Log HIJACKtHIS Help, compuret va a scatti

[volg]

e da un po che va a rilento, il mouse nn si impalla ma le pagine internet si, e anche i video non online. ho fatto spybot, già va un po meglio, ma ce ancora qualcosa che non va.

questo e il log , cos'altro posso fare? grazie mille:)

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 15.44.17, on 26/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\scan Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\java.exe
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Iminent\IMBooster\imbooster.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Programmi\Logitech\LWS\Webcam Software\LWS.exe
C:\Programmi\Logitech\Vid HD\Vid.exe
C:\Programmi\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Documents and Settings\giuseppe\Local Settings\Apps\F.lux\flux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\NETGEAR\WG111v2\WG111v2.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: digitalchocolate Toolbar - {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - C:\Programmi\digitalchocolate\tbdigi.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTI-S~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: digitalchocolate Toolbar - {60c4696a-e4eb-4d2d-9060-38928dd0b6a2} - C:\Programmi\digitalchocolate\tbdigi.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programmi\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Programmi\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre1.6.0_18\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre1.6.0_18\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Vocal Reader - {E00DD475-1DF2-4881-8CFE-65951AFFA46C} - C:\Programmi\VocalReader\VRForIEBand.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: ChatZum Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Programmi\ChatZum Toolbar\tbunsq1ED.tmp\tbcore3.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IMBooster] C:\Programmi\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB002" /M "Stylus D88"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [LWS] C:\Programmi\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Programmi\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\giuseppe\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: lollipop.lnk = C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe
O4 - Startup: OpenOffice.org 3.3.lnk.disabled
O4 - Global Startup: 20Dollars2Surf.lnk.disabled
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Programmi\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Programmi\4shared Desktop\down_link.htm
O8 - Extra context menu item: Cerca nel web - C:\Programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Mostra Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTI-S~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTI-S~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{52FE4EBB-D00E-499B-8340-5AA564622EEC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F011E2F-B36D-477C-B775-D24AB187143E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0EC9BCA-B0FA-4217-A974-176E443664AE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD2A638-D5AD-40F5-93E1-E37656534B4C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS3\Services\Tcpip\..\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programmi\File comuni\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\scan Emsisoft Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programmi\File comuni\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\giuseppe\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


--
End of file - 19248 bytes

 

[FDAC]

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

 

[volg]

grazie! fatto combofix, ora incollo il log

durante l'esecuzione mi ha dato dei messaggi:

- antivir desktop aperto, ma nn so riuscito a disattivarlo, nn so cosa sia...io ho avast ed era tutto disattivato
- due finestre REGT.3X3 e REGEDIT.EXE che diceva l'applicazione verra chiusa

altra cosa strana che ho notato e che ho 10 voci chrome.exe aperte nei processi, e una sola apgina intenret aperta. questo sia prima che dopo aver fatto combofix

e inoltre chrome quando apro na nuova scheda...prima me la apre normalmente.. poi dopo un po me la passa in automatico in un altra pagina che apre

ecco il log... cosa fare ora? grazie ancora:)

