www.MegaLab.it

[lagunas]

Salve a tutti,
Come ho letto da altri post non sono l'unico ad avere un problema dell'apertura delle pagine in automatiche di pubblicità .
Come antivirus ho NOD32 sempre aggiornato e Malwarebytes idem ,uso spesso ccleaner, nonostante questo mi son beccato qualche virus o casa del genere che mi fa aprire le pubblicità...... ho provato ad usare .
adesso vi pubblico il log, se riuscite a darmi una mano mi fareste una cortesia . Grazie mille ragazzi, infine sarei curioso di capire come fate a interpretare il log.

ComboFix 13-01-31.03 - PR7 01/02/2013 12:24:28.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4091.1794 [GMT 1:00]
Eseguito da: c:\users\PR7\Desktop\programmi utili per disinfettare il pc\ComboFix_13-01-28.01.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-01 al 2013-02-01 )))))))))))))))))))))))))))))))))))
.
.
2013-02-01 11:31 . 2013-02-01 11:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-01 11:31 . 2013-02-01 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 11:21 . 2013-02-01 11:21 -------- d-----w- c:\programdata\HitmanPro
2013-02-01 00:15 . 2013-02-01 00:15 -------- d-----w- c:\windows\system32\SPReview
2013-02-01 00:14 . 2013-02-01 00:14 -------- d-----w- c:\windows\system32\EventProviders
2013-02-01 00:13 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A97A08C5-6D66-4C9F-A049-B00D664D5579}\mpengine.dll
2013-01-31 23:45 . 2013-01-31 23:45 -------- d-----w- c:\users\PR7\AppData\Roaming\LavasoftStatistics
2013-01-31 23:35 . 2013-01-31 23:35 -------- d-----w- c:\users\PR7\AppData\Local\adawarebp
2013-01-31 23:35 . 2013-01-31 23:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-01-31 23:34 . 2013-01-31 23:34 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-01-31 23:26 . 2013-01-31 23:26 -------- d-----w- c:\users\PR7\AppData\Roaming\Ad-Aware Antivirus
2013-01-31 15:50 . 2013-01-31 15:50 388096 ----a-r- c:\users\PR7\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-31 15:50 . 2013-01-31 15:50 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-31 14:24 . 2013-01-31 14:24 -------- d-----w- c:\users\PR7\AppData\Roaming\Softland
2013-01-31 14:24 . 2012-10-03 11:50 25480 ----a-w- c:\windows\system32\dopdfmn7.dll
2013-01-31 14:24 . 2012-10-03 11:50 20872 ----a-w- c:\windows\system32\dopdfmi7.dll
2013-01-31 14:23 . 2010-02-05 14:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-01-31 14:23 . 2013-01-31 14:23 -------- d-----w- c:\program files\Softland
2013-01-31 14:19 . 2013-01-31 14:19 -------- d-----w- c:\program files (x86)\XPS Annotator
2013-01-31 14:04 . 2013-01-31 14:06 -------- d-----w- c:\program files (x86)\PDF24
2013-01-31 12:53 . 2009-10-22 14:55 643200 ----a-w- c:\windows\system32\hpzids40.dll
2013-01-31 12:53 . 2009-09-11 07:44 1408000 ----a-w- c:\windows\system32\hpost_p04b.dll
2013-01-31 12:53 . 2009-09-11 07:44 1175552 ----a-w- c:\windows\system32\hposwia_p04b.dll
2013-01-31 12:53 . 2009-09-11 07:44 521216 ----a-w- c:\windows\system32\hposc_p04a.dll
2013-01-29 16:17 . 2013-01-29 16:17 -------- d-----w- c:\program files (x86)\PDF Password Remover v2.5
2013-01-26 21:51 . 2013-01-26 21:51 -------- d-----w- c:\users\PR7\AppData\Local\Max Secure Software
2013-01-26 21:49 . 2013-01-31 14:18 -------- d-----w- c:\users\PR7\AppData\Roaming\GetRightToGo
2013-01-26 21:32 . 2012-12-19 13:48 237992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-01-26 21:32 . 2012-12-19 13:47 120232 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-01-26 21:32 . 2013-01-26 21:32 -------- d-----w- c:\program files\Oracle
2013-01-23 17:26 . 2013-01-23 17:26 -------- d-----w- c:\users\PR7\AppData\Roaming\redsn0w
2013-01-23 17:08 . 2013-01-23 17:09 -------- d-----w- c:\users\PR7\.shsh
2013-01-23 07:59 . 2013-01-31 15:34 -------- d-----w- C:\Downloads
2013-01-23 07:59 . 2013-01-31 23:18 -------- d-----w- c:\users\PR7\AppData\Roaming\Free Download Manager
2013-01-23 07:58 . 2013-01-23 07:58 -------- d-----w- c:\program files (x86)\Free Download Manager
2013-01-22 15:46 . 2013-01-22 16:49 -------- d-----w- c:\users\PR7\.digiSigner
2013-01-22 15:46 . 2013-01-22 15:46 -------- d-----w- c:\program files (x86)\DigiSigner
2013-01-19 16:22 . 2010-12-01 08:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-01-18 17:27 . 2013-01-25 12:43 -------- d-----w- c:\programdata\eMule
2013-01-18 17:26 . 2013-01-19 12:07 -------- d-----w- c:\program files (x86)\lsm
2013-01-17 21:37 . 2009-01-28 10:52 142337 ----a-w- c:\windows\SysWow64\Wait.exe
2013-01-17 21:37 . 2013-01-17 21:37 -------- d-----w- c:\program files (x86)\WinTV
2013-01-17 21:37 . 2013-01-17 21:37 -------- d-----w- c:\users\Public\WinTV
2013-01-17 21:37 . 2009-08-05 09:09 106552 ----a-w- c:\windows\SysWow64\hcwi2c32.dll
2013-01-17 21:37 . 2009-02-10 23:00 307256 ----a-w- c:\windows\SysWow64\hcwpnp32.dll
2013-01-17 21:37 . 2004-06-08 05:03 36921 ----a-w- c:\windows\SysWow64\hcwutl32.dll
2013-01-17 15:56 . 2013-01-17 15:56 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2013-01-17 15:55 . 2013-01-24 15:11 -------- d-----w- c:\program files (x86)\Connectify
