www.MegaLab.it

[Jack_84]

Procedura effettuata. Ecco il log aggiornato

ComboFix 12-11-27.01 - Nino 28/11/2012 9.50.00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.337 [GMT 1:00]
Eseguito da: c:\documents and settings\Nino\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Nino\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe"
"c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe"
"c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\PosService\Pos.exe"
"c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
"c:\documents and settings\Nino\nomeacaso.CMD"
"c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe"
"c:\windows\system32\browserchoice.exe"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Yuna Software
c:\programmi\Yuna Software\Messenger Plus! for Skype\f_in_box.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\ffmpeg.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\Languages\Lng_Default.ini
c:\programmi\Yuna Software\Messenger Plus! for Skype\libgomp-1.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\loading.swf
c:\programmi\Yuna Software\Messenger Plus! for Skype\Log Viewer.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\msvcp100.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\msvcr100.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\PlusSkypeService.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\pthreadgc2.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\qgif4.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
c:\programmi\Yuna Software\Messenger Plus! for Skype\skype_emoticons.dat
c:\programmi\Yuna Software\Messenger Plus! for Skype\sox.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\Uninstall.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\WinksViewer.exe
c:\programmi\Yuna Software\Messenger Plus! for Skype\zlib1.dll
c:\programmi\Yuna Software\Messenger Plus!\cacerts.pem
c:\programmi\Yuna Software\Messenger Plus!\Detour32.dll
c:\programmi\Yuna Software\Messenger Plus!\Detoured.dll
c:\programmi\Yuna Software\Messenger Plus!\DriverTools.exe
c:\programmi\Yuna Software\Messenger Plus!\DriverTools64.exe
c:\programmi\Yuna Software\Messenger Plus!\Events Style Sheet.xsl
c:\programmi\Yuna Software\Messenger Plus!\lame_enc.dll
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Arabic.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_ChineseSimplified.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_ChineseTraditional.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Danish.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Default.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Dutch.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Estonian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Finnish.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_French.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_German.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Hebrew.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Hungarian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Italian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Japanese.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Norwegian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Portuguese.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_PortugueseBrazilian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Russian.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Spanish.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Swedish.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Thai.ini
c:\programmi\Yuna Software\Messenger Plus!\Languages\Lng_Turkish.ini
c:\programmi\Yuna Software\Messenger Plus!\libsndfile.dll
c:\programmi\Yuna Software\Messenger Plus!\Log Viewer.exe
c:\programmi\Yuna Software\Messenger Plus!\MPScripts.dll
c:\programmi\Yuna Software\Messenger Plus!\MPSkins.dll
c:\programmi\Yuna Software\Messenger Plus!\MPTools.exe
c:\programmi\Yuna Software\Messenger Plus!\MsgPlus-WLMLoader.dll
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\amd64\MsgPlusDriver.sys
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\amd64\VCam_WDM.pdb
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\i386\MsgPlusDriver.sys
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\i386\VCam_WDM.pdb
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\MsgPlusDriver.inf
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\msgplusdriverx64.cat
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusDriver\msgplusdriverx86.cat
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusLive.dll
c:\programmi\Yuna Software\Messenger Plus!\MsgPlusRes.dll
c:\programmi\Yuna Software\Messenger Plus!\msvcp100.dll
c:\programmi\Yuna Software\Messenger Plus!\msvcr100.dll
c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
c:\programmi\Yuna Software\Messenger Plus!\Uninstall.exe
c:\programmi\Yuna Software\Messenger Plus!\VCamWLMFilter.ax
c:\programmi\Yuna Software\Messenger Plus!\vdeffectsWLM.ax
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Legacy_MsgPlusService
-------\Legacy_MsgPlusService
-------\Service_MsgPlusService
-------\Service_MsgPlusService
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-28 al 2012-11-28 )))))))))))))))))))))))))))))))))))
