dicendo. Mi controllate per cortesia il file di hijacthing.... grazie infinite

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ecco le voci da fixare su HJT

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll
R3 - URLSearchHook: (no name) - {098d800d-0712-45ff-a3e4-686bd68f29f8} - (no file)
R3 - URLSearchHook: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT	buTor.dll
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
R3 - URLSearchHook: (no name) - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT	buTor.dll
O2 - BHO: Softonic Italia - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: uTorrentBar_IT Toolbar - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - C:\Program Files (x86)\uTorrentBar_IT	buTor.dll
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\baffa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.h tm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD7A838-19D1-44CB-8699-390E07DA65DC}: NameServer = [url="http://www.hijackthis.de/whois.php"]176.31.229.24[/url],[url="http://www.hijackthis.de/whois.php"]176.31.229.25[/url]
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

Salva questo elenco (selezioni, copia, apri notepad, incolla) in un file di testo.

Chiudi tutte le finestre del browser.

Fixa le voci indicate.

Installa MalwareBytes AntiMalware, aggiornalo, esegui una scansione completa del sistema, rimuovi quanto indica, riavvia se lo richiede, quindi postane il log, per piacere.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Francesco59, hai eseguito HJT "come amministratore"?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

scusa non lo avevo fatto perche non me lo faceva fare, ho dovuto riscaricarlo di nuovo e farlo ora mi sembra tutto ok. parlo di HJ.

GRAZIE INFINITE se c'è qualcos'altro fammi sapere

hijackthis.log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Mi sembrava di averti chiesto un log di MalwareBytes Anti Malware...

Hai fatto la scansione? ;)

(controllerò il log di HJT nel weekend)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Permesso?

Ciao Francesco59

Cerchiamo di andare per ordine, evitando un po' HJT, che come tutti sappiamo è ormai diventato obsoleto, segui questi passi.

OTL by Oldtimer

  • Scarica OTL sul desktop.
  • Fare doppio clic sull'icona per eseguirlo. Assicurarsi che tutte le finestre siano chiuse per farlo funzionare senza interruzioni.
  • Quando appare la schermata, portarsi in alto, sotto la voce Output modificare in minimal output.
  • Seleziona le caselle accanto a LOP e Purity Check.
  • Sotto, in Custom Scans/Fixes incolla questo script

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

winlogon.exe

Userinit.exe

svchost.exe

services.exe

/md5stop

%systemroot%\*. /rp /s

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

DRIVES

CREATERESTOREPOINT

  • Fare clic sul pulsante Run Scan. Non modificare le impostazioni se non diversamente detto di farlo. La scansione Durerà un po' di minuti, abbi pazienza.
  • Al termine della scansione, si apriranno due file di testo. OTL.Txt e Extras.Txt. Questi vengono salvati nella stessa posizione di OTL.
  • Copia (Edit-> Seleziona tutto, Modifica-> Copia), il contenuto di questi file, uno alla volta, e postali nella risposta successiva.
  • Potrebbero essere necessari due post per adattarli entrambi.

===================================================

Scarica aswMBR.exe e salvalo sul tuo desktop.

  • Doppio click sua swMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  • Click Scan
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
  • Attenzione: non eseguire nessun fix.
  • Noterete anche un altro file creato sul desktop denominato MBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .

Nella tua prossima risposta voglio vedere

  • OTL.txt
  • Extras.txt
  • aswMBR report

Attenzione a parte MBR.dat non allegare nessun file, usa copia incolla del contenuto dei log :ciao:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

SCUSATEMI molto credevo di aver finito in quanto il pc era tornato a posto e sono entrato ora per caso...

avevo gia provato a scaricare otl ma non ci ero riuscito..

