Lentezza navigazione internet con tutti i browser. Possibile virus o problema router?

derek1939 · 21 Marzo 2012

Buonasera a tutti, oggi mi si è presentato questo problema:

Con tutti i browser che ho sul pc (mozilla, opera, chrome) la navigazione oggi risulta lentissima.

La mia connessione (alice 7 mega) funziona correttamente perche ho fatto il test online per la velocita ed è tutto nella norma, stessa cosa per il programma di torrent che sembrerebbe funzionare correttamente.

Ma il caricamento delle pagine è lentissimo, come se fosse un 56k, e non riesco a capire perchè, dato che ieri sera quando ho spento funzionava tutto benissimo e non ho istallato niente di nuovo. Cosa ancora piu strana considerando che ho formattato il pc da qualche giorno e che quindi non dovrebbe aver problemi di rallentamenti di trojan o intasamenti da abbondanza di cookies..
Non lo fa sempre eprò, sembra ripartire e dopo un pò si rallenta tutto.
Ho anche provato a usare gli openDNS, ma per adesso non noto benefici.

il mio s.o è un WIN XP SP3..

Ho notato anche qualche crash dei browser di troppo.. diciamo un paio al giorno, dopo 6/7 ore di navigazione per cui posto anche il log di hijackthis per ogni evenienza.

Codice:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.22.08, on 21/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Vuze\Azureus.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Increase performance and video formats for your HTML5  <video> - {326E768D-4182-46FD-9C16-1449A49795F4} -  C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and  Settings\Administrator\Impostazioni locali\Dati  applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Xvid] C:\Programmi\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -  {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network  Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA16CE8A-9F12-4833-93D9-A85F012119F7}: NameServer = 208.67.222.222,208.67.222.220
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti  - {8C7461EF-2B13-11d2-BE35-3078302C2030} -  C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6002 bytes

come posso muovermi?

edo_nabz · 21 Marzo 2012

Hai provato con un'altro PC? Quale antivirus usi?

derek1939 · 22 Marzo 2012

uso NOD32 versione 5.. ma il pc l'ho formattato una settimana fa.. sarà che ho preso gia un altro virus?

Il log va bene?

nel portatile mi va sempre lento, e spesso non mi si connette con il wi-fi; il che mi fa pensare al possibile mal funzionamento del router, però i crash dei browser (opera e mozilla) mi fanno pensare ad un infezione..

Federico83 · 22 Marzo 2012

potrebbe essere un virus prova con uno scan di malwarebytes e vedi cosa succede

derek1939 · 22 Marzo 2012

scansione con malwarebytes e log:

Codice:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.03.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC [amministratore]

22/03/2012 14.40.51
mbam-log-2012-03-22 (14-40-51).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 178011
Tempo impiegato: 1 minuti, 24 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

Federico83 · 22 Marzo 2012

fai uno scan completo e non uno veloce

derek1939 · 22 Marzo 2012

Federico83 ha detto:
fai uno scan completo e non uno veloce

scansione completa:

Codice:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.03.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PC [amministratore]

22/03/2012 19.35.54
mbam-log-2012-03-22 (19-35-54).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 373333
Tempo impiegato: 1 ore, 20 minuti, 4 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

Federico83 · 22 Marzo 2012

anche hijackthis è pulito...

derek1939 · 22 Marzo 2012

Può essere colpa del router?

ho anche aggiornato il firmware.. ma continuo ad avere problemi. Ora il pc è attaccato col cavo, ma ilcell ad esempio col wi-fi non si connette...

Federico83 · 23 Marzo 2012

Potrebbe essere lui come la conessione che ha problemi. Hai provato uno speed test per vedere a quanto va la connessione?

derek1939 · 24 Marzo 2012

Si, mi va bene.. anche coi torrent viaggio al massimo.. si impalla solo la navigazione internet. Ho fatto girare combofix, sembrerebbe essere migliorato adesso.. speriamo bene.. vi tengo aggiornati!

ste-87 · 22 Gennaio 2013

derek1939 ha detto:
Si, mi va bene.. anche coi torrent viaggio al massimo.. si impalla solo la navigazione internet. Ho fatto girare combofix, sembrerebbe essere migliorato adesso.. speriamo bene.. vi tengo aggiornati!