.
.
2012-11-27 16:46 . 2012-11-27 16:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-26 20:13 . 2012-03-23 18:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-11-26 19:06 . 2012-11-26 19:06 -------- d-----w- C:\FFOutput
2012-11-26 14:14 . 2012-11-26 14:14 -------- d-----w- C:\Documents
2012-11-24 21:13 . 2012-11-24 21:15 -------- d-----w- c:\documents and settings\Nino\Dati applicazioni\Epson
2012-11-24 21:02 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-11-24 21:02 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BHAE.DLL
2012-11-24 21:02 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBHAE.DLL
2012-11-24 21:01 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-11-24 21:01 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-11-24 20:28 . 2012-11-24 20:28 -------- d-----w- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\ABBYY
2012-11-24 20:24 . 2012-11-24 20:28 -------- d-----w- c:\programmi\ABBYY FineReader 9.0 Sprint
2012-11-24 20:24 . 2012-11-24 20:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ABBYY
2012-11-24 20:24 . 2012-11-24 20:24 -------- d-----w- c:\programmi\File comuni\ABBYY
2012-11-24 20:23 . 2012-11-24 20:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2012-11-24 20:18 . 2012-11-24 20:22 -------- d-----w- c:\programmi\Epson Software
2012-11-24 20:17 . 2011-08-30 12:39 457780 ----a-w- c:\windows\system32\ensppui.dll
2012-11-24 20:17 . 2011-08-30 12:39 457780 ----a-w- c:\windows\system32\enppui.dll
2012-11-24 20:17 . 2011-08-30 12:38 475496 ----a-w- c:\windows\system32\ensppmon.dll
2012-11-24 20:17 . 2011-08-30 12:38 475496 ----a-w- c:\windows\system32\enppmon.dll
2012-11-24 20:17 . 2011-08-01 17:24 249344 ----a-w- c:\windows\system32\enspres.dll
2012-11-24 20:17 . 2011-08-01 17:24 249344 ----a-w- c:\windows\system32\enpres.dll
2012-11-24 20:17 . 2012-11-24 20:17 -------- d-----w- c:\programmi\EpsonNet
2012-11-24 20:16 . 2012-11-24 20:16 -------- d-----w- c:\programmi\File comuni\EPSON
2012-11-24 20:15 . 2012-11-24 21:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2012-11-24 20:15 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-11-24 20:15 . 2009-10-15 23:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-11-24 20:15 . 2009-09-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-11-24 08:53 . 2012-11-24 08:53 -------- d-----w- c:\programmi\RedStrike
2012-11-24 08:50 . 2012-11-24 08:50 -------- d-----w- c:\programmi\Defraggler
2012-11-22 16:36 . 2012-11-27 09:33 -------- d-----w- c:\documents and settings\Nino\Dati applicazioni\avidemux
2012-11-22 16:35 . 2012-11-22 16:36 -------- d-----w- c:\programmi\Avidemux 2.6
2012-11-16 15:54 . 2012-11-16 15:54 388096 ----a-r- c:\documents and settings\Nino\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-16 15:54 . 2012-11-16 15:54 -------- d-----w- c:\programmi\Trend Micro
2012-11-16 15:42 . 2012-11-16 15:42 -------- d-----w- c:\programmi\UPHClean
2012-11-16 15:37 . 2012-11-16 15:37 298 ----a-w- c:\documents and settings\Nino\nomeacaso.CMD
2012-11-16 11:55 . 2012-11-16 11:55 -------- d-----w- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Daring_Development_Inc
2012-11-16 11:30 . 2012-11-16 11:30 -------- d-----w- c:\programmi\Daring Development
2012-11-16 08:47 . 2012-11-16 08:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2012-11-15 20:24 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 23:38 . 2011-05-07 14:17 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-05-02 18:36 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2011-05-02 18:36 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2011-05-02 18:36 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-22 08:04 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-05-02 18:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-05 10:53 . 2012-10-05 10:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 10:53 . 2011-05-18 18:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 18:54 . 2012-01-27 21:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 10:10 . 2012-10-03 13:41 31584 ----a-w- c:\windows\system32\TURegOpt.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-14 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-07-16 22:12 . 115516DC54B5F2DC288AAEE24B38AC1D . 1550336 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-07-16 . C84590DFD964CA7A7F3BCD5DEC519373 . 486912 . . [5.1.2600.5577] . . c:\windows\system32\user32.dll
.
[-] 2010-07-16 . 9EFFFA6DE5F17CB4172BDEB447E41968 . 1530880 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 4A1427E11B163422E00FB26E7497B1A2 . 281088 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-07-16 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"PowerStrip"="c:\programmi\powerstrip\pstrip.exe" [2008-09-17 737408]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-16 3117344]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\documents and settings\Nino\Menu Avvio\Programmi\Esecuzione automatica\