Modificato da francesco59

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Se puoi, francesco, segui le istruzioni proposte. Sia le mie che quelle di Mr 4011

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ecco

OTL logfile created on: 03/02/2013 21:00:17 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\baffa\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,11% Memory free

3,86 Gb Paging File | 2,40 Gb Available in Paging File | 62,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220,79 Gb Total Space | 78,67 Gb Free Space | 35,63% Space Free | Partition Type: NTFS

Computer Name: BAFFA-PC | User Name: baffa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\baffa\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe ()

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\utils.dll ()

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\skinscript.dll ()

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe ()

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\custoclock.filter ()

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\gbm.dll ()

MOD - C:\Program Files (x86)\Banshee Screamer Alarm\beatnik.filter ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (NisSrv) -- c:\Programmi\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (SQLWriter) -- c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - No CLSID value found

IE - HKLM\..\URLSearchHook: {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=268053c900000000000000269ea259ef

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=HP_ss&mntrId=268053c900000000000000269ea259ef

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 1D 8A C0 8D AD CA 01 [binary data]

IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {DCE02E09-449C-493A-93B1-25E784A1EB6A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112863&tt=120912_cpc_3712_6&babsrc=SP_ss&mntrId=268053c900000000000000269ea259ef

IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Trova Rapido: "URL" = http://www.trovarapido.com/result.php?t=Q1002151654&s=b&keywords={searchTerms}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT366IT366

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{DCE02E09-449C-493A-93B1-25E784A1EB6A}: "URL" = http://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}

IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "https://www.google.it/"

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37

FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2

FF - prefs.js..extensions.enabledItems: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.20

FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6

FF - prefs.js..keyword.URL: "http://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search"

FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?affID=112863&tt=120912_cpc_3712_6&babsrc=KW_ss&mntrId=268053c900000000000000269ea259ef&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\baffa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\baffa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\baffa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\baffa\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerbox@spointer.com: C:\PROGRAM FILES\OFFERBOX\EXTENSIONS-4.0.4498.53\OFFERBOX@SPOINTER.COM

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/25 20:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/16 19:22:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 20:31:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 00:25:05 | 000,000,000 | ---D | M]

[2010/02/17 17:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baffa\AppData\Roaming\mozilla\Extensions

[2013/01/16 20:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\baffa\AppData\Roaming\mozilla\Firefox\Profiles\08j167kw.default\extensions

[2012/09/16 18:42:09 | 000,002,223 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\BabylonMngr.xml

[2012/09/06 21:29:04 | 000,000,921 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\conduit.xml

[2011/03/27 20:02:59 | 000,003,915 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\mozilla\firefox\profiles\08j167kw.default\searchplugins\sweetim.xml

[2012/10/19 10:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/12/17 14:14:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/23 23:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/10/19 10:05:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2012/08/25 20:39:49 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012/09/16 19:22:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/25 20:39:11 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

[2012/09/16 19:21:56 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml

[2012/09/16 18:41:29 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/09/16 19:21:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/09/16 19:21:56 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml

[2011/03/27 19:48:58 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2012/09/16 19:21:56 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml

[2012/09/16 19:21:56 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml

[2012/09/16 19:21:56 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ch

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://it.search.yahoo.com?type=198484&fr=spigot-yhp-ch

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\baffa\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Desktop (Enabled) = C:\Users\baffa\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\baffa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Ricerca Google = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: SocialPlus! for Facebook = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.6.8_0\

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\

CHR - Extension: Domain Error Assistant = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Night Time In New York City = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\

CHR - Extension: Skype Click to Call = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\

CHR - Extension: Savings-Slider = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\

CHR - Extension: Settings Protector = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\

CHR - Extension: Gmail = C:\Users\baffa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 21:34:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {703740c1-0f1a-4cec-a4df-d78db0158477} - No CLSID value found.

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {098D800D-0712-45FF-A3E4-686BD68F29F8} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Italia Toolbar) - {4EDD5C14-2D22-4D7A-9748-C975A7FD933B} - C:\Program Files (x86)\Softonic_Italia\prxtbSof2.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - Startup: C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AEEE9A4-C5E6-44DB-B5B6-512182989679}: DhcpNameServer = 62.13.173.92 62.13.173.93

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 20:57:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL(1).exe

[2013/02/03 20:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL.exe

[2013/01/18 08:33:38 | 000,000,000 | ---D | C] -- C:\Users\baffa\Desktop\backups

[2013/01/17 17:30:18 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Local\Macromedia