2013-01-17 15:55 . 2013-01-17 20:38 -------- d-----w- c:\programdata\Connectify
2013-01-17 15:24 . 2013-01-17 15:24 -------- d-----w- c:\users\PR7\AppData\Local\ESET
2013-01-12 21:32 . 2013-01-12 21:32 -------- d-----w- c:\users\PR7\AppData\Local\CyberLink
2013-01-12 21:32 . 2013-01-12 21:32 -------- d-----w- c:\users\PR7\AppData\Local\Acer Arcade Deluxe
2013-01-12 21:32 . 2013-01-12 21:32 -------- d-----w- c:\users\PR7\AppData\Roaming\SoftDMA
2013-01-12 21:31 . 2013-01-12 21:31 -------- d-----w- c:\users\PR7\AppData\Local\PlayMovie
2013-01-11 11:49 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-11 11:47 . 2012-12-07 03:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-11 11:43 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-01-11 11:43 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-11 11:42 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll
2013-01-11 11:42 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll
2013-01-11 11:42 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-11 11:42 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-11 11:42 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-11 11:42 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-11 11:33 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll
2013-01-11 11:33 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-10 22:57 . 2013-01-10 22:57 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-01-10 18:00 . 2013-01-10 18:00 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-01-10 18:00 . 2013-01-10 18:00 -------- d-----w- c:\windows\system32\wbem\en-US
2013-01-07 20:00 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2013-01-07 16:41 . 2012-07-26 08:00 2560 ----a-w- c:\windows\system32\drivers\it-IT\wdf01000.sys.mui
2013-01-07 16:41 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-07 16:41 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-07 16:41 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-07 16:35 . 2013-01-07 16:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-01-07 13:40 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-07 13:40 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-07 13:39 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2013-01-07 13:39 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-01-07 13:38 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
2013-01-07 13:38 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2013-01-07 13:38 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
2013-01-07 13:38 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccr32.dll
2013-01-07 13:38 . 2011-06-15 09:58 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2013-01-07 13:38 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2013-01-07 13:38 . 2011-06-15 09:04 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2013-01-07 13:38 . 2011-06-15 09:04 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2013-01-07 13:38 . 2011-06-15 09:04 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2013-01-07 13:38 . 2011-06-15 09:04 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2013-01-07 13:38 . 2011-06-15 09:04 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2013-01-07 13:36 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-07 13:36 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-07 13:34 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2013-01-07 13:34 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-07 13:34 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-07 13:34 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-01-07 13:32 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2013-01-07 13:32 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2013-01-07 13:32 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2013-01-07 13:32 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2013-01-07 13:32 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2013-01-07 13:32 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2013-01-07 13:32 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2013-01-07 13:31 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-01-07 13:31 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-01-07 13:21 . 2013-01-07 13:21 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-07 13:21 . 2013-01-07 13:21 -------- d-----w- c:\windows\system32\Wat