My 190.lnk - c:\programmi\My 190\My 190.exe [2012-9-23 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2011-05-16 13:58 75048 ------w- c:\programmi\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-20 11:07 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:37 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"McciCMService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"CodeMeter.exe"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"Google Update"="c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Skype"="c:\programmi\Skype\Phone\Skype.exe" /nosplash /minimized
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"EPSON SX430 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE /FU "c:\docume~1\Nino\IMPOST~1\Temp\E_S4D4.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"BDRegion"=c:\programmi\Cyberlink\Shared files\brs.exe
"RemoteControl10"=c:\programmi\CyberLink\PowerDVD10\PDVD10Serv.exe
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
"H2O"=c:\programmi\SyncroSoft\Pos\H2O\cledx.exe
"MessengerPlusForSkypeService"="c:\programmi\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
"PlusService"=c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
"RTHDCPL"=RTHDCPL.EXE
"UIS Start"=c:\windows\system32\PSGJME\UIS.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EEventManager"="c:\programmi\Epson Software\Event Manager\EEventManager.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\BitTorrent\\BitTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Emule\\emule.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Programmi\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Nino\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5605:TCP"= 5605:TCP:messenger
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02/05/2011 19.36.52 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/05/2011 19.36.54 32640]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/03/2012 8.40.02 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/03/2012 8.40.04 104160]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/24 11:29];c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl [20/12/2011 14.56.34 87536]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [07/03/2012 15.40.34 913144]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [14/09/2012 16.54.00 399432]
R2 PSTRIP;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15/07/2007 2.37.04 27992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [19/09/2012 11.10.58 1699168]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10/01/2012 18.12.01 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/01/2012 22.48.44 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [18/09/2012 15.02.02 10088]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14/07/2010 23.28.58 9472]
S2 cintime32;Microsoft New IME 98b;c:\windows\system32\rundll32.exe cintime32.dll,uqef c:\windows\system32\rundll32.exe cintime32.dll,uqef
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/01/2012 22.48.53 676936]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [06/09/2011 21.50.01 45312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/11/2012 17.46.56 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/03/2012 21.31.23 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/03/2012 21.31.23 8576]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [06/09/2011 21.50.01 55936]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17.07.14 759048]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\programmi\CodeMeter\Runtime\bin\CodeMeter.exe [06/07/2011 3.30.00 2304912]
S4 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [29/02/2012 7.50.48 158856]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-18 08:46]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-11-04 18:08]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-11-04 18:08]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-20 11:07]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-20 11:07]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-05-21 11:07]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-05-21 11:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{86E1A749-1B77-4EDA-95DA-AEA24706750D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CD13BA9F-55D8-4726-A07D-C1CB574AC7B6}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-PlusService - c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
AddRemove-Messenger Plus! - c:\programmi\Yuna Software\Messenger Plus!\Uninstall.exe
AddRemove-Messenger Plus! for Skype - c:\programmi\Yuna Software\Messenger Plus! for Skype\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-28 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1188)
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\COMRes.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1040\GrooveIntlResource.dll
c:\windows\System32\cscui.dll
c:\programmi\powerstrip\pshook.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
- - - - - - - > 'csrss.exe'(980)
c:\windows\system32\cmdcsr.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\programmi\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-28 10:07:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-28 09:07
ComboFix2.txt 2012-11-27 21:19
ComboFix3.txt 2012-01-22 14:47
.
Pre-Run: 85.110.886.400 byte disponibili
Post-Run: 84.998.668.288 byte disponibili
.
- - End Of File - - 6283F64133E3DBD717C7B68033D451D4