[2013/01/17 07:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/01/17 07:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/17 00:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013/01/17 00:49:29 | 000,000,000 | ---D | C] -- C:\Users\baffa\Desktop\Virus Removal Tool

[2013/01/17 00:45:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/17 00:24:16 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe

[2013/01/17 00:17:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/01/17 00:17:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/01/17 00:17:02 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/01/17 00:17:02 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/01/17 00:17:02 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/01/17 00:17:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/01/17 00:17:02 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll

[2013/01/17 00:17:02 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll

[2013/01/17 00:17:02 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2013/01/17 00:17:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll

[2013/01/17 00:17:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/01/17 00:17:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/01/17 00:17:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2013/01/17 00:17:01 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/01/17 00:17:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe

[2013/01/17 00:17:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/01/17 00:17:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys

[2013/01/17 00:17:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll

[2013/01/17 00:17:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/01/17 00:17:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll

[2013/01/17 00:17:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll

[2013/01/17 00:17:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll

[2013/01/17 00:17:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2013/01/17 00:17:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2013/01/17 00:16:13 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/01/17 00:15:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2013/01/17 00:15:06 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2013/01/16 22:54:45 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/16 21:17:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/16 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2013/01/16 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2013/01/16 21:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar

[2013/01/16 21:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2013/01/16 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Roaming\IObit

[2013/01/16 21:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2013/01/16 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2013/01/16 17:08:40 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Roaming\Malwarebytes

[2013/01/16 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/16 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/16 17:06:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/01/16 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/01/16 17:06:17 | 000,000,000 | ---D | C] -- C:\Users\baffa\AppData\Local\Programs

[2013/01/16 17:04:04 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/01/12 23:02:23 | 000,000,000 | ---D | C] -- C:\Windows\rescache

[2013/01/10 22:20:20 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/10 22:20:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/10 22:19:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/10 22:19:38 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/10 22:19:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/10 22:19:34 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/10 22:19:34 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/10 22:19:34 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/10 22:19:34 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/10 22:19:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/10 22:19:34 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/10 22:19:34 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/10 22:19:34 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/10 22:19:34 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/10 22:19:34 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/10 22:19:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/10 22:19:34 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/10 22:19:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/10 22:19:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/10 22:19:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/10 22:19:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/10 22:19:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/10 22:19:33 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/10 22:19:33 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/10 22:19:33 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/10 22:19:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/10 22:19:33 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/10 22:19:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/10 22:19:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/10 22:19:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/10 22:19:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/10 22:19:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/10 22:19:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/10 22:18:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/10 22:18:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/10 22:18:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/10 22:18:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/10 22:18:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/10 22:18:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/10 22:18:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/10 22:18:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/10 22:18:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/10 22:18:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/10 22:18:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/10 22:18:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/10 22:18:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/10 22:18:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/10 22:18:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/10 22:18:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/10 22:18:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/10 22:18:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/10 22:18:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/10 22:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/10 22:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/10 22:18:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/10 22:17:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2010/11/07 14:06:12 | 002,810,112 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup-3.00.1303.exe

[2010/07/26 22:21:25 | 032,532,792 | ---- | C] (Apple Inc.) -- C:\Program Files\SafariSetup-5.0.exe

[2010/07/20 14:21:17 | 004,141,792 | ---- | C] (Tangysoft Ltd. ) -- C:\Program Files\UseNeXT_freetrial_416583w.exe

[2009/10/20 00:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2013/02/03 20:58:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL(1).exe

[2013/02/03 20:53:02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/03 20:52:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/03 20:52:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/03 20:50:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\baffa\Desktop\OTL.exe

[2013/02/03 20:45:22 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/03 20:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/03 20:44:58 | 1554,718,720 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/01 12:08:07 | 000,001,178 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job

[2013/02/01 11:41:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/01 11:37:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job

[2013/02/01 03:08:02 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job

[2013/02/01 01:37:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job

[2013/02/01 01:32:36 | 000,002,372 | ---- | M] () -- C:\Users\baffa\Desktop\Google Chrome.lnk