2013-01-07 01:15 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2013-01-07 01:15 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2013-01-07 01:03 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2013-01-07 01:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2013-01-07 00:50 . 2013-01-11 19:25 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-07 00:47 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-07 00:30 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-07 00:30 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-07 00:30 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-07 00:30 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-07 00:30 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-01-07 00:30 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-01-07 00:29 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-07 00:29 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-07 00:29 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-07 00:29 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-07 00:29 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-07 00:29 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 19:05 . 2012-11-13 16:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-01-21 11:49 . 2012-11-14 21:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-01-17 16:58 . 2012-11-13 16:12 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-15 20:32 . 2012-11-13 12:09 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-15 20:32 . 2012-11-13 12:09 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-14 17:41 . 2012-11-17 18:29 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-19 13:47 . 2012-12-19 13:47 204200 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 13:47 . 2012-12-19 13:47 146856 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 13:47 . 2012-12-19 13:47 132008 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-14 15:49 . 2012-11-13 10:47 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:56 . 2013-01-11 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-21 16:33 . 2012-11-21 16:33 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-21 16:33 . 2012-11-13 08:38 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-11-16 12:56 . 2012-11-16 12:56 209808 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-11-14 21:30 . 2012-11-14 21:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-14 21:30 . 2012-11-14 21:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 21:30 . 2012-11-14 21:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-13 08:48 . 2012-11-13 08:48 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\qwavedrv.sys.mui
2012-11-13 08:48 . 2012-11-13 08:48 49152 ----a-w- c:\windows\SysWow64\drivers\it-IT\tcpip.sys.mui
2012-11-13 08:48 . 2012-11-13 08:48 30720 ----a-w- c:\windows\SysWow64\drivers\it-IT\bfe.dll.mui
2012-11-13 08:48 . 2012-11-13 08:48 16384 ----a-w- c:\windows\SysWow64\drivers\it-IT\pacer.sys.mui
2012-11-13 08:48 . 2012-11-13 08:48 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\scfilter.sys.mui
2012-11-13 08:48 . 2012-11-13 08:48 6144 ----a-w- c:\windows\SysWow64\drivers\it-IT\ndiscap.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\PR7\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-22 138096]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-11-09 4013928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1200136]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-10-25 162408]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2013-1-17 117344]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2013-1-4 1654784]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2013-1-17 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Log S.M.;Log Session Manager;c:\program files (x86)\lsm\lsm.exe [2013-01-18 375296]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-07-06 658432]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-07-06 19456]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-07 1255736]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2013-01-17 31344]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-11-16 209808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 AUS;Auto Update Service;c:\program files (x86)\lsm\aus.exe [2013-01-05 287744]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-11-09 65536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-16 913184]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-03-26 212256]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-07-21 6656]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2009-07-21 25088]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 20:32]
.
2013-01-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1066686986-874654785-2764199002-1000Core.job
- c:\users\PR7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-22 16:12]
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1066686986-874654785-2764199002-1000UA.job
- c:\users\PR7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-22 16:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-16 4090824]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{FC1953FB-861E-49F6-A6B3-4D6615CE4703}: NameServer = 192.168.88.1
FF - ProfilePath - c:\users\PR7\AppData\Roaming\Mozilla\Firefox\Profiles\4gqaro7w.default\
FF - prefs.js: browser.startup.homepage - hxxp://xdcc.it/
FF - ExtSQL: 2013-01-31 14:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-01-31 14:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-02-01 12:34:24
ComboFix-quarantined-files.txt 2013-02-01 11:34
ComboFix2.txt 2013-02-01 09:55
.
Pre-Run: 156.562.288.640 byte disponibili
Post-Run: 156.490.059.776 byte disponibili
.
- - End Of File - - 34F37D921F99D3E01F49B3D00A530061