[GERONIMO*]

disinstalla 1 dei 2 firewall
Armor Firewall
COMODO Firewall
non puoi avere 2 firewall attivi sul pc,oltre a generare conflitti insieme riducono la sicurezza del pc ed appesantiscono il sistema con blocchi ecc..

poi fai anche una scansione con OTL
Scarica OTL by OldTimer sul Desktop
http://oldtimer.geekstogo.com/OTL.exe
Chiudi tutti i programmi aperti Mettete il segno di spunta su Scan All Users
Clicca su Run Scan
Attendi la fine della scansione, OTL lascierà due file di log (OTL.txt ed Extras.txt)
postali qui..quando posti i report usa il tasto MEMO altrimenti la pagina diventa chilometrica

[Jack_84]

Ti assicuro che ho installato un solo firewall (Comodo): tant'è che non vedo l'altro firewall nè dall'elenco dei programmi che si avviano nè tra i programmi da disinstallare. Conosci un modo per stanarlo? Tra poco effettuo l'altra operazione da te suggerita. comunque sei davvero molto disponibile e gentile!!

[Jack_84]

Ecco il post di OTL

OTL logfile created on: 28/11/2012 13.47.05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Nino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1023,23 Mb Total Physical Memory | 249,08 Mb Available Physical Memory | 24,34% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programmi
Drive C: | 232,89 Gb Total Space | 77,48 Gb Free Space | 33,27% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: Nino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 13.46.11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nino\Desktop\OTL.exe
PRC - [2012/11/16 09.49.16 | 003,117,344 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2012/11/14 03.11.00 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
PRC - [2012/11/08 00.37.37 | 001,990,464 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/08 00.37.11 | 006,756,048 | ---- | M] (COMODO) -- C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/09/29 19.54.26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 23.12.59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe
PRC - [2012/03/07 15.40.34 | 000,913,144 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/07/16 23.14.33 | 001,530,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/01/09 20.37.50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/03/05 15.07.20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/17 16.12.06 | 000,737,408 | ---- | M] (EnTech Taiwan) -- C:\Programmi\PowerStrip\PStrip.exe
PRC - [2008/04/13 18.14.10 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2006/07/13 15.59.48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 03.10.59 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/14 03.10.58 | 012,456,040 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
MOD - [2012/11/14 03.10.57 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/14 03.10.12 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/14 03.10.11 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/14 03.10.04 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/14 03.10.03 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/14 03.10.02 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/07/27 21.51.42 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
MOD - [2011/03/17 00.11.16 | 004,297,568 | ---- | M] () -- C:\Programmi\File comuni\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/04/13 18.13.44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\rundll32.exe cintime32.dll,uqef -- (cintime32)
SRV - [2012/11/08 00.37.37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/29 19.54.26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19.54.26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/24 23.12.59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/19 11.10.58 | 001,699,168 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/03/07 15.40.34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012/02/29 07.50.48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/22 18.05.18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/04 13.32.36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/24 21.32.00 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/06 03.30.00 | 002,304,912 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Programmi\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2010/09/13 20.02.44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Disabled | Stopped] -- C:\Programmi\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2010/01/09 20.37.50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20.18.00 | 000,149,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/05/14 17.07.14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/11/09 21.48.14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 18.14.10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18.14.10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/13 18.14.10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/07/13 15.59.48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 15.59.32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 17.04.02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/11/27 17.48.03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/11/08 00.38.17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/08 00.38.16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/08 00.38.14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/09/29 19.54.26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/18 15.02.02 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/03/14 08.40.04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012/03/14 08.40.02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08.40.02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/11/01 10.07.26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10.07.26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10.07.26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10.07.24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 10.07.24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 10.07.24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/09/06 21.59.09 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2011/09/06 21.58.33 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2011/09/06 21.58.33 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2011/09/06 21.50.01 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2011/09/06 21.50.01 | 000,045,312 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2011/07/24 13.19.57 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2010/07/14 23.28.58 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2010/02/11 08.38.10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 10.45.30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/15 22.53.12 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/03/15 22.53.12 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programmi\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/16 09.35.58 | 010,376,576 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007/07/15 02.37.04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PSTRIP)
DRV - [2006/11/10 14.08.50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/06/28 10.38.56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/06/18 22.47.44 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 05.09.26 | 004,284,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/05/09 20.08.40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2001/08/17 19.02.40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 19.02.32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 2A 26 17 92 15 CC 01 [binary data]
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{1C4F894A-2C09-42D6-98DA-D05699FF8487}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GUEA_it
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=545dc914000000000000001966057fbe&tlver=1.4.19.19&affID=17159
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GUEA_itIT432
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{78E9E484-4B70-4ECA-A53A-7CAA9294F8DE}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=FV&apn_dtid=YYYYYYNJIT&apn_uid=81789c30-7ba2-4542-a3ed-b7295759fa85&apn_sauid=C3FDD47B-E00B-4776-9EA5-A1AA01A7E130
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programmi\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Programmi\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programmi\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programmi\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programmi\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programmi\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Programmi\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/03/06 21.35.47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programmi\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/06 21.35.54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/11/16 09.48.01 | 000,000,000 | ---D | M]

[2012/03/24 12.40.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions
[2012/03/24 12.40.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2011/05/20 15.13.54 | 000,002,423 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - homepage: http://www.google.it/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programmi\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmi\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Talkpal Scriptable Plugin for Mozilla (Enabled) = C:\Programmi\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programmi\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AT_HedgehogInTheFog_v2 = C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\