[2013/01/17 15:33:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/01/17 15:33:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/17 07:41:18 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/01/17 01:01:33 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2013/01/17 00:17:02 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/01/17 00:17:02 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/01/17 00:17:02 | 001,123,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/01/17 00:17:02 | 001,048,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/01/17 00:17:02 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/01/17 00:17:02 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/01/17 00:17:02 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll

[2013/01/17 00:17:02 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll

[2013/01/17 00:17:02 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2013/01/17 00:17:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll

[2013/01/17 00:17:02 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/01/17 00:17:02 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/01/17 00:17:02 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2013/01/17 00:17:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tsusbflt.sys.mui

[2013/01/17 00:17:01 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/01/17 00:17:01 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe

[2013/01/17 00:17:01 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/01/17 00:17:01 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys

[2013/01/17 00:17:01 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll

[2013/01/17 00:17:01 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/01/17 00:17:01 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll

[2013/01/17 00:17:01 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll

[2013/01/17 00:17:01 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll

[2013/01/17 00:17:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2013/01/17 00:17:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2013/01/17 00:16:13 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/01/17 00:15:06 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2013/01/17 00:15:06 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2013/01/16 21:34:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/01/16 20:14:50 | 000,001,016 | ---- | M] () -- C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk

[2013/01/16 17:06:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe

[2013/01/11 10:49:00 | 000,422,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/11 10:23:40 | 001,705,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/11 10:23:40 | 000,752,944 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2013/01/11 10:23:40 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/11 10:23:40 | 000,149,134 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2013/01/11 10:23:40 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/01/17 07:41:08 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/01/17 07:40:09 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/01/17 01:01:33 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2013/01/16 20:14:50 | 000,001,016 | ---- | C] () -- C:\Users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk

[2013/01/16 17:06:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/08 22:50:56 | 008,120,981 | ---- | C] () -- C:\Users\baffa\Desktop\Alessandro Mannarino - Vivere La Vita.mp3

[2011/12/12 16:59:57 | 000,072,176 | ---- | C] () -- C:\Users\baffa\La tesina.pdf

[2011/03/31 19:57:44 | 000,000,035 | ---- | C] () -- C:\Users\baffa\.mjsync_it_IT

[2010/09/08 20:36:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/02/15 23:18:43 | 000,000,089 | ---- | C] () -- C:\Users\baffa\AppData\Local\lsfeljpd.bat

[2010/02/10 21:16:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/16 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Babylon

[2010/09/28 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Canneverbe Limited

[2011/04/15 11:31:25 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/09/27 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\freeTVRadio

[2010/02/10 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\GameConsole

[2010/12/23 03:12:30 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\GrabPro

[2010/09/08 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\InterVideo

[2013/01/16 21:02:41 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\IObit

[2012/03/06 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Mipony

[2012/03/06 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\Orbit

[2010/12/23 03:12:37 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\ProgSense

[2013/01/17 00:13:37 | 000,000,000 | ---D | M] -- C:\Users\baffa\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe

[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe

[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >

[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe

[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe

[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe

[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS545025B9A300

Partitions: 3

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 12,00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 100,00MB

Starting Offset: 12885950464

Hidden sectors: 0

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 221,00GB

Starting Offset: 12990808064

Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54

< End of report >

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Wow! Ciao Francesco :)

Complimenti, c'e' piu' spazzatura sul tuo PC, che in una discarica.

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

Dopo

thisisujrt.gif Scarica Junkware Removal Tool sul desktop.

  • Arrestare il software di protezione ora per evitare potenziali conflitti
  • Eseguire lo strumento facendo doppio clic. Se si utilizza Windows Vista, 7, o 8, invece di doppio clic, destro del mouse su JRT.exe clic e selezionare "Esegui come amministratore".
  • Lo strumento si apre e avvia la scansione del sistema.
  • Si prega di essere pazienti in quanto ciò potrebbe richiedere del tempo per completare a seconda delle specifiche del sistema.
  • Al termine, un log (JRT.txt) viene salvato sul desktop, si apre automaticamente
  • Post i contenuti di JRT.txt nel messaggio successivo

Non allegare, copia incolla il contenuto dei log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

adw cleaner ha fatto una bella pulizia ed allego il file.

