Esegui 
Antivir: Questo non e il log completo della scanzione ma una parte relativa a 2 avvisi che mi ha segnalato:
Avvio della scansione del file selezionati:
Inizia con la scansione di 'C:\'
C:\Windows\System32\sppcomapi.dll
[AVVISO] Impossibile aprire il file!
C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\sppcomapi.dll
[AVVISO] Impossibile aprire il file!
Inizia con la scansione di 'C:\'
C:\Windows\System32\sppcomapi.dll
[AVVISO] Impossibile aprire il file!
C:\Windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\sppcomapi.dll
[AVVISO] Impossibile aprire il file!
Combofix:
((((((((((((((((((((((((( Files Creati Da 2011-10-23 al 2011-11-23 )))))))))))))))))))))))))))))))))))
.
.
2011-11-23 13:00 . 2011-11-23 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 15:03 . 2011-11-22 15:03 -------- d-----w- c:\program files\Common Files\McAfee
2011-11-22 15:03 . 2011-11-23 10:42 -------- d-----w- c:\program files\McAfee
2011-11-22 15:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6732AB53-E146-4EE6-872B-F89861A7A255}\mpengine.dll
2011-11-22 11:27 . 2011-11-22 11:31 -------- d-----w- c:\program files\SpywareBlaster
2011-11-18 16:03 . 2011-11-18 16:17 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Ugolog
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\program files\Ugolog
2011-11-18 15:54 . 2011-11-18 15:54 -------- d-----w- c:\program files\PaperCut Print Logger
2011-11-17 14:59 . 2011-03-13 11:37 50176 ----a-w- c:\windows\system32\drivers\dataguard.sys
2011-11-17 14:59 . 2011-11-17 15:00 -------- d-----w- c:\program files\DataGuard
2011-11-16 22:30 . 2011-11-21 16:42 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\WFDS
2011-11-16 22:30 . 2009-07-14 04:16 163840 ----a-w- c:\windows\system32\temp.001
2011-11-16 22:30 . 2009-07-14 04:15 1386496 ----a-w- c:\windows\system32\temp.002
2011-11-16 22:30 . 2009-07-14 02:43 16896 ----a-w- c:\windows\system32\temp.000
2011-11-16 22:30 . 2004-03-09 10:00 609824 ----a-w- c:\windows\system32\Comctl32.ocx
2011-11-16 22:30 . 2011-11-16 22:30 -------- d-----w- c:\program files\Prevent Restore 3
2011-11-16 22:21 . 2011-11-16 22:21 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\JPEGsnoop
2011-11-16 22:10 . 2011-11-16 22:10 -------- d-----w- c:\program files\CCleaner
2011-11-16 15:13 . 2011-11-16 15:13 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Screaming Bee
2011-11-16 15:13 . 2011-11-16 15:13 -------- d-----w- c:\program files\Screaming Bee
2011-11-15 13:47 . 2011-11-15 14:04 -------- d-----w- c:\program files\Appnimi
2011-11-15 13:40 . 2011-11-15 13:40 -------- d-----w- c:\program files\FREE Word and Excel password recovery Wizard
2011-11-15 13:34 . 2011-11-15 13:34 -------- d-----w- c:\program files\Passware
2011-11-15 01:16 . 2011-11-15 01:16 -------- d-----w- c:\users\Dextero1.0\AppData\Local\Eraser 6
2011-11-15 00:40 . 2011-11-15 00:40 -------- d-----w- c:\program files\Eraser
2011-11-14 15:48 . 2011-11-14 15:51 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\TrueCrypt
2011-11-14 15:48 . 2011-11-14 15:48 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-11-14 15:48 . 2011-11-14 15:48 -------- d-----w- c:\program files\TrueCrypt
2011-11-14 15:33 . 2011-11-16 22:33 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\PrivateEye
2011-11-14 15:33 . 2011-11-16 22:33 -------- d-----w- c:\programdata\PrivateEye
2011-11-14 14:45 . 2011-11-14 14:45 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\KeePass
2011-11-14 12:44 . 2011-11-14 14:50 -------- d-----w- c:\program files\KeePass Password Safe
2011-11-10 13:26 . 2011-10-21 21:46 185480 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-11-10 13:26 . 2011-10-21 21:46 43656 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-11-10 13:25 . 2011-10-21 21:47 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-11-10 13:14 . 2010-12-13 14:36 21464 ----a-w- c:\windows\system32\NaBootMir.exe
2011-11-10 13:14 . 2010-02-24 16:16 512 ----a-w- c:\windows\MirDetected.bin
2011-11-10 13:14 . 2011-11-10 13:14 -------- d-----w- c:\program files\Wondershare
2011-11-10 13:14 . 2010-12-13 14:37 37016 ----a-w- c:\windows\system32\drivers\FolderHK.sys
2011-11-10 13:14 . 2010-12-13 14:36 28648 ----a-w- c:\windows\system32\drivers\MirDisk.sys
2011-11-10 13:14 . 2010-12-13 14:36 33896 ----a-w- c:\windows\system32\drivers\HKDirFlt.sys
2011-11-10 01:09 . 2011-11-10 01:09 -------- d-----w- c:\users\Dextero1.0\Backups
2011-11-10 00:31 . 2011-11-10 00:31 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Returnil
2011-11-10 00:30 . 2011-11-10 00:30 -------- d-----w- c:\programdata\Returnil
2011-11-09 12:05 . 2011-11-09 12:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-11-09 10:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 10:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:10 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 16:28 . 2011-11-08 16:28 -------- d-----w- c:\program files\TVdream
2011-11-08 14:31 . 2011-11-08 14:32 -------- d-----w- c:\program files\vShare.tv plugin
2011-11-07 13:58 . 2011-11-07 13:58 -------- d-----w- c:\programdata\HP Product Assistant
2011-11-07 13:56 . 2011-11-07 13:56 -------- d-----w- c:\program files\Common Files\HP
2011-11-07 13:30 . 2011-11-07 13:30 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\HpUpdate
2011-11-06 14:21 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-31 19:41 . 2011-10-31 19:41 -------- d-----w- c:\users\Dextero1.0\AppData\Local\Facebook
2011-10-26 20:34 . 2011-10-26 20:34 -------- d-----w- c:\program files\Common Files\Java