ComboFix 12-08-25.04 - giuseppe 26/08/2012  17.10.45.3.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3327.2812 [GMT 2:00]
Eseguito da: c:\documents and settings\giuseppe\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\unins000.exe
c:\programmi\Windows Live\Messenger\msacm32.dll
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-07-26 al 2012-08-26  )))))))))))))))))))))))))))))))))))
.
.
2012-08-19 14:11 . 2012-08-19 14:11    --------    d-----w-    c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\RadiantViewer
2012-08-19 14:11 . 2012-08-19 14:11    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\RadiantViewer
2012-08-19 12:05 . 2012-08-19 12:05    --------    d-----w-    c:\documents and settings\giuseppe\Dati applicazioni\DICOMedReview
2012-08-18 11:21 . 2012-08-19 11:54    --------    d-----w-    c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater
2012-08-18 11:21 . 2012-08-18 11:25    --------    d-----w-    c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService
2012-08-18 11:21 . 2012-08-18 11:21    --------    d-----w-    c:\documents and settings\LocalService\Menu Avvio
2012-08-17 23:48 . 2012-08-26 01:27    --------    d-----w-    c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop
2012-08-17 23:48 . 2012-08-17 23:48    --------    d-----w-    c:\documents and settings\giuseppe\Dati applicazioni\EmoticoonsToolbar
2012-08-17 23:48 . 2012-08-18 11:22    --------    d-----w-    c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-08-17 23:48 . 2012-08-17 23:48    --------    d-----w-    c:\programmi\MyPcCleaner
2012-08-17 16:31 . 2012-08-17 16:30    463080    ----a-w-    C:\cnet2_WLan Driver 802_11n Rel_ 4_80_28_7_zip (1).exe
2012-07-29 12:41 . 2012-07-03 16:21    18544    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2012-07-28 21:28 . 2012-08-21 09:13    355632    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2012-07-28 21:28 . 2012-08-21 09:13    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2012-07-28 21:28 . 2012-08-21 09:13    729752    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2012-07-28 21:28 . 2012-08-21 09:13    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2012-07-28 21:28 . 2012-08-21 09:13    35928    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2012-07-28 21:28 . 2012-08-21 09:13    97608    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2012-07-28 21:28 . 2012-08-21 09:13    89624    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2012-07-28 21:28 . 2012-08-21 09:13    25256    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2012-07-28 21:28 . 2012-08-21 09:12    227648    ----a-w-    c:\windows\system32\aswBoot.exe
2012-07-28 21:28 . 2012-07-28 21:28    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2012-07-28 15:12 . 2012-07-28 15:12    --------    d-----w-    c:\documents and settings\giuseppe\AppData
2012-07-28 13:31 . 2012-07-28 13:31    --------    d-----w-    c:\windows\system32\wbem\Repository
2012-07-28 13:28 . 2012-07-28 13:28    --------    d-----w-    c:\programmi\File comuni\PCSuite
2012-07-28 13:26 . 2012-07-28 13:28    --------    d-----w-    c:\programmi\File comuni\Nokia
2012-07-28 13:26 . 2012-07-28 13:26    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Nokia
2012-07-28 13:09 . 2012-07-28 13:09    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:12 . 2012-01-30 10:56    41224    ----a-w-    c:\windows\avastSS.scr
2012-07-06 13:59 . 2004-08-19 13:39    78336    ----a-w-    c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-12-15 16:56    139784    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2004-08-19 13:31    1866112    ----a-w-    c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2011-05-06 09:45    22344    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-07-02 17:39 . 2004-08-19 13:39    916992    ----a-w-    c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-19 13:39    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-19 13:39    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-19 13:26    385024    ------w-    c:\windows\system32\html.iec
2012-06-14 20:44 . 2012-06-14 20:44    3826112    ----a-w-    C:\chatzum.exe
2012-06-05 15:49 . 2008-12-15 11:16    1372672    ----a-w-    c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-19 13:39    1172480    ----a-w-    c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-19 13:39    152576    ----a-w-    c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-12-15 16:57    329240    ----a-w-    c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-12-15 16:57    219160    ----a-w-    c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-12-15 16:57    210968    ----a-w-    c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-12-15 16:57    53784    ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-12-15 16:57    35864    ----a-w-    c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09    45080    ----a-w-    c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-19 13:39    97304    ----a-w-    c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08    15896    ----a-w-    c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-12-15 16:57    577048    ----a-w-    c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 13:12    24088    ----a-w-    c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:08    15896    ----a-w-    c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:07    18968    ----a-w-    c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-12-15 16:57    1933848    ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-12-16 11:32    275696    ----a-w-    c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-12-16 11:32    214256    ----a-w-    c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-12-16 11:32    18672    ----a-w-    c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2004-08-19 13:39    603136    ----a-w-    c:\windows\system32\crypt32.dll
2005-10-08 15:07    991800    --sh--r-    c:\windows\Windows Update\scvhost.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}"= "c:\programmi\digitalchocolate\tbdigi.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
2010-10-18 10:26    3908192    ----a-w-    c:\programmi\digitalchocolate\tbdigi.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{60C4696A-E4EB-4D2D-9060-38928DD0B6A2}"= "c:\programmi\digitalchocolate\tbdigi.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12    121528    ----a-w-    c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\programmi\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"F.lux"="c:\documents and settings\giuseppe\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMBooster"="c:\programmi\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"LWS"="c:\programmi\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
lollipop.lnk - c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe [2012-8-18 909312]
OpenOffice.org 3.3.lnk.disabled [2011-11-22 836]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
20Dollars2Surf.lnk.disabled [2011-1-17 682]
NETGEAR WG111v2 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v2\WG111v2.exe [2010-12-29 1261568]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21    548352    ----a-w-    c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-16 10:24    87424    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^giuseppe^Menu Avvio^Programmi^Esecuzione automatica^Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk]