per l'altro programma pur avendo fatte più prove disattivando firewall e antivirus non me lo fa terminare. mi compare una scritta che windows chiudera il programma-

AdwCleanerS1.txt

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Francesco

Ripeto Non allegare i log ma fai copia incolla del loro contenuto

  • Avvia Malwarebyte ed aggiornalo. .
  • selezionare Eseguire scansione rapida , poi cliccare Scan .
  • Quando la scansione è completa , cliccare OK , poi Mostra Risultati per visualizzare i risultati .
  • Siate sicuri che tutto sia selezionato , quindi cliccare Remove Selected .
  • Quando completato il tutto , si aprirà un log in blocco note .
  • I log possono essere trovati qui :
    C : \ Documents e Settings \ nome utente \ Dati Applicazioni \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \ log [data] txt .
    O in
    C: \ Programmi \ Malwarebytes ' Anti - Malware \ Logs \ log - data . txt
  • Posta il log nella tua prossima risposta

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe

● Salvalo sul Desktop

Chiudi programmi attivi, e pagine Internet

● avvia il tool con un doppio click

● clicca, in basso a sinistra, sul pulsante Start

scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi

● attendi pazientemente il termine delle operazioni

● clicca, in basso a destra, sul pulsante Exit

● una volta terminate le operazioni, chiudi il programma

ESET on-line scan

Eseguire una scansione con ESET Online Scanner

Nota: Sarà necessario utilizzare Internet Explorer per questa scansione .

  • Selezionare la casella accanto a Yes, I accept the Terms of Use.
  • Cliccare su Start
  • Quando richiesto consentire il controllo ActiveX per installare
  • Cliccare su Start
  • Assicurarsi che le opzioni Rimuovi minacce trovate e Scansione delle applicazioni indesiderate siano selezionate
  • Cliccare su Scan
    Attendere il termine della scansione
  • Usa Notepad per aprire il file di log situato in C:\Program Files\EsetOnlineScanner\log.txt
  • Copia/Incolla il log nella tua risposta successiva

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

eset ha rilevato

SETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=43fb0a3a215aa54080d226d38375ea7a

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-05 10:32:57

# local_time=2013-02-05 11:32:57 (+0100, ora solare Europa occidentale)

# country="Italy"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 48055 111733427 0 0

# scanned=129364

# found=3

# cleaned=0

# scan_time=5981

C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll a variant of Win32/Toolbar.Widgi application 9F9058BB859817F3BF51CEFEA513C3B7B873E4B9 I

C:\Users\baffa\Downloads\SoftonicDownloader_per_avira-antivir-regcleaner.exe a variant of Win32/SoftonicDownloader.E application 2DDC4AB011BD67D598B9AD30ED593292FBE8E2A6 I

C:\Windows\Installer\3b4e2.msi a variant of Win32/Toolbar.Widgi application 9F488E83B5B3C08949828D60A768E06B7E12905A I

malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versione database: v2013.02.05.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

baffa :: BAFFA-PC [amministratore]

05/02/2013 21:35:40

mbam-log-2013-02-05 (21-35-40).txt

Tipo di scansione: Scansione veloce

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 221890

Tempo impiegato: 7 minuti, 33 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

File rilevati: 0

(non sono stati rilevati elementi nocivi)

(fine)

ecco attendo istruzioni

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Scarica Combofix da uno di questi due link:

Link 1

Link 2

* IMPORTANTE- Salva ComboFix.exe sul tuo Desktop

====================================================

Disattiva AntiVirus e AntiSpyware, di solito tramite un click destro del mouse sull'icona di notifica situata sulla system tray. Essi possono interferire con questi tools. Nota: Se si ha difficolta' a disabilitare correttamente i programmi di protezione, o non si e' sicuri su quali programmi devono essere disabilitati, fare riferimento alle informazioni (in Inglese) disponibili a questo link : Come disabilitare i programmi di sicurezza

====================================================

Doppio click su combofix.exe & seguire le istruzioni

Quando finito, il programma produrra' un log. Includi C:\ComboFix.txt nella tua prossima risposta, per ulteriori revisioni

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ora non so più se allegare o popiare ed incollare-..........................