2011-10-26 12:08 . 2011-10-26 12:08 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 12:19 . 2011-09-14 11:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-21 21:46 . 2010-05-14 12:17 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-10-21 21:46 . 2010-05-14 12:17 39560 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-10-07 17:47 . 2011-06-30 07:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-06-30 07:38 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-06-30 07:38 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-06-30 07:38 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-06-30 07:37 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 03:06 . 2010-05-16 12:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-21 00:59 . 2011-09-21 00:59 388096 ----a-r- c:\users\Dextero1.0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-18 01:25 . 2011-09-17 14:22 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-09-18 01:25 . 2011-09-17 14:22 13824 ----a-w- c:\windows\system32\slwga.dll
2011-09-18 00:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-17 14:34 . 2011-09-17 14:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-17 14:34 . 2011-09-17 14:34 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-17 14:34 . 2011-09-17 14:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-17 14:34 . 2011-09-17 14:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-17 14:34 . 2011-09-17 14:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-17 14:34 . 2011-09-17 14:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-17 14:34 . 2011-09-17 14:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-17 14:34 . 2011-09-17 14:34 367104 ----a-w- c:\windows\system32\html.iec
2011-09-17 14:34 . 2011-09-17 14:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-17 14:34 . 2011-09-17 14:34 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-17 14:34 . 2011-09-17 14:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-17 14:34 . 2011-09-17 14:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-17 14:34 . 2011-09-17 14:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-17 14:34 . 2011-09-17 14:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-17 14:34 . 2011-09-17 14:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-17 14:34 . 2011-09-17 14:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-17 14:34 . 2011-09-17 14:34 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-17 14:34 . 2011-09-17 14:34 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-17 14:01 . 2011-09-17 14:01 53248 ----a-r- c:\users\Dextero1.0\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-14 11:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-01 02:35 . 2011-10-12 12:55 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 12:55 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 12:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 15:00 . 2011-09-21 00:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26 . 2011-10-12 12:03 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 12:03 233472 ----a-w- c:\windows\system32\oleacc.dll
2010-01-26 09:11 . 2011-09-14 14:00 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-11-09 22:41 . 2011-09-14 12:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-09-22 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2008-12-21 73728]
"Facebook Update"="c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-31 137536]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2011-10-12 1934336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 509224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BootNaMir"="c:\program files\Wondershare\Time Freeze\BootSP.exe" [2010-12-13 322152]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-21 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-21 743560]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"DataGuard"="c:\program files\DataGuard\Dataguard.exe" [2011-03-13 2208256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Matrix Screen Locker.lnk - c:\program files\BaroufaSoft\Matrix Screen Locker\matrix.exe [2006-1-29 539136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0NaBootMir
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dextero1.0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrazione prodotti.lnk]
backup=c:\windows\pss\Logitech . Registrazione prodotti.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-06-07 16:36 4393920 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 10:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-10 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
R1 DataGuard AntiKeylogger Kernel Service;DataGuard AntiKeylogger Kernel Service;c:\windows\system32\drivers\dataguard.sys [2011-03-13 50176]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-21 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-21 185480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
R2 PCPrintLogger;PaperCut Print Logger;c:\program files\PaperCut Print Logger\pcpl.exe PCPrintLogger [x]
R2 PrivateEyeService;PrivateEye Service; [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
R3 ALSysIO;ALSysIO;c:\users\Dextero1.0\AppData\Local\Temp\ALSysIO.sys [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-10-02 127488]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-16 22416]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-10-02 124416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84D0.tmp [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-08 47360]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-21 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-21 43656]
S0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [2010-12-13 33896]
S0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [2010-12-13 28648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308655561-2943522366-3363658282-1000Core.job
- c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 19:41]
.