backup=c:\windows\pss\Fantacalcio Manager 2006 - Top Edition Quick Loader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22    59240    ----a-w-    c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 16:00    299008    ------w-    c:\programmi\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 13:40    63048    ----a-w-    c:\programmi\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTAgent.exe" -autorun
"Facebook Update"="c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Google Update"="c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"NokiaSuite.exe"=c:\programmi\Nokia\Nokia Suite\NokiaSuite.exe -tray
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"RoboForm"="c:\programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"SpybotSD TeaTimer"=c:\programmi\ANTI - Spybot - Search & Destroy\TeaTimer.exe
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Spiceworks"=c:\programmi\Spiceworks\bin\spicetray_silent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\GoS\\GoS.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\BlackBox\\bbserver.exe"=
"m:\\PES 2011\\pes2011.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"m:\\FM 2011\\fm.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\giuseppe\\Dati applicazioni\\Run.exe"=
"c:\\Programmi\\GigaTribe\\gigatribe.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Java\\jre1.6.0_18\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Programmi\\Iminent\\IMBooster\\IMBooster.exe"=
"c:\\Programmi\\Iminent\\MMServer\\Iminent.MMServer.exe"=
"c:\\Programmi\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Programmi\\NETGEAR\\WG111v2\\WG111v2.exe"=
"c:\\Programmi\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:bbserver protocol
.
R?2 ServUpdater;Serv Updater;c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [18/08/2012 13.21.13 156160]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 a2injectiondriver;a2injectiondriver;c:\programmi\scan Emsisoft Anti-Malware\a2dix86.sys [04/05/2011 3.46.19 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\programmi\scan Emsisoft Anti-Malware\a2util32.sys [04/05/2011 3.46.20 11776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/07/2012 14.41.57 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2012 23.28.36 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2012 23.28.39 355632]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [17/12/2010 18.55.05 12960]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 9.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 9.43.28 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [02/08/2009 20.17.04 142592]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\programmi\scan Emsisoft Anti-Malware\a2service.exe [04/05/2011 3.46.16 3045688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2012 23.28.39 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [08/12/2010 13.11.32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [17/09/2010 15.40.06 12856]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [21/11/2009 13.42.33 583640]
R2 PowerOffer Service;Pos Service;c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [18/08/2012 13.21.13 169472]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\programmi\File comuni\Seagate\Schedule2\schedul2.exe [19/11/2009 17.06.44 431456]
R2 SoftwareUpd;Software Upd;c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [18/08/2012 1.48.11 161280]
R3 a2acc;a2acc;c:\programmi\scan Emsisoft Anti-Malware\a2accx86.sys [04/05/2011 3.46.19 51632]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/11/2010 16.31.17 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [07/01/2011 19.41.05 8192]
S2 LinksysUpdater;Linksys Updater;c:\programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe [18/01/2008 15.17.42 204800]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [22/11/2010 16.31.17 136176]
S3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [23/08/2010 10.28.39 41216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 11.25.22 30969208]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13/01/2009 23.57.07 47360]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [29/12/2010 13.34.54 194304]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 9.43.30 7408]
S4 UMVPFSrv;UMVPFSrv;c:\programmi\File comuni\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 11.26.50 450848]
S4 waudit;waudit;c:\windows\ASMBB\win32\waudit.exe [23/08/2010 10.28.38 1056768]
S4 Web Assistant Updater;Web Assistant Updater;c:\programmi\Web Assistant\ExtensionUpdaterService.exe [15/06/2012 16.27.52 185856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADFECDC7-E815-A4BD-C803-A39CD9AA14DF}]
2008-07-25 09:17    1172472    ---h--w-    c:\documents and settings\giuseppe\Dati applicazioni\Run.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-28 09:12]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-22 14:31]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-22 14:31]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-682003330-1003Core.job
- c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-28 15:19]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-682003330-1003UA.job
- c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-28 15:19]
.
2012-08-26 c:\windows\Tasks\User_Feed_Synchronization-{A18AF134-B559-4A91-8216-78CB0470EE08}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = local
mSearchAssistant = about:blank
IE: &Download All using 4shared Desktop - c:\programmi\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\programmi\4shared Desktop\down_link.htm
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Compila Modulo - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Download with &Media Finder - c:\programmi\Media Finder\hook.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Personalizza - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: Interfaces\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{52FE4EBB-D00E-499B-8340-5AA564622EEC}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{6F011E2F-B36D-477C-B775-D24AB187143E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EC9BCA-B0FA-4217-A974-176E443664AE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FFD2A638-D5AD-40F5-93E1-E37656534B4C}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-Facebook Update - c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\unins000.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-764733703-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Programmi\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009e1c
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="05-E780-E5AF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1482476501-764733703-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\FM Genie Scout 12\\games"
"ShortlistDir"="c:\\FM Genie Scout 12\\shortlists"
"FMPath"="c:\\Programmi\\SEGA\\Football Manager 2012\\"
"ScreenshotsDir"="c:\\FM Genie Scout 12"
"SaveDir"="c:\\FM Genie Scout 12\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\Programmi\\SEGA\\Football Manager 2012\\data\\db\\1200\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2012\\games\\prim.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a0ad
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="05-E780-E5AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000003
"StaffSearchFeatureNum"=dword:00000003
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000004
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000005
"GameLoadedCounter"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2012-08-26  17:32:55
ComboFix-quarantined-files.txt  2012-08-26 15:32
.
Pre-Run: 303.642.259.456 byte disponibili
Post-Run: 303.640.059.904 byte disponibili
.
- - End Of File - - EAE79A60AD4498479021F2275139567D