ComboFix 13-02-06.01 - baffa 06/02/2013  21:19:19.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.1977.1154 [GMT 1:00]
Eseguito da: c:\users\baffa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-01-06 al 2013-02-06  )))))))))))))))))))))))))))))))))))
.
.
2013-02-06 20:29 . 2013-02-06 20:29 -------- d-----w- c:\users\Default\AppData\Local	emp
2013-02-05 09:29 . 2013-02-05 09:29 -------- d-----w- c:\windows\ERUNT
2013-02-05 09:28 . 2013-02-05 09:54 -------- d-----w- C:\JRT
2013-02-05 09:12 . 2013-01-07 20:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C76E4E7-F7D8-47A6-89C3-D695382ACDDF}\mpengine.dll
2013-02-05 07:26 . 2013-01-07 20:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 16:30 . 2013-01-17 16:30 -------- d-----w- c:\users\baffa\AppData\Local\Macromedia
2013-01-17 06:44 . 2013-01-17 06:44 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51746BBD-8EAB-4DAD-B855-C5355B372303}\gapaengine.dll
2013-01-17 06:40 . 2013-01-17 06:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-17 06:40 . 2013-01-17 06:41 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-16 23:50 . 2013-01-17 21:19 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-16 23:24 . 2013-01-15 17:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-16 23:16 . 2013-01-16 23:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-16 23:16 . 2013-01-16 23:16 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-16 23:16 . 2013-01-16 23:16 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-16 23:16 . 2013-01-16 23:16 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-16 23:16 . 2013-01-16 23:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-16 23:16 . 2013-01-16 23:16 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-16 23:16 . 2013-01-16 23:16 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-16 23:15 . 2013-01-16 23:15 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-16 23:15 . 2013-01-16 23:15 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-16 20:03 . 2013-01-16 20:03 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar
2013-01-16 20:02 . 2013-01-16 23:06 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-16 20:02 . 2013-01-16 20:05 -------- d-----w- c:\programdata\IObit
2013-01-16 20:02 . 2013-01-16 20:02 -------- d-----w- c:\users\baffa\AppData\Roaming\IObit
2013-01-16 20:02 . 2013-01-16 20:02 -------- d-----w- c:\program files (x86)\IObit
2013-01-16 16:08 . 2013-01-16 16:08 -------- d-----w- c:\users\baffa\AppData\Roaming\Malwarebytes
2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-16 16:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-16 16:06 . 2013-01-16 16:06 -------- d-----w- c:\users\baffa\AppData\Local\Programs
2013-01-12 22:02 . 2013-01-17 10:55 -------- d-----w- c:\windows\rescache
2013-01-10 21:20 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 21:20 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 21:18 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 21:17 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32	askhost.exe
2013-01-10 21:17 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 14:33 . 2012-07-22 15:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 14:33 . 2012-07-22 15:12 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-03-29 21:19 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 09:17 . 2010-02-13 23:25 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 05:32 . 2013-02-05 10:12 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B52E316-DCE4-4EBF-AFCF-B25FDEFB9BD5}\mpengine.dll
2012-12-16 17:11 . 2012-12-22 02:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-10 21:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-17 13:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-17 13:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-17 13:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-17 13:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-17 13:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-17 13:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-17 13:27 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-17 13:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-17 13:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-17 13:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-17 13:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-17 13:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-17 13:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-17 13:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-17 13:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-17 13:27 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-17 13:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-17 13:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-17 13:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-17 13:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-17 13:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-17 13:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-14 00:32 2048 ----a-w- c:\windows\system32	zres.dll
2012-11-09 04:42 . 2012-12-14 00:32 2048 ----a-w- c:\windows\SysWow64	zres.dll
2010-11-07 13:06 . 2010-11-07 13:06 2810112 ----a-w- c:\program files\ccsetup-3.00.1303.exe
2010-07-26 21:23 . 2010-07-26 21:21 32532792 ----a-w- c:\program files\SafariSetup-5.0.exe
2010-07-20 13:21 . 2010-07-20 13:21 4141792 ----a-w- c:\program files\UseNeXT_freetrial_416583w.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2012-11-28 16:59 1230216 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
.