2011-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308655561-2943522366-3363658282-1000UA.job
- c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 19:41]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 11:28]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 11:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: Interfaces\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\users\Dextero1.0\AppData\Roaming\Mozilla\Firefox\Profiles\gjks1e18.default\
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84D0.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-11-23 14:01:52
ComboFix-quarantined-files.txt 2011-11-23 13:01
ComboFix2.txt 2011-11-22 14:36
.
Pre-Run: 42.338.304.000 byte disponibili
Post-Run: 42.294.235.136 byte disponibili
.
- - End Of File - - EA949DCA6B4975E45E8314F76EB5B0EA
.
.
2011-11-23 13:00 . 2011-11-23 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 15:03 . 2011-11-22 15:03 -------- d-----w- c:\program files\Common Files\McAfee
2011-11-22 15:03 . 2011-11-23 10:42 -------- d-----w- c:\program files\McAfee
2011-11-22 15:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6732AB53-E146-4EE6-872B-F89861A7A255}\mpengine.dll
2011-11-22 11:27 . 2011-11-22 11:31 -------- d-----w- c:\program files\SpywareBlaster
2011-11-18 16:03 . 2011-11-18 16:17 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Ugolog
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\program files\Ugolog
2011-11-18 15:54 . 2011-11-18 15:54 -------- d-----w- c:\program files\PaperCut Print Logger
2011-11-17 14:59 . 2011-03-13 11:37 50176 ----a-w- c:\windows\system32\drivers\dataguard.sys
2011-11-17 14:59 . 2011-11-17 15:00 -------- d-----w- c:\program files\DataGuard
2011-11-16 22:30 . 2011-11-21 16:42 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\WFDS
2011-11-16 22:30 . 2009-07-14 04:16 163840 ----a-w- c:\windows\system32\temp.001
2011-11-16 22:30 . 2009-07-14 04:15 1386496 ----a-w- c:\windows\system32\temp.002
2011-11-16 22:30 . 2009-07-14 02:43 16896 ----a-w- c:\windows\system32\temp.000
2011-11-16 22:30 . 2004-03-09 10:00 609824 ----a-w- c:\windows\system32\Comctl32.ocx
2011-11-16 22:30 . 2011-11-16 22:30 -------- d-----w- c:\program files\Prevent Restore 3
2011-11-16 22:21 . 2011-11-16 22:21 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\JPEGsnoop
2011-11-16 22:10 . 2011-11-16 22:10 -------- d-----w- c:\program files\CCleaner
2011-11-16 15:13 . 2011-11-16 15:13 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Screaming Bee
2011-11-16 15:13 . 2011-11-16 15:13 -------- d-----w- c:\program files\Screaming Bee
2011-11-15 13:47 . 2011-11-15 14:04 -------- d-----w- c:\program files\Appnimi
2011-11-15 13:40 . 2011-11-15 13:40 -------- d-----w- c:\program files\FREE Word and Excel password recovery Wizard
2011-11-15 13:34 . 2011-11-15 13:34 -------- d-----w- c:\program files\Passware
2011-11-15 01:16 . 2011-11-15 01:16 -------- d-----w- c:\users\Dextero1.0\AppData\Local\Eraser 6
2011-11-15 00:40 . 2011-11-15 00:40 -------- d-----w- c:\program files\Eraser
2011-11-14 15:48 . 2011-11-14 15:51 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\TrueCrypt
2011-11-14 15:48 . 2011-11-14 15:48 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-11-14 15:48 . 2011-11-14 15:48 -------- d-----w- c:\program files\TrueCrypt
2011-11-14 15:33 . 2011-11-16 22:33 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\PrivateEye
2011-11-14 15:33 . 2011-11-16 22:33 -------- d-----w- c:\programdata\PrivateEye
2011-11-14 14:45 . 2011-11-14 14:45 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\KeePass
2011-11-14 12:44 . 2011-11-14 14:50 -------- d-----w- c:\program files\KeePass Password Safe
2011-11-10 13:26 . 2011-10-21 21:46 185480 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-11-10 13:26 . 2011-10-21 21:46 43656 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-11-10 13:25 . 2011-10-21 21:47 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-11-10 13:14 . 2010-12-13 14:36 21464 ----a-w- c:\windows\system32\NaBootMir.exe
2011-11-10 13:14 . 2010-02-24 16:16 512 ----a-w- c:\windows\MirDetected.bin
2011-11-10 13:14 . 2011-11-10 13:14 -------- d-----w- c:\program files\Wondershare
2011-11-10 13:14 . 2010-12-13 14:37 37016 ----a-w- c:\windows\system32\drivers\FolderHK.sys
2011-11-10 13:14 . 2010-12-13 14:36 28648 ----a-w- c:\windows\system32\drivers\MirDisk.sys
2011-11-10 13:14 . 2010-12-13 14:36 33896 ----a-w- c:\windows\system32\drivers\HKDirFlt.sys
2011-11-10 01:09 . 2011-11-10 01:09 -------- d-----w- c:\users\Dextero1.0\Backups
2011-11-10 00:31 . 2011-11-10 00:31 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\Returnil
2011-11-10 00:30 . 2011-11-10 00:30 -------- d-----w- c:\programdata\Returnil
