Esegui 
Potete aiutarmi?
Questi sono i log!!!!!
ComboFix 12-06-27.01 - Simone 28/06/2012 0:09.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3957.3299 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BFlix\BFLIx.dll
c:\program files (x86)\Freeze.com\NetAssistant\NeTAssistant.dll
c:\programdata\836035887
c:\users\Simone\AppData\Local\kjs.exe
c:\users\Simone\AppData\Local\rmc.exe
c:\users\Simone\AppData\Local\TempDIR
c:\users\Simone\AppData\Local\TempDIR\gteroot.cer
c:\users\Simone\AppData\Roaming\er_00_0_l.exe
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\Simone\AppData\Roaming\OfferBox
c:\users\Simone\AppData\Roaming\OfferBox\config.dat
c:\users\Simone\AppData\Roaming\OfferBox\config.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-27 al 2012-06-27 )))))))))))))))))))))))))))))))))))
.
.
2012-06-27 22:18 . 2012-06-27 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 20:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-26 20:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-26 20:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-26 20:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 20:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-26 20:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-26 20:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 20:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-26 20:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 10:25 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-06-25 10:25 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-25 10:23 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-25 10:23 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-25 10:23 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-25 10:23 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-25 10:23 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-25 10:23 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-25 10:23 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-25 10:23 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-25 10:23 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-25 10:23 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-25 10:23 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-25 10:23 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-24 09:30 . 2012-06-24 09:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 09:30 . 2012-06-24 09:30 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\users\Simone\AppData\Local\CRE
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\program files (x86)\uTorrentBar_IT
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\users\Simone\AppData\Local\Vid-Saver
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\program files (x86)\Vid-Saver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 09:37 . 2011-07-19 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-17 2937528]
"Octoshape Streaming Services"="c:\users\Simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Facebook Update"="c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-16 137536]
"Smad"="c:\users\Simone\AppData\Local\SanctionedMedia\Smad\Smad.exe" [2012-01-07 37376]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-23 1021840]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2011-07-17 1233856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-09-07 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2010-09-07 35536]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-09-07 308136]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 09:37]
.
2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709213712-2997917257-546561985-1000Core.job
- c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 00:57]
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709213712-2997917257-546561985-1000UA.job
- c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 00:57]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 13:39]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"combofix"="c:\combofix\CF11062.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\users\Simone\Desktop\PartyPoker.it.lnk
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\4554C4F42554051425F4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\5534D4D234F4E474255435F4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\75966496432363433363: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\75C414E4F58343: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\C6160226F64656765796C6C6160246560296E616B696: NameServer = 208.67.222.222,208.67.220.220
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.uam.es/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100995&ba ... e4008e3980
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b845716800000000000078e4008e3980
FF - user.js: extensions.BabylonToolbar_i.hardId - b845716800000000000078e4008e3980
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15364
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-28 00:34:05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-27 22:34
.
Pre-Run: 224.224.522.240 byte disponibili
Post-Run: 226.250.534.912 byte disponibili
.
- - End Of File - - F2802F5DF4B0A1F60ED51DECD56349B1
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3957.3299 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BFlix\BFLIx.dll
c:\program files (x86)\Freeze.com\NetAssistant\NeTAssistant.dll
c:\programdata\836035887
c:\users\Simone\AppData\Local\kjs.exe
c:\users\Simone\AppData\Local\rmc.exe
c:\users\Simone\AppData\Local\TempDIR
c:\users\Simone\AppData\Local\TempDIR\gteroot.cer
c:\users\Simone\AppData\Roaming\er_00_0_l.exe
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\extensions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\Simone\AppData\Roaming\OfferBox
c:\users\Simone\AppData\Roaming\OfferBox\config.dat
c:\users\Simone\AppData\Roaming\OfferBox\config.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-27 al 2012-06-27 )))))))))))))))))))))))))))))))))))
.
.
2012-06-27 22:18 . 2012-06-27 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 20:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-26 20:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-26 20:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-26 20:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 20:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-26 20:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-26 20:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 20:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-26 20:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 10:25 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-06-25 10:25 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-25 10:23 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-25 10:23 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-25 10:23 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-25 10:23 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-25 10:23 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-25 10:23 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-25 10:23 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-25 10:23 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-25 10:23 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-25 10:23 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-25 10:23 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-25 10:23 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-24 09:30 . 2012-06-24 09:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 09:30 . 2012-06-24 09:30 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\users\Simone\AppData\Local\CRE
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\program files (x86)\uTorrentBar_IT
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\users\Simone\AppData\Local\Vid-Saver
2012-06-23 08:37 . 2012-06-23 08:37 -------- d-----w- c:\program files (x86)\Vid-Saver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 09:37 . 2011-07-19 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-17 2937528]
"Octoshape Streaming Services"="c:\users\Simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Facebook Update"="c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-16 137536]
"Smad"="c:\users\Simone\AppData\Local\SanctionedMedia\Smad\Smad.exe" [2012-01-07 37376]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-23 1021840]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2011-07-17 1233856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-09-07 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2010-09-07 35536]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-09-07 308136]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 09:37]
.
2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709213712-2997917257-546561985-1000Core.job
- c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 00:57]
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709213712-2997917257-546561985-1000UA.job
- c:\users\Simone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 00:57]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 13:39]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3217056]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"combofix"="c:\combofix\CF11062.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\users\Simone\Desktop\PartyPoker.it.lnk
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\4554C4F42554051425F4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\5534D4D234F4E474255435F4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\75966496432363433363: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\75C414E4F58343: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9EE304F0-69CD-4321-8F8C-5C3BA58021E1}\C6160226F64656765796C6C6160246560296E616B696: NameServer = 208.67.222.222,208.67.220.220
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.uam.es/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\ejaxetd8.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100995&ba ... e4008e3980
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b845716800000000000078e4008e3980
FF - user.js: extensions.BabylonToolbar_i.hardId - b845716800000000000078e4008e3980
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15364
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-28 00:34:05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-27 22:34
.
Pre-Run: 224.224.522.240 byte disponibili
Post-Run: 226.250.534.912 byte disponibili
.
- - End Of File - - F2802F5DF4B0A1F60ED51DECD56349B1