O1 HOSTS File: ([2012/11/28 10.03.00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programmi\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PowerStrip] c:\Programmi\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1004..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E1A749-1B77-4EDA-95DA-AEA24706750D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD13BA9F-55D8-4726-A07D-C1CB574AC7B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD13BA9F-55D8-4726-A07D-C1CB574AC7B6}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/24 09.53.38 | 000,000,008 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 13.45.59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nino\Desktop\OTL.exe
[2012/11/28 10.12.12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/28 10.00.07 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/28 09.47.40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/27 21.59.45 | 005,007,302 | R--- | C] (Swearware) -- C:\Documents and Settings\Nino\Desktop\ComboFix.exe
[2012/11/27 17.46.56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/11/26 22.38.39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nino\Recent
[2012/11/26 21.14.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Menu Avvio\Programmi\AVS4YOU
[2012/11/26 21.13.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\AVS4YOU
[2012/11/26 21.13.29 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\windows\System32\libmfxsw32.dll
[2012/11/26 20.06.19 | 000,000,000 | ---D | C] -- C:\FFOutput
[2012/11/26 15.14.56 | 000,000,000 | ---D | C] -- C:\Documents
[2012/11/24 22.13.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Dati applicazioni\Epson
[2012/11/24 22.02.27 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\E_DCINST.DLL
[2012/11/24 22.02.24 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBHAE.DLL
[2012/11/24 22.02.24 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BHAE.DLL
[2012/11/24 22.01.10 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbccgp.sys
[2012/11/24 21.28.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\ABBYY
[2012/11/24 21.27.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\ABBYY FineReader 9.0 Sprint
[2012/11/24 21.24.54 | 000,000,000 | ---D | C] -- C:\Programmi\ABBYY FineReader 9.0 Sprint
[2012/11/24 21.24.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\ABBYY
[2012/11/24 21.24.53 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\ABBYY
[2012/11/24 21.23.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2012/11/24 21.18.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Epson Software
[2012/11/24 21.18.04 | 000,000,000 | ---D | C] -- C:\Programmi\Epson Software
[2012/11/24 21.17.18 | 000,475,496 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\ensppmon.dll
[2012/11/24 21.17.18 | 000,475,496 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\enppmon.dll
[2012/11/24 21.17.18 | 000,457,780 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\ensppui.dll
[2012/11/24 21.17.18 | 000,457,780 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\enppui.dll
[2012/11/24 21.17.18 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\enspres.dll
[2012/11/24 21.17.18 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\enpres.dll
[2012/11/24 21.17.17 | 000,000,000 | ---D | C] -- C:\Programmi\EpsonNet
[2012/11/24 21.16.58 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\EPSON
[2012/11/24 21.15.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2012/11/24 21.15.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\EPSON
[2012/11/24 21.15.26 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\eswiaud.dll
[2012/11/24 21.15.26 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\esdevapp.exe
[2012/11/24 21.15.26 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\windows\System32\escdev.dll
[2012/11/24 09.53.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\UltraWipe1.5.1
[2012/11/24 09.53.24 | 000,000,000 | ---D | C] -- C:\Programmi\RedStrike
[2012/11/24 09.50.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Defraggler
[2012/11/24 09.50.54 | 000,000,000 | ---D | C] -- C:\Programmi\Defraggler
[2012/11/22 17.36.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Dati applicazioni\avidemux
[2012/11/22 17.35.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avidemux
[2012/11/22 17.35.48 | 000,000,000 | ---D | C] -- C:\Programmi\Avidemux 2.6
[2012/11/20 19.05.49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nino\Desktop\HijackThis.exe
[2012/11/19 22.56.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Desktop\Stefan
[2012/11/19 22.53.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Desktop\FW Liteon
[2012/11/18 21.26.47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Menu Avvio\Programmi\FormatFactory
[2012/11/16 16.54.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Menu Avvio\Programmi\HiJackThis
[2012/11/16 16.54.50 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2012/11/16 16.42.10 | 000,000,000 | ---D | C] -- C:\Programmi\UPHClean
[2012/11/16 12.55.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Daring_Development_Inc
[2012/11/16 12.47.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nino\Desktop\Xbox Backup Creator v2.9.0.421
[2012/11/16 12.30.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Horizon
[2012/11/16 12.30.34 | 000,000,000 | ---D | C] -- C:\Programmi\Daring Development
[2012/11/16 09.47.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\ESET
[2012/11/16 09.47.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2012/11/16 09.40.12 | 000,000,000 | -HSD | C] -- C:\windows\CSC