Scusate se riprendo un post un pò vecchio, ma ho lo stesso identico problema da una settimana circa, riportando per bene la mia situazione è la seguente:

il problema sembra verificarsi solo nel tardo pomeriggio/sera ed è indipendente dalla connessione dato che eseguendo uno speedtest/pingtest anche col test di NGI, le velocità sono perfettamente nella norma e comunque ho anche un altro pc sulla solita linea e altri devices, che navigano/scaricano perfettamente e restituiscono valori di speedtest nella norma, quando su questo pc si presenta il problema in questione.
Quando si verifica questo fenomeno non è solo la navigazione ad essere lenta ma anche l'apertura stessa dei broswer, da chrome che uso nel 99% dei casi a Firefox (preoccupante dato che sono oltretutto installati su un ssd) e da quanto ho potuto notare questa lentezza è rilegata soltanto ai broswer e basta e nessun altro programma o download.

Uso il firewall di windows 7 + Microsoft Security Essentials che non rileva nulla, con hijackthis non ci sono processi neanche vagamente sospetti (verificando "a mano" e tramite http://www.hijackthis.de/it nel caso mi fosse sfuggito qualcosa), facendo uno scan sia veloce che completo con Malawarebytes su tutte le unità ssd/hdd non trova niente, l'unica maniera che ho di risolvere è scaricarmi combofix e andare in provvisoria per farlo lavorare in pace, esegue i suoi 50 stage in pochi minuti restituendomi il log (con diverse chiavi di registro bloccate) che adesso vi copio/incollo e il problema sembra sparire tornando tutto alla normalità.
Dico sembra perchè, il tempo di arrivare al giorno dopo e siamo a capo, dato che si ripresenta di nuovo, grosso modo dalla solita fascia oraria in poi (ripeto nel caso fosse sfuggito non è la linea, me ne sono accertato in più modi).

Di 2 giorni fa:

Codice:

ComboFix 13-01-17.04 - Valefor 20/01/2013   3:33.3.8 - x64 MINIMALMicrosoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.6135.5478 [GMT 1:00]
Eseguito da: c:\users\Valefor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-12-20 al 2013-01-20  )))))))))))))))))))))))))))))))))))
.
.
2013-01-20 02:35 . 2013-01-20 02:35    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-01-20 02:35 . 2013-01-20 02:35    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-01-20 02:35 . 2013-01-20 02:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-01-19 17:03 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B22BFE2D-B7BB-44FE-8259-94E826BBBE65}\mpengine.dll
2013-01-18 16:05 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-16 16:44 . 2013-01-16 16:45    --------    d-----w-    c:\program files (x86)\Google
2013-01-15 00:38 . 2013-01-15 00:38    --------    d-----w-    c:\programdata\TERA
2013-01-14 20:37 . 2008-02-05 14:36    798208    ----a-w-    c:\windows\SysWow64\NextControls.ocx
2013-01-14 20:37 . 2000-05-22 16:58    608448    ----a-w-    c:\windows\SysWow64\comctl32.ocx
2013-01-14 20:37 . 1997-07-19 15:55    1347344    ----a-w-    c:\windows\SysWow64\msvbvm50.dll
2013-01-14 20:37 . 2013-01-14 20:37    --------    d-----w-    c:\program files (x86)\Winstep
2013-01-13 20:40 . 2013-01-15 18:17    --------    d-----w-    c:\users\Valefor\AppData\Local\TERA-Diagnostic
2013-01-13 19:13 . 2013-01-13 19:13    --------    d-----w-    c:\users\Valefor\AppData\Local\TERA
2013-01-13 00:09 . 2013-01-13 00:09    --------    d-----w-    c:\program files (x86)\MSECache
2013-01-12 23:38 . 2013-01-12 23:38    --------    d-----w-    c:\windows\it
2013-01-12 23:37 . 2013-01-12 23:37    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-12 23:36 . 2013-01-12 23:36    --------    d-----w-    c:\program files\Windows Live
2013-01-12 23:35 . 2013-01-12 23:35    94040    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    525656    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1691480    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\dsetup32.dll
2013-01-12 23:35 . 2013-01-12 23:35    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\dsetup32.dll
2013-01-12 23:35 . 2013-01-12 23:35    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\dsetup32.dll
2013-01-12 16:50 . 2013-01-12 16:50    --------    d-----w-    c:\program files (x86)\VideoLAN
2013-01-12 16:13 . 2013-01-12 18:31    --------    d-----w-    c:\users\Valefor\AppData\Local\CRE
2013-01-10 11:33 . 2012-11-23 03:26    3149824    ----a-w-    c:\windows\system32\win32k.sys
2013-01-10 02:53 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-01-10 02:53 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-01-10 02:32 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-01-10 02:32 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-01-10 02:32 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-01-10 02:32 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-01-10 02:32 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-01-10 02:32 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-01-10 02:00 . 2012-11-30 05:43    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\programdata\BrowserProtect
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\users\Valefor\AppData\Roaming\Babylon
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\programdata\Babylon
2013-01-05 18:12 . 2013-01-05 18:12    727029    ----a-w-    c:\windows\unins000.exe
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\users\Valefor\AppData\Local\Programs
2013-01-01 14:53 . 2013-01-01 14:53    --------    d-----w-    c:\windows\Downloaded Program Files
2013-01-01 14:52 . 2013-01-01 14:53    --------    d-----w-    c:\program files (x86)\Samsung SSD Magician
2012-12-31 17:25 . 2012-12-31 17:25    --------    d-----w-    c:\users\Valefor\AppData\Local\Diagnostics
2012-12-26 00:30 . 2012-12-26 23:50    --------    d-sh--w-    c:\users\Valefor\wc
2012-12-26 00:30 . 2012-12-26 00:38    --------    d-----w-    c:\users\Valefor\AppData\Local\Ubisoft
2012-12-26 00:30 . 2012-12-26 00:30    --------    d-sh--w-    c:\users\Valefor\AppData\Roaming\wyUpdate AU
2012-12-26 00:30 . 2012-12-26 00:30    --------    d-----w-    c:\users\Valefor\AppData\Roaming\Ubisoft
2012-12-21 14:35 . 2012-12-16 17:11    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-21 14:35 . 2012-12-16 14:45    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-21 14:35 . 2012-12-16 14:13    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-21 14:35 . 2012-12-16 14:13    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-21 14:33 . 2012-12-21 14:33    --------    d-----w-    c:\users\Valefor\AppData\Local\Splashtop
2012-12-21 14:31 . 2012-12-21 14:31    --------    d-----w-    c:\programdata\Splashtop
2012-12-21 14:31 . 2012-12-21 14:31    --------    d-----w-    c:\program files (x86)\Splashtop
2012-12-21 14:31 . 2012-12-21 14:31    --------    d-----w-    c:\users\Valefor\AppData\Local\{AB7CBD6B-0741-4997-8430-950DB17CC940}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 12:03 . 2012-07-24 21:15    67599240    ----a-w-    c:\windows\system32\MRT.exe