- - - Updated - - -

altra cosa strana che ho notato e che ho 10 voci chrome.exe aperte nei processi, e una sola apgina intenret aperta. questo sia prima che dopo aver fatto combofix

e inoltre chrome quando apro na nuova scheda...prima me la apre normalmente.. poi dopo un po me la passa in automatico in un altra pagina che apre

 

[FDAC]

Cos'è questo file?


c:\documents and settings\giuseppe\Dati applicazioni\Run.exe


Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

File::
c:\programmi\Iminent\IMBooster\imbooster.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService\Pos.exe

Folder::
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\All Users\Documenti\AppData\PoApp
c:\programmi\Iminent
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop
c:\documents and settings\giuseppe\Dati applicazioni\EmoticoonsToolbar
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\programmi\MyPcCleaner
c:\programmi\digitalchocolate

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}"=-
[-HKEY_CLASSES_ROOT\clsid\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{60C4696A-E4EB-4D2D-9060-38928DD0B6A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{60c4696a-e4eb-4d2d-9060-38928dd0b6a2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMBooster"=-
"PosService"=-

Driver::
ServUpdater
PowerOffer Service

● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.



Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script

 

[volg]

Cos'è questo file?


c:\documents and settings\giuseppe\Dati applicazioni\Run.exe

non lo so, posso farci qualcosa per vedere?

esequito combofix col file txt che mi hai dato, incollo il log. grazie!:)