[2012/11/15 21.24.40 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/11/15 21.24.40 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/11/15 21.24.40 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 13.46.11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nino\Desktop\OTL.exe
[2012/11/28 13.44.16 | 000,000,266 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2012/11/28 13.43.34 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/11/28 13.43.04 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/28 13.42.28 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/28 13.10.36 | 000,000,169 | -HS- | M] () -- C:\boot.ini
[2012/11/28 13.01.00 | 000,001,238 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
[2012/11/28 12.42.01 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/28 11.46.24 | 1827,309,568 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\La.figlia.del.poliziotto.ISO
[2012/11/28 10.03.00 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/27 22.48.58 | 001,013,134 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\ebook-nuovamagia-l'inizio.pdf
[2012/11/27 22.30.31 | 000,640,488 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\nuovomentalismo-l'inizio(2012).pdf
[2012/11/27 22.00.13 | 005,007,302 | R--- | M] (Swearware) -- C:\Documents and Settings\Nino\Desktop\ComboFix.exe
[2012/11/27 20.07.00 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\Google Chrome.lnk
[2012/11/27 17.48.03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/11/26 22.12.57 | 586,606,348 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\Derrick - 220 - L'uomo sotto la pioggia.avi
[2012/11/26 21.13.45 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\AVS Video Converter.lnk
[2012/11/26 18.50.29 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/25 16.24.55 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/11/24 23.40.42 | 000,000,000 | ---- | M] () -- C:\windows\EEventManager.INI
[2012/11/24 21.21.57 | 000,000,306 | ---- | M] () -- C:\windows\setup.iss
[2012/11/24 17.45.36 | 000,000,000 | ---- | M] () -- C:\uwstart.ini
[2012/11/24 09.53.38 | 000,000,008 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/11/24 09.53.38 | 000,000,000 | ---- | M] () -- C:\windows\PROTOCOL.INI
[2012/11/24 09.53.34 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ultra Wipe.lnk
[2012/11/24 09.50.57 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2012/11/23 17.22.44 | 000,001,006 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
[2012/11/23 17.22.43 | 000,000,984 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
[2012/11/22 17.36.01 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avidemux 2.6 (32-bit).lnk
[2012/11/21 18.51.53 | 000,019,916 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\CV Ficco Gioacchino.pdf
[2012/11/21 17.12.11 | 000,049,118 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\Domanda iscrizione Avvocati - prima iscrizione - Del.1610+tess.pdf
[2012/11/21 12.02.22 | 000,262,144 | ---- | M] () -- C:\windows\System32\default_user_class.dat
[2012/11/20 22.46.36 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinUtilities.lnk
[2012/11/20 22.44.56 | 000,000,131 | ---- | M] () -- C:\windows\System32\_WKERNEL.SYL
[2012/11/20 21.05.53 | 000,282,928 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/20 20.59.42 | 000,620,958 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2012/11/20 20.59.42 | 000,565,386 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/20 20.59.42 | 000,130,606 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2012/11/20 20.59.42 | 000,112,098 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/20 20.50.52 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Horizon.lnk
[2012/11/20 19.06.07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nino\Desktop\HijackThis.exe
[2012/11/18 21.26.48 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\Format Factory.lnk
[2012/11/18 21.12.05 | 487,531,596 | ---- | M] () -- C:\Documents and Settings\Nino\Desktop\183_Nessun.lieto.fine_Ispettore_Derrick.avi
[2012/11/17 17.05.10 | 000,000,038 | ---- | M] () -- C:\windows\AviSplitter.INI
[2012/11/16 22.24.13 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/16 16.37.55 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Nino\nomeacaso.CMD
[2012/11/15 22.00.20 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 00.38.17 | 000,099,080 | ---- | M] (COMODO) -- C:\windows\System32\drivers\inspect.sys
[2012/11/08 00.38.16 | 000,032,640 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdhlp.sys
[2012/11/08 00.38.14 | 000,497,952 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmdGuard.sys
[2012/11/08 00.38.13 | 000,018,096 | ---- | M] (COMODO) -- C:\windows\System32\drivers\cmderd.sys
[2012/11/08 00.37.35 | 000,034,024 | ---- | M] (COMODO) -- C:\windows\System32\cmdcsr.dll
[2012/11/08 00.37.34 | 000,301,264 | ---- | M] (COMODO) -- C:\windows\System32\guard32.dll
[2012/11/03 09.01.01 | 000,001,186 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 11.09.23 | 1827,309,568 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\La.figlia.del.poliziotto.ISO
[2012/11/27 22.48.58 | 001,013,134 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\ebook-nuovamagia-l'inizio.pdf
[2012/11/27 22.30.31 | 000,640,488 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\nuovomentalismo-l'inizio(2012).pdf
[2012/11/26 21.18.21 | 586,606,348 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\Derrick - 220 - L'uomo sotto la pioggia.avi
[2012/11/26 21.13.45 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\AVS Video Converter.lnk
[2012/11/24 23.40.42 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2012/11/24 21.21.50 | 000,000,306 | ---- | C] () -- C:\windows\setup.iss
[2012/11/24 17.45.36 | 000,000,000 | ---- | C] () -- C:\uwstart.ini