2013-01-09 16:15 . 2012-07-25 14:35    74248    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 16:15 . 2012-07-25 14:35    697864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-21 00:05 . 2012-12-21 00:05    95184    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-21 00:05 . 2012-07-24 22:39    859072    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-12-21 00:05 . 2012-07-24 22:39    779704    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-10 02:00    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-11-29 16:08 . 2012-11-29 16:08    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2012-11-29 16:08 . 2012-11-29 16:08    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2012-11-29 16:08 . 2012-11-29 16:08    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2012-11-29 16:08 . 2012-11-29 16:08    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2012-11-29 15:03 . 2012-11-29 15:03    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2012-11-29 15:03 . 2012-11-29 15:03    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2012-11-28 21:34 . 2012-11-30 12:56    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{121B5799-68BA-445E-ABF0-54A92E24ADC9}\gapaengine.dll
2012-11-28 21:34 . 2012-10-02 01:11    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 15:26    17811968    ----a-w-    c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 15:26    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 15:26    2312704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 15:26    1346048    ----a-w-    c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 15:26    1392128    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 15:26    1494528    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 15:26    237056    ----a-w-    c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 15:26    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 15:26    816640    ----a-w-    c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 15:26    599040    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 15:26    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 15:26    2144768    ----a-w-    c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 15:26    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 15:26    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 15:26    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 15:26    248320    ----a-w-    c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 15:26    1800704    ----a-w-    c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 15:26    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 15:26    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 15:26    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 15:26    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 15:26    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 11:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 11:34    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 11:34    478208    ----a-w-    c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 11:34    376832    ----a-w-    c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Nexus-Ultimate"="c:\program files (x86)\Winstep\Nexus-Ultimate.exe" [2011-10-10 14558848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-09-17 1310720]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261040~1.25\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-25 2547816]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-09-24 71032]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R3 ALSysIO;ALSysIO;c:\users\Valefor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-29 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-29 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2009-09-17 25600]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Valefor\AppData\Local\Temp\tmp5C61.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-09-24 384888]
R4 CrossLoopService;CrossLoop Service;c:\users\Valefor\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-11-28 548264]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-10-17 386920]
R4 tvnserver;TightVNC Server;c:\users\Valefor\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-24 283200]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-16 16:45    1606760    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 16:15]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 16:44]
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Valefor\AppData\Roaming\Mozilla\Firefox\Profiles\jxai3w73.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Valefor\AppData\Local\Temp\tmp5C61.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-927600952-4210678597-2741023378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-927600952-4210678597-2741023378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Users) @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Everyone) @[URL="http://www.tomshw.it/forum/member.php?u=33658"]Allo[/URL]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Users) @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Everyone) @[URL="http://www.tomshw.it/forum/member.php?u=33658"]Allo[/URL]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (Full) (Everyone)
.
Ora fine scansione: 2013-01-20  03:36:27
ComboFix-quarantined-files.txt  2013-01-20 02:36
ComboFix2.txt  2013-01-17 21:22
ComboFix3.txt  2012-11-29 13:34
.
Pre-Run: 28.452.941.824 byte disponibili
Post-Run: 28.182.626.304 byte disponibili
.
- - End Of File - - BF457FB730981FEDF16554BC32D54098