c:\users\baffa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Banshee Screamer Alarm.lnk - c:\program files (x86)\Banshee Screamer Alarm\alarm.exe [2012-12-19 274432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17 251400]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cpuz132;cpuz132;c:\users\baffa\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488]
R3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 HdAudAddService;Driver di funzioni Microsoft 1.1 UAA per servizio High Definition Audio;c:\windows\system32\drivers\HdAudio.sys [2010-11-20 350208]
R3 int15.sys;int15.sys;c:\windows\System32\OEM\Factory\int15.sys [2008-03-28 17952]
R3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;c:\program files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-16 129976]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 odserv;Microsoft Office Diagnostics Service;c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-16 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 StarOpen;StarOpen; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [2013-01-16 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 USBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
R3 WinUsb;WinUsb;c:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
R4 MSSQLServerADHelper;SQL Server Active Directory Helper;c:\program files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Apple Mobile Device;Apple Mobile Device;c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
S2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
S2 IviRegMgr;IviRegMgr;c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MsMpSvc;Microsoft Antimalware Service;c:\program files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
S2 NMSAccess;NMSAccess;c:\program files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 PSI_SVC_2;Protexis Licensing V2;c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SeaPort;SeaPort;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 SQLBrowser;SQL Server Browser;c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
S2 SQLWriter;SQL Server VSS Writer;c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S3 athr;Atheros Extensible Wireless LAN device driver;c:\windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDRT64.sys [2009-08-11 686080]
S3 DKbFltr;Dritek Keyboard Filter Driver (64-bit);SysWOW64\Drivers\DKbFltr.sys [x]
S3 igfx;igfx;c:\windows\system32\DRIVERS\igdkmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NTIDrvr;NTIDrvr;c:\windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
S3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\DRIVERS\SynTP.sys [2009-08-14 286768]
S3 UBHelper;UBHelper;c:\windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
S3 usbvideo;Dispositivo video USB (WDM);c:\windows\System32\Drivers\usbvideo.sys [2010-11-20 184960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 14:33]
.
2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job
- c:\users\baffa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 01:03]
.
2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job
- c:\users\baffa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 01:03]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:57]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:57]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004Core.job
- c:\users\baffa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:43]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939510224-1586711211-3296453594-1004UA.job
- c:\users\baffa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-10 19:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.search.yahoo.com?type=198484&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27360210b116l0323z105i48l6u803
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\35051425B4C416E6: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\7696E6F6662716E65393: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7BD7A838-19D1-44CB-8699-390E07DA65DC}\C46454D2E45647: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\baffa\AppData\Roaming\Mozilla\Firefox\Profiles\08j167kw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - ExtSQL: 2013-01-17 01:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{098D800D-0712-45FF-A3E4-686BD68F29F8} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-02-06  21:47:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2013-02-06 20:47
.
Pre-Run: 80.578.392.064 byte disponibili
Post-Run: 80.529.948.672 byte disponibili
.
- - End Of File - - 21C12519FA1E897E7AFD4475E8326CEE

combofix.txt

Modificato da Pike
La seconda che hai scritto...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Spero che l'uso del tag Code non complichi la vita a Mr 4011...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Francesco

Pike, ha risposto alla tua domanda, devi copiare/incollare i log.

@Pike, effettivamente non e' un problema il tag code ma se si potesse evitare sarebbe molllllllto meglio :)

OK a noi :)

Disattiva i programmi di sicurezza

apri il blocco note copia il testo seguente e salvalo , chiamandolo CFScript

File::
C:\Program Files (x86)\IObit Apps Toolbar\IE\6.6\iobitappsToolbarIE.dll
C:\Users\baffa\Downloads\SoftonicDownloader_per_avira-antivir-regcleaner.exe
C:\Windows\Installer\3b4e2.msi

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verrà creato un nuovo log combofix.txt, postalo

Poi prova a ri eseguire JRT

Dopo fammi sapere come va il tuo PC e se ci sono altre questioni da risolvere

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0