[2012/11/24 09.53.38 | 000,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI
[2012/11/24 09.53.34 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ultra Wipe.lnk
[2012/11/24 09.50.57 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2012/11/22 17.36.01 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avidemux 2.6 (32-bit).lnk
[2012/11/21 18.51.20 | 000,019,916 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\CV Ficco Gioacchino.pdf
[2012/11/21 17.12.11 | 000,049,118 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\Domanda iscrizione Avvocati - prima iscrizione - Del.1610+tess.pdf
[2012/11/18 21.26.48 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\Format Factory.lnk
[2012/11/18 20.55.21 | 487,531,596 | ---- | C] () -- C:\Documents and Settings\Nino\Desktop\183_Nessun.lieto.fine_Ispettore_Derrick.avi
[2012/11/17 09.27.34 | 000,282,928 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/16 22.31.53 | 000,262,144 | ---- | C] () -- C:\windows\System32\default_user_class.dat
[2012/11/16 16.37.55 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Nino\nomeacaso.CMD
[2012/11/16 12.30.37 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Horizon.lnk
[2012/11/04 19.08.26 | 000,001,006 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
[2012/11/04 19.08.25 | 000,000,984 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
[2012/09/10 10.47.55 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2012/04/02 11.15.10 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\Nino\Dati applicazioni\AutoGK.ini
[2012/04/02 10.19.18 | 000,000,313 | ---- | C] () -- C:\windows\IfoEdit.INI
[2012/04/02 10.05.17 | 000,000,133 | ---- | C] () -- C:\windows\VobEdit.INI
[2012/03/21 17.03.28 | 000,000,045 | ---- | C] () -- C:\windows\ErosR.ini
[2012/02/15 10.46.45 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/01/22 15.26.07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/22 15.26.07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/22 15.26.07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/22 15.26.07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/22 15.26.07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/03 08.28.06 | 002,570,286 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2011/12/05 22.04.00 | 000,059,904 | ---- | C] () -- C:\windows\System32\OpenVideo.dll
[2011/12/05 22.03.52 | 000,054,784 | ---- | C] () -- C:\windows\System32\OVDecode.dll
[2011/09/18 18.46.08 | 000,593,920 | ---- | C] () -- C:\windows\System32\ati2sgag.exe
[2011/09/18 16.36.31 | 000,000,059 | ---- | C] () -- C:\windows\WININIT.INI
[2011/09/11 18.37.40 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2011/09/08 08.51.08 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/01 13.10.00 | 000,110,080 | ---- | C] () -- C:\windows\System32\advd.dll
[2011/08/25 12.46.12 | 000,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2011/07/09 14.16.41 | 000,081,920 | ---- | C] () -- C:\windows\asr3232.dll
[2011/07/09 14.16.36 | 000,000,010 | ---- | C] () -- C:\windows\deamm.ini
[2011/06/27 15.48.24 | 000,000,035 | ---- | C] () -- C:\windows\hdd.ini
[2011/06/17 10.36.56 | 000,151,552 | ---- | C] () -- C:\windows\KMSEmulator.exe
[2011/06/15 19.52.49 | 000,331,263 | ---- | C] () -- C:\windows\LOOP.exe
[2011/06/15 16.07.56 | 000,037,192 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/06/07 12.35.24 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/06/03 14.51.19 | 000,000,069 | ---- | C] () -- C:\windows\System32\oledb.dll
[2011/05/30 16.12.30 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2011/05/28 20.34.26 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2011/05/22 21.22.47 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\Nino\default.pls
[2011/05/22 21.20.55 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011/05/22 19.28.58 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 10.10.17 | 000,023,508 | ---- | C] () -- C:\windows\System32\smtpctrs.ini
[2011/05/22 10.10.17 | 000,001,060 | ---- | C] () -- C:\windows\System32\ntfsdrct.ini
[2011/05/22 10.09.42 | 000,059,758 | ---- | C] () -- C:\windows\System32\w3ctrs.ini
[2011/05/22 10.09.42 | 000,014,796 | ---- | C] () -- C:\windows\System32\axperf.ini
[2011/05/22 10.09.40 | 000,017,676 | ---- | C] () -- C:\windows\System32\infoctrs.ini
[2011/05/20 20.34.59 | 000,835,584 | ---- | C] () -- C:\windows\vsnpstd3.exe
[2011/05/20 20.34.59 | 000,270,336 | ---- | C] () -- C:\windows\tsnpstd3.exe
[2011/05/20 20.34.58 | 000,015,498 | ---- | C] () -- C:\windows\snpstd3.ini
[2011/05/20 20.34.56 | 000,155,648 | ---- | C] ( ) -- C:\windows\System32\rsnpstd3.dll
[2011/05/20 20.34.56 | 000,057,344 | ---- | C] ( ) -- C:\windows\System32\vsnpstd3.dll
[2011/05/20 20.34.56 | 000,053,248 | ---- | C] ( ) -- C:\windows\System32\csnpstd3.dll
[2011/05/20 20.34.56 | 000,053,248 | ---- | C] ( ) -- C:\windows\csnpstd3.dll
[2011/05/18 21.29.32 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/05/18 20.30.25 | 000,004,253 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2011/05/18 20.24.20 | 000,135,168 | R--- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2011/05/18 20.24.20 | 000,040,960 | R--- | C] () -- C:\windows\System32\ChCfg.exe
[2011/05/18 20.17.02 | 000,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/05/18 19.49.24 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2011/05/18 19.49.01 | 000,667,136 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2011/05/18 19.36.32 | 000,021,840 | ---- | C] () -- C:\windows\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/05/18 19.37.19 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/07/16 23.13.31 | 001,740,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/07/14 23.25.17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