Di ieri:

Codice:

ComboFix 13-01-21.04 - Valefor 21/01/2013  19:43:04.4.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.6135.5458 [GMT 1:00]
Eseguito da: e:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-12-21 al 2013-01-21  )))))))))))))))))))))))))))))))))))
.
.
2013-01-21 18:44 . 2013-01-21 18:44    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-01-21 18:44 . 2013-01-21 18:44    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-01-21 18:44 . 2013-01-21 18:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-01-21 02:49 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4400EAA3-5771-4CEC-BFE6-F9A7DE8B2BDE}\mpengine.dll
2013-01-20 02:38 . 2013-01-20 02:38    --------    d-----w-    c:\users\Valefor\AppData\Roaming\Malwarebytes
2013-01-20 02:38 . 2013-01-20 02:38    --------    d-----w-    c:\programdata\Malwarebytes
2013-01-20 02:38 . 2013-01-20 02:38    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-20 02:38 . 2012-12-14 15:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-19 17:03 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-16 16:44 . 2013-01-16 16:45    --------    d-----w-    c:\program files (x86)\Google
2013-01-15 00:38 . 2013-01-15 00:38    --------    d-----w-    c:\programdata\TERA
2013-01-14 20:37 . 2008-02-05 14:36    798208    ----a-w-    c:\windows\SysWow64\NextControls.ocx
2013-01-14 20:37 . 2000-05-22 16:58    608448    ----a-w-    c:\windows\SysWow64\comctl32.ocx
2013-01-14 20:37 . 1997-07-19 15:55    1347344    ----a-w-    c:\windows\SysWow64\msvbvm50.dll
2013-01-14 20:37 . 2013-01-14 20:37    --------    d-----w-    c:\program files (x86)\Winstep
2013-01-13 20:40 . 2013-01-15 18:17    --------    d-----w-    c:\users\Valefor\AppData\Local\TERA-Diagnostic
2013-01-13 19:13 . 2013-01-13 19:13    --------    d-----w-    c:\users\Valefor\AppData\Local\TERA
2013-01-13 00:09 . 2013-01-13 00:09    --------    d-----w-    c:\program files (x86)\MSECache
2013-01-12 23:38 . 2013-01-12 23:38    --------    d-----w-    c:\windows\it
2013-01-12 23:37 . 2013-01-12 23:37    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-12 23:36 . 2013-01-12 23:36    --------    d-----w-    c:\program files\Windows Live
2013-01-12 23:35 . 2013-01-12 23:35    94040    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    525656    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1691480    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\8a0f15971cdf11d07\dsetup32.dll
2013-01-12 23:35 . 2013-01-12 23:35    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\88a08c191cdf11d04\dsetup32.dll
2013-01-12 23:35 . 2013-01-12 23:35    89944    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\DSETUP.dll
2013-01-12 23:35 . 2013-01-12 23:35    537432    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\DXSETUP.exe
2013-01-12 23:35 . 2013-01-12 23:35    1801048    ----a-w-    c:\program files (x86)\Common Files\Windows Live\.cache\83530c381cdf11d03\dsetup32.dll
2013-01-12 16:50 . 2013-01-12 16:50    --------    d-----w-    c:\program files (x86)\VideoLAN
2013-01-12 16:13 . 2013-01-12 18:31    --------    d-----w-    c:\users\Valefor\AppData\Local\CRE
2013-01-10 11:33 . 2012-11-23 03:26    3149824    ----a-w-    c:\windows\system32\win32k.sys
2013-01-10 02:53 . 2012-11-09 05:45    750592    ----a-w-    c:\windows\system32\win32spl.dll
2013-01-10 02:53 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-01-10 02:32 . 2012-11-01 05:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2013-01-10 02:32 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2013-01-10 02:32 . 2012-11-01 04:47    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2013-01-10 02:32 . 2012-11-01 05:43    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2013-01-10 02:32 . 2012-11-20 05:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-01-10 02:32 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-01-10 02:00 . 2012-11-30 05:43    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\programdata\BrowserProtect
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\users\Valefor\AppData\Roaming\Babylon
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\programdata\Babylon
2013-01-05 18:12 . 2013-01-05 18:12    727029    ----a-w-    c:\windows\unins000.exe
2013-01-05 18:12 . 2013-01-05 18:12    --------    d-----w-    c:\users\Valefor\AppData\Local\Programs
2013-01-01 14:53 . 2013-01-01 14:53    --------    d-----w-    c:\windows\Downloaded Program Files
2013-01-01 14:52 . 2013-01-01 14:53    --------    d-----w-    c:\program files (x86)\Samsung SSD Magician
2012-12-31 17:25 . 2012-12-31 17:25    --------    d-----w-    c:\users\Valefor\AppData\Local\Diagnostics
2012-12-26 00:30 . 2012-12-26 23:50    --------    d-sh--w-    c:\users\Valefor\wc
2012-12-26 00:30 . 2012-12-26 00:38    --------    d-----w-    c:\users\Valefor\AppData\Local\Ubisoft
2012-12-26 00:30 . 2012-12-26 00:30    --------    d-sh--w-    c:\users\Valefor\AppData\Roaming\wyUpdate AU
2012-12-26 00:30 . 2012-12-26 00:30    --------    d-----w-    c:\users\Valefor\AppData\Roaming\Ubisoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 12:03 . 2012-07-24 21:15    67599240    ----a-w-    c:\windows\system32\MRT.exe