ComboFix 12-08-25.04 - giuseppe 28/08/2012  16.42.16.4.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3327.2818 [GMT 2:00]
Eseguito da: c:\documents and settings\giuseppe\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\giuseppe\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe"
"c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe"
"c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService\Pos.exe"
"c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
"c:\programmi\Iminent\IMBooster\imbooster.exe"
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop\Lollipop.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\programmi\Iminent\IMBooster\imbooster.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Legacy_SoftwareUpd
-------\Service_SoftwareUpd
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-07-28 al 2012-08-28  )))))))))))))))))))))))))))))))))))
.
.
2012-08-28 15:10 . 2012-08-28 15:10	--------	d---a-w-	c:\documents and settings\All Users\Dati applicazioni\TEMP
2012-08-26 17:59 . 2012-08-26 17:59	--------	d-----w-	c:\documents and settings\giuseppe\Dati applicazioni\IEToolbar
2012-08-19 14:11 . 2012-08-19 14:11	--------	d-----w-	c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\RadiantViewer
2012-08-19 14:11 . 2012-08-19 14:11	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\RadiantViewer
2012-08-19 12:05 . 2012-08-19 12:05	--------	d-----w-	c:\documents and settings\giuseppe\Dati applicazioni\DICOMedReview
2012-08-18 11:21 . 2012-08-28 15:01	--------	d-----w-	c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater
2012-08-18 11:21 . 2012-08-28 15:01	--------	d-----w-	c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\PosService
2012-08-18 11:21 . 2012-08-18 11:21	--------	d-----w-	c:\documents and settings\LocalService\Menu Avvio
2012-08-17 23:48 . 2012-08-28 15:01	--------	d-----w-	c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Lollipop
2012-08-17 23:48 . 2012-08-17 23:48	--------	d-----w-	c:\documents and settings\giuseppe\Dati applicazioni\EmoticoonsToolbar
2012-08-17 23:48 . 2012-08-18 11:22	--------	d-----w-	c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-08-17 23:48 . 2012-08-17 23:48	--------	d-----w-	c:\programmi\MyPcCleaner
2012-08-17 16:31 . 2012-08-17 16:30	463080	----a-w-	C:\cnet2_WLan Driver 802_11n Rel_ 4_80_28_7_zip (1).exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2012-07-28 21:28	355632	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-28 21:28	729752	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-28 21:28	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-28 21:28	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-07-28 21:28	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-07-28 21:28	89624	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-07-28 21:28	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-07-28 21:28	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-01-30 10:56	41224	----a-w-	c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-28 21:28	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-06 13:59 . 2004-08-19 13:39	78336	----a-w-	c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-12-15 16:56	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2004-08-19 13:31	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-07-03 16:21 . 2012-07-29 12:41	18544	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-07-03 11:46 . 2011-05-06 09:45	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-02 17:39 . 2004-08-19 13:39	916992	----a-w-	c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-19 13:39	43520	------w-	c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-19 13:39	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-19 13:26	385024	------w-	c:\windows\system32\html.iec
2012-06-14 20:44 . 2012-06-14 20:44	3826112	----a-w-	C:\chatzum.exe
2012-06-05 15:49 . 2008-12-15 11:16	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-19 13:39	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-19 13:39	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-12-15 16:57	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-12-15 16:57	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-12-15 16:57	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-12-15 16:57	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-12-15 16:57	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-19 13:39	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-12-15 16:57	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 13:12	24088	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 13:07	18968	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-12-15 16:57	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-12-16 11:32	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-12-16 11:32	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-12-16 11:32	18672	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2004-08-19 13:39	603136	----a-w-	c:\windows\system32\crypt32.dll
2005-10-08 15:07	991800	--sh--r-	c:\windows\Windows Update\scvhost.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\programmi\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"F.lux"="c:\documents and settings\giuseppe\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"LWS"="c:\programmi\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 172032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.3.lnk.disabled [2011-11-22 836]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NETGEAR WG111v2 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v2\WG111v2.exe [2010-12-29 1261568]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21	548352	----a-w-	c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-16 10:24	87424	----a-w-	c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^20Dollars2Surf.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\20Dollars2Surf.lnk.disabled
backup=c:\windows\pss\20Dollars2Surf.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^giuseppe^Menu Avvio^Programmi^Esecuzione automatica^Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk]
backup=c:\windows\pss\Fantacalcio Manager 2006 - Top Edition Quick Loader.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22	59240	----a-w-	c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 16:00	299008	------w-	c:\programmi\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 13:40	63048	----a-w-	c:\programmi\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTAgent.exe" -autorun
"Facebook Update"="c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Google Update"="c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"NokiaSuite.exe"=c:\programmi\Nokia\Nokia Suite\NokiaSuite.exe -tray
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"RoboForm"="c:\programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"SpybotSD TeaTimer"=c:\programmi\ANTI - Spybot - Search & Destroy\TeaTimer.exe
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Spiceworks"=c:\programmi\Spiceworks\bin\spicetray_silent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\GoS\\GoS.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\BlackBox\\bbserver.exe"=
"m:\\PES 2011\\pes2011.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"m:\\FM 2011\\fm.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\giuseppe\\Dati applicazioni\\Run.exe"=