[GERONIMO*]

strano Combofix lo dava abilitato Armor Firewall
a limite vediamo dopo

Ora
Apri OTL
e copia/incolla tutto questo Script che vedi sotto nella finestra Custom Scans/Fixes
clicca su RUN FIX
Lascia finire la scansione
Riavvia il pc quando richiesto cliccando su Ok
Al Riavvio del pc trovi il log sul Desktop
postalo qui sul forum.

Codice: Seleziona tutto

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=545dc914000000000000001966057fbe&tlver=1.4.19.19&affID=17159
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{78E9E484-4B70-4ECA-A53A-7CAA9294F8DE}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=FV&apn_dtid=YYYYYYNJIT&apn_uid=81789c30-7ba2-4542-a3ed-b7295759fa85&apn_sauid=C3FDD47B-E00B-4776-9EA5-A1AA01A7E130
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2012/03/24 12.40.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions
[2012/03/24 12.40.05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2011/05/20 15.13.54 | 000,002,423 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-73586283-682003330-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [PowerStrip] c:\Programmi\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1004..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E1A749-1B77-4EDA-95DA-AEA24706750D}: NameServer = 176.31.229.24,176.31.229.25
[2012/11/26 18.50.29 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/25 16.24.55 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/11/23 17.22.44 | 000,001,006 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
[2012/11/23 17.22.43 | 000,000,984 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
[2012/11/04 19.08.26 | 000,001,006 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
[2012/11/04 19.08.25 | 000,000,984 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job

:Files
C:\Documents and Settings\Nino\nomeacaso.CMD
C:\windows\NeroDigital.ini
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

[Jack_84]

Ecco qui

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{78E9E484-4B70-4ECA-A53A-7CAA9294F8DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E9E484-4B70-4ECA-A53A-7CAA9294F8DE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions folder moved successfully.
Folder C:\Documents and Settings\Nino\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com\ not found.
C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PowerStrip deleted successfully.
c:\Programmi\PowerStrip\PStrip.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86E1A749-1B77-4EDA-95DA-AEA24706750D}\\NameServer| /E : value set successfully!
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\NeroDigital.ini moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job moved successfully.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job not found.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job not found.
========== FILES ==========
C:\Documents and Settings\Nino\nomeacaso.CMD moved successfully.
File\Folder C:\windows\NeroDigital.ini not found.
File\Folder C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Svuotata la cache del resolver DNS.
C:\Documents and Settings\Nino\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Nino\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User.WINDOWS.0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService.NT AUTHORITY

User: Nino
->Temp folder emptied: 2256 bytes
->Temporary Internet Files folder emptied: 3613597 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 363820141 bytes
->Flash cache emptied: 57425 bytes

User: Nino.MYPC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 110592 bytes
%systemroot%\System32 .tmp files removed: 2885 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 351,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Default User.WINDOWS.0

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Nino
->Java cache emptied: 0 bytes

User: Nino.MYPC

Total Java Files Cleaned = 0,00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS.0

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Nino
->Flash cache emptied: 0 bytes

User: Nino.MYPC

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11282012_173149

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[GERONIMO*]

aggiorna un po' la situazione
ancora lento lo spegnimento?

[Jack_84]

Mi piacerebbe dire che la situazione sia risolta...ma nada! Il problema persiste. E' davvero un grattacapi per intenditori!

[GERONIMO*]

umm. .forse ho capito il problema

procedi così
Fai clic su Start, quindi su Esegui.
Nella casella di testo Apri
scrivi appwiz.cpl e dai ok
In Programmi Aggiungi / Rimuovi, fai clic su Profilo utente dei servizi di Hive Cleanup, e clicca su Rimuovi.
conferma cliccando su Sì.
RIAVVIA IL PC

e fai sapere al prossimo spegnimento se hai risolto

se non hai risolto,ho un'altra pallottola da sparare,sperando che sia quella giusta perché dopo non e ho più

[Jack_84]

Mi spiace, devi sparare l'ultima cartuccia! Se può esserti di aiuto ribadisco che il problema si presenta dopo qualche 10/15 min di utilizzo del pc, mentre nelle immediatezze del riavvio sia la finestra per selezionare standby, spegni e ravvia sia lo spegnimento avvengono in maniera regolare!
Davvero è un mistero!

[GERONIMO*]

ok spariamo anche questa cartuccia
ti ho fatto disinstallare User Profile Hive Cleanup perché poteva essere corrotto e quindi poteva dare problemi
prova reinstallandolo
installa il file UPHClean-Setup.msi
http://www.microsoft.com/it-it/download ... px?id=6676

[Jack_84]

Niente di niente!!! E' assurdo.. Dai non preoccuparti, anzi ti ringrazio infinitamente per la tua disponibilità! Se dovesse venirti in mente qualcos'altro è ben accetto...ma ovviamente senza impegno. In ogni caso sei stato gentilissimo!

[GERONIMO*]

la colpa potrebbe essere di qualche programma
dimmi ESET e PowerDVD10 sono originali? o....
poi ricordi più o meno quando è sorto il problema? se dopo aver installato un programma?

fai anche un controllo del master boot record
http://www.MegaLab.it/8339/aswmbr-rilev ... u-ostinato