2011-11-09 12:05 . 2011-11-09 12:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-11-09 10:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 10:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:10 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 16:28 . 2011-11-08 16:28 -------- d-----w- c:\program files\TVdream
2011-11-08 14:31 . 2011-11-08 14:32 -------- d-----w- c:\program files\vShare.tv plugin
2011-11-07 13:58 . 2011-11-07 13:58 -------- d-----w- c:\programdata\HP Product Assistant
2011-11-07 13:56 . 2011-11-07 13:56 -------- d-----w- c:\program files\Common Files\HP
2011-11-07 13:30 . 2011-11-07 13:30 -------- d-----w- c:\users\Dextero1.0\AppData\Roaming\HpUpdate
2011-11-06 14:21 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-31 19:41 . 2011-10-31 19:41 -------- d-----w- c:\users\Dextero1.0\AppData\Local\Facebook
2011-10-26 20:34 . 2011-10-26 20:34 -------- d-----w- c:\program files\Common Files\Java
2011-10-26 12:08 . 2011-10-26 12:08 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 12:19 . 2011-09-14 11:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-21 21:46 . 2010-05-14 12:17 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-10-21 21:46 . 2010-05-14 12:17 39560 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-10-07 17:47 . 2011-06-30 07:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-06-30 07:38 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-06-30 07:38 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-06-30 07:38 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-06-30 07:37 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 03:06 . 2010-05-16 12:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-21 00:59 . 2011-09-21 00:59 388096 ----a-r- c:\users\Dextero1.0\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-18 01:25 . 2011-09-17 14:22 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-09-18 01:25 . 2011-09-17 14:22 13824 ----a-w- c:\windows\system32\slwga.dll
2011-09-18 00:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-17 14:34 . 2011-09-17 14:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-17 14:34 . 2011-09-17 14:34 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-17 14:34 . 2011-09-17 14:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-17 14:34 . 2011-09-17 14:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-17 14:34 . 2011-09-17 14:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-17 14:34 . 2011-09-17 14:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-17 14:34 . 2011-09-17 14:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-17 14:34 . 2011-09-17 14:34 367104 ----a-w- c:\windows\system32\html.iec
2011-09-17 14:34 . 2011-09-17 14:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-17 14:34 . 2011-09-17 14:34 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-17 14:34 . 2011-09-17 14:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-17 14:34 . 2011-09-17 14:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-17 14:34 . 2011-09-17 14:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-17 14:34 . 2011-09-17 14:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-17 14:34 . 2011-09-17 14:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-17 14:34 . 2011-09-17 14:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-17 14:34 . 2011-09-17 14:34 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-17 14:34 . 2011-09-17 14:34 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-17 14:01 . 2011-09-17 14:01 53248 ----a-r- c:\users\Dextero1.0\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-14 11:02 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-01 02:35 . 2011-10-12 12:55 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 12:55 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 12:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 15:00 . 2011-09-21 00:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26 . 2011-10-12 12:03 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 12:03 233472 ----a-w- c:\windows\system32\oleacc.dll
2010-01-26 09:11 . 2011-09-14 14:00 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-11-09 22:41 . 2011-09-14 12:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-09-22 177712]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2008-12-21 73728]