"c:\\Programmi\\GigaTribe\\gigatribe.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Java\\jre1.6.0_18\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Programmi\\Iminent\\MMServer\\Iminent.MMServer.exe"=
"c:\\Programmi\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Programmi\\NETGEAR\\WG111v2\\WG111v2.exe"=
"c:\\Programmi\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:bbserver protocol
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 a2injectiondriver;a2injectiondriver;c:\programmi\scan Emsisoft Anti-Malware\a2dix86.sys [04/05/2011 3.46.19 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\programmi\scan Emsisoft Anti-Malware\a2util32.sys [04/05/2011 3.46.20 11776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/07/2012 14.41.57 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2012 23.28.36 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2012 23.28.39 355632]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [17/12/2010 18.55.05 12960]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 9.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 9.43.28 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [02/08/2009 20.17.04 142592]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\programmi\scan Emsisoft Anti-Malware\a2service.exe [04/05/2011 3.46.16 3045688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2012 23.28.39 21256]
R2 LinksysUpdater;Linksys Updater;c:\programmi\Linksys\Linksys Updater\bin\LinksysUpdater.exe [18/01/2008 15.17.42 204800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [08/12/2010 13.11.32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [17/09/2010 15.40.06 12856]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe [21/11/2009 13.42.33 583640]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\programmi\File comuni\Seagate\Schedule2\schedul2.exe [19/11/2009 17.06.44 431456]
R3 a2acc;a2acc;c:\programmi\scan Emsisoft Anti-Malware\a2accx86.sys [04/05/2011 3.46.19 51632]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [29/12/2010 13.34.54 194304]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/11/2010 16.31.17 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [07/01/2011 19.41.05 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [22/11/2010 16.31.17 136176]
S3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [23/08/2010 10.28.39 41216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 11.25.22 30969208]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13/01/2009 23.57.07 47360]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 9.43.30 7408]
S4 UMVPFSrv;UMVPFSrv;c:\programmi\File comuni\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 11.26.50 450848]
S4 waudit;waudit;c:\windows\ASMBB\win32\waudit.exe [23/08/2010 10.28.38 1056768]
S4 Web Assistant Updater;Web Assistant Updater;c:\programmi\Web Assistant\ExtensionUpdaterService.exe [15/06/2012 16.27.52 185856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ADFECDC7-E815-A4BD-C803-A39CD9AA14DF}]
2008-07-25 09:17	1172472	---h--w-	c:\documents and settings\giuseppe\Dati applicazioni\Run.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-28 09:12]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-22 14:31]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-11-22 14:31]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-682003330-1003Core.job
- c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-28 15:19]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-764733703-682003330-1003UA.job
- c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-28 15:19]
.
2012-08-28 c:\windows\Tasks\User_Feed_Synchronization-{A18AF134-B559-4A91-8216-78CB0470EE08}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = local
mSearchAssistant = about:blank
IE: &Download All using 4shared Desktop - c:\programmi\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\programmi\4shared Desktop\down_link.htm
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Compila Modulo - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Download with &Media Finder - c:\programmi\Media Finder\hook.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Personalizza - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: Interfaces\{264F0D93-5C0B-4F43-B4BE-C80DB5B28AF5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{52FE4EBB-D00E-499B-8340-5AA564622EEC}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{6F011E2F-B36D-477C-B775-D24AB187143E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EC9BCA-B0FA-4217-A974-176E443664AE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FFD2A638-D5AD-40F5-93E1-E37656534B4C}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-IMBooster - c:\programmi\Iminent\IMBooster\imbooster.exe
HKLM-Run-PosService - c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
AddRemove-lollipop - c:\documents and settings\giuseppe\impostazioni locali\dati applicazioni\lollipop\lollipop.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-764733703-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Programmi\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009e1c
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="05-E780-E5AF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1482476501-764733703-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\FM Genie Scout 12\\games"
"ShortlistDir"="c:\\FM Genie Scout 12\\shortlists"
"FMPath"="c:\\Programmi\\SEGA\\Football Manager 2012\\"
"ScreenshotsDir"="c:\\FM Genie Scout 12"
"SaveDir"="c:\\FM Genie Scout 12\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\Programmi\\SEGA\\Football Manager 2012\\data\\db\\1200\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\giuseppe\\Documenti\\Sports Interactive\\Football Manager 2012\\games\\prim.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a0ad
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="05-E780-E5AF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000003
"StaffSearchFeatureNum"=dword:00000003
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000004
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000005
"GameLoadedCounter"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(1188)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\File comuni\Maxtor\Schedule2\schedul2.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\java.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
c:\programmi\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-08-28  17:16:35 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-08-28 15:16
ComboFix2.txt  2012-08-26 15:32
.
Pre-Run: 303.099.064.320 byte disponibili
Post-Run: 303.108.177.920 byte disponibili
.
- - End Of File - - FEF1FCD41E5149869E592934277A19B2

 

[FDAC]

Disinstalla

MyPcCleaner

Hai accesso al PC come amministratore?
Il PC ora come va?

 

[Crew]

Disinstalla

MyPcCleaner

Hai accesso al PC come amministratore?
Il PC ora come va?

FDAC siccome mi sembri uno che se ne intende di ste cose se vuoi puoi dare una controllatina a un mio Post qui su Sicurezza? :D

Ritornando al Topic volevo solo dire che mi trovai anche io qualche anno fa in una situazione simile...Non avendo voglia di risolvere formattai xD