2013-01-09 16:15 . 2012-07-25 14:35    74248    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 16:15 . 2012-07-25 14:35    697864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-21 00:05 . 2012-12-21 00:05    95184    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-21 00:05 . 2012-07-24 22:39    859072    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-12-21 00:05 . 2012-07-24 22:39    779704    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-21 14:35    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 14:35    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:35    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:35    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-10 02:00    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-11-29 16:08 . 2012-11-29 16:08    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2012-11-29 16:08 . 2012-11-29 16:08    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2012-11-29 16:08 . 2012-11-29 16:08    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2012-11-29 16:08 . 2012-11-29 16:08    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2012-11-29 15:03 . 2012-11-29 15:03    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2012-11-29 15:03 . 2012-11-29 15:03    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2012-11-28 21:34 . 2012-11-30 12:56    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{121B5799-68BA-445E-ABF0-54A92E24ADC9}\gapaengine.dll
2012-11-28 21:34 . 2012-10-02 01:11    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 15:26    17811968    ----a-w-    c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 15:26    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 15:26    2312704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 15:26    1346048    ----a-w-    c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 15:26    1392128    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 15:26    1494528    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 15:26    237056    ----a-w-    c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 15:26    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 15:26    816640    ----a-w-    c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 15:26    599040    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 15:26    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 15:26    2144768    ----a-w-    c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 15:26    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 15:26    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 15:26    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 15:26    248320    ----a-w-    c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 15:26    1800704    ----a-w-    c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 15:26    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 15:26    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 15:26    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 15:26    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 15:26    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 11:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 11:34    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 11:34    478208    ----a-w-    c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 11:34    376832    ----a-w-    c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-09-17 1310720]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261040~1.25\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-25 2547816]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-09-24 71032]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R3 ALSysIO;ALSysIO;c:\users\Valefor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-29 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-29 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2009-09-17 25600]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Valefor\AppData\Local\Temp\tmp5C61.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-09-24 384888]
R4 CrossLoopService;CrossLoop Service;c:\users\Valefor\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-11-28 548264]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-10-17 386920]
R4 tvnserver;TightVNC Server;c:\users\Valefor\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-24 283200]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-16 16:45    1606760    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 16:15]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 16:44]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Valefor\AppData\Roaming\Mozilla\Firefox\Profiles\jxai3w73.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Valefor\AppData\Local\Temp\tmp5C61.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-927600952-4210678597-2741023378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-927600952-4210678597-2741023378-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Users) @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Everyone) @[URL="http://www.tomshw.it/forum/member.php?u=33658"]Allo[/URL]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Users) @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A) (Everyone) @[URL="http://www.tomshw.it/forum/member.php?u=33658"]Allo[/URL]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (Full) (Everyone)
.
Ora fine scansione: 2013-01-21  19:45:43
ComboFix-quarantined-files.txt  2013-01-21 18:45
ComboFix2.txt  2013-01-20 02:36
ComboFix3.txt  2013-01-17 21:22
ComboFix4.txt  2012-11-29 13:34
.
Pre-Run: 27.972.726.784 byte disponibili
Post-Run: 27.567.521.792 byte disponibili
.
- - End Of File - - 2942581E96C7D850B5423765C3F8EAD5

Ora che sto scrivendo ho ovviamente il medesimo problema e per risolvere rieseguirò per la terza volta in 3 giorni combofix, ma spero sia solo una situazione provvisoria che potrò risolvere grazie al vostro aiuto, dato che non sò più cosa fare e formattare al momento non è una soluzione fattibile.

Federico83 · 22 Gennaio 2013

apri una nuova discussione in sicurezza questa la chiudo!

Lentezza navigazione internet con tutti i browser. Possibile virus o problema router?

derek1939

Utente Attivo

edo_nabz

Utente Attivo

derek1939

Utente Attivo

Federico83

UTENTE LEGGENDARIO

derek1939

Utente Attivo

Federico83

UTENTE LEGGENDARIO

derek1939

Utente Attivo

Federico83

UTENTE LEGGENDARIO

derek1939

Utente Attivo

Federico83

UTENTE LEGGENDARIO

derek1939

Utente Attivo

ste-87

Federico83

UTENTE LEGGENDARIO