[crazy.cat]

Spero che non hai fatto peggio ad usare combofix viewtopic.php?f=33&t=80502

Mi posti il log di hijackthis che mi piace di più.

[lagunas]

Grazie dell'interessamento :-)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:02, on 01/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\lsm\lsm.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\MiniLyrics\MiniLyrics.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\PR7\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t58j1y330
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC1953FB-861E-49F6-A6B3-4D6615CE4703}: NameServer = 192.168.88.1
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\lsm\aus.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Log Session Manager (Log S.M.) - MS - C:\Program Files (x86)\lsm\lsm.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13680 bytes

Ecco fatto :-)

[lagunas]

Spero che non hai fatto peggio ad usare combofix viewtopic.php?f=33&t=80502

Mi posti il log di hijackthis che mi piace di più.

Per fortuna non sono stato infettato... mi è andata bene.

[crazy.cat]

Nei due log non è che si veda molto di strano, potresti però analizzare questi due file sul sito www.virtustotal.com e vedere se sono pericolosi.
C:\Program Files (x86)\lsm\lsm.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\lsm\aus.exe

Controlla nella lista dei programmi installati se trovi qualche software che non conosci, non vorrei che hai installato qualche programmino gratuito che ti ha aggiunto qualcosa di strano, se hai dei dubbi posta pure i nomi dei programmi.

Prova anche questo http://support.kaspersky.com/downloads/ ... killer.exe anche se non sembrano esserci rootkit.

Che browser usi per navigare?

[lagunas]

Ciao :-) . Utilizzo firefox , inizialmente avevo provato a disinstallarlo ma era la stessa cosa;
poi ho elkiminato un poco di applicazioni che ho installato ultimamente.
Il programma di kaspersky non ha rilevato file pericolosi.
Come hai fatto a trovare quei 2 file ?
la scansione con virustotal ha rilevato :
# CAT-QuickHeal (Suspicious) - DNAScan
SHA256: c0b816b4edb36e080d251f3537e60f3bda4ba5f6411c54f27ab0b6e12507fe13
SHA256: a9b3695e21b5ec436a734dda9818817723d4694acc91bd13c4bfb96e2bab0918
Ti ringrazio dell'aiuto.

Grazie dell'aiuto e soprattutto grazie di avermi indicato quel sito ;-)
Stranamente adesso nn mi si stanno aprendo pubblicità . Li elimino quei 2 file ?

[crazy.cat]

poi ho elkiminato un poco di applicazioni che ho installato ultimamente.
Stranamente adesso nn mi si stanno aprendo pubblicità

Ormai moltissimi programmi gratuiti sono accompagnati dallo sponsor, magari hai rimosso uno di quelli e hai tolto lo sponsor che mostrava le pubblicità

Come hai fatto a trovare quei 2 file ?

Guardando nel log, poi cercandoli su google, erano molto diffusi ma non era chiaro di cosa si trattava, per quello ti ho detto di farli analizzare.

Li elimino quei 2 file ?

no.

[lagunas]

ANCORA ADESSO non mi si aprono piu' pubblicità. Mi sei stato moltissimo d'aiuto grazie, fino ad ora non conoscevo la presenza di sistemi di analisi come hijack, poi a quanto pare ci sono anche dei siti che ti analizzano in automatico il file log :-).Visto che il problema è risolto devo chiudere il post ??

[crazy.cat]

Visto che il problema è risolto devo chiudere il post ??

Tu non puoi chiuderlo, li lasciamo sempre aperti.