"Facebook Update"="c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-31 137536]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2011-10-12 1934336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-10-23 509224]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BootNaMir"="c:\program files\Wondershare\Time Freeze\BootSP.exe" [2010-12-13 322152]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-21 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-21 743560]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"DataGuard"="c:\program files\DataGuard\Dataguard.exe" [2011-03-13 2208256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Matrix Screen Locker.lnk - c:\program files\BaroufaSoft\Matrix Screen Locker\matrix.exe [2006-1-29 539136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0NaBootMir
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dextero1.0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrazione prodotti.lnk]
backup=c:\windows\pss\Logitech . Registrazione prodotti.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-06-07 16:36 4393920 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 10:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-10 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]
R1 DataGuard AntiKeylogger Kernel Service;DataGuard AntiKeylogger Kernel Service;c:\windows\system32\drivers\dataguard.sys [2011-03-13 50176]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-21 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-21 185480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
R2 PCPrintLogger;PaperCut Print Logger;c:\program files\PaperCut Print Logger\pcpl.exe PCPrintLogger [x]
R2 PrivateEyeService;PrivateEye Service; [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
R3 ALSysIO;ALSysIO;c:\users\Dextero1.0\AppData\Local\Temp\ALSysIO.sys [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-10-02 127488]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-16 22416]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-10-02 124416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\84D0.tmp [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-08 47360]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-21 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-21 43656]
S0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [2010-12-13 33896]
S0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [2010-12-13 28648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308655561-2943522366-3363658282-1000Core.job
- c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 19:41]
.
2011-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308655561-2943522366-3363658282-1000UA.job
- c:\users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 19:41]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 11:28]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-14 11:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: Interfaces\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\users\Dextero1.0\AppData\Roaming\Mozilla\Firefox\Profiles\gjks1e18.default\
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\84D0.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-11-23 14:01:52
ComboFix-quarantined-files.txt 2011-11-23 13:01
ComboFix2.txt 2011-11-22 14:36
.
Pre-Run: 42.338.304.000 byte disponibili
Post-Run: 42.294.235.136 byte disponibili
.
- - End Of File - - EA949DCA6B4975E45E8314F76EB5B0EA
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:09:16, on 23/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BootNaMir] C:\Program Files\Wondershare\Time Freeze\BootSP.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [DataGuard] C:\Program Files\DataGuard\Dataguard.exe r
O4 - HKCU\..\Run: [iKill] "C:\Program Files\ArpanTECH\iKill\iKill.exe" -s
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KeePass Password Safe] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Matrix Screen Locker.lnk = C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Program Files\PaperCut Print Logger\pcpl.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 8878 bytes
Scan saved at 14:09:16, on 23/11/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BootNaMir] C:\Program Files\Wondershare\Time Freeze\BootSP.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [DataGuard] C:\Program Files\DataGuard\Dataguard.exe r
O4 - HKCU\..\Run: [iKill] "C:\Program Files\ArpanTECH\iKill\iKill.exe" -s
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dextero1.0\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KeePass Password Safe] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Matrix Screen Locker.lnk = C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{154DA280-FD5B-4489-A14F-A80451998430}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Program Files\PaperCut Print Logger\pcpl.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 8878 bytes
Attendo Vosta Risposta ;) Grazie.
![[MLI]](http://www.megalab.it/forum/images/smilies/mli.gif "MegaLab.it")
Power User.
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
Count rilevati: Trace.Registry.FreeMP3Player 2.2!A2