www.MegaLab.it

[scassaminchia]

sono un paio di gg che ho la ventola a palla, mi sono reso conto che il motivo è la cpu che lavora ma nei processi ci sono i soliti.
firefox, flash plugin, 12 processi di svchost (tengo molte pagine aperte di firefox forse è x quello), il processo di inattività del sistema è molto alto stranamente sui 30%.
ho fatto scansione approfondita con avira free mi dice trovato processo sospetto, riavviare scansione e poi non trova nulla. Se vado nella descrizione del problema dice che potrebbe essere nulla anche il nero installato e io ce l'ho.
Scansione con spybot mi trova 9 problemi di quelli soliti, nulla di speciale.
bò c'è quaLCHE altra prova da a fare?
W7 premium a 64 su amd acer 722

[hashcat]

Una scansione con Hitman Pro.
Se vengono rilevate minacce, rimuovile. Posta il log della scansione.

[scassaminchia]

allora dice numero di minacce 0 tracce 78 ecco il log che ne dici? ma allora così che mi impegna la cpu? forse qualche aggiornamento e processo invasivo di Windows o non sò

Codice: Seleziona tutto

HitmanPro 3.6.1.164
www.hitmanpro.com

   Computer name . . . . : NAME-9788F
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : name-9788f\aaa
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-10-07 21:05:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 78

   Objects scanned . . . : 1.263.484
   Files scanned . . . . : 16.200
   Remnants scanned  . . : 229.607 files / 1.017.677 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004174E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA800407C2C0 +0
   Solution
      DriverObject . . . : FFFFFA8004174E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF880011D54D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Cookies _____________________________________________________________________

   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediaon.it
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.rcs.it
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:banners.sexfinder.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:br.rk.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:creatives.livejasmin.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:drunksexorgy.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:facileit.solution.weborama.fr
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:gallys.rk.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:oase00821.247realmedia.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\38OGNLRC.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\BCTK9RA6.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\SHS7BFLX.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\SKB2Q65K.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\UYD9XGFK.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\Y2FJZVLG.txt
   C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Cookies\YJZDJJKF.txt
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:247realmedia.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:2o7.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ad.360yield.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ad.payclick.it
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ad.zanox.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:adbrite.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ads.undertone.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:adtech.de
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:adtechus.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:advertising.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:adviva.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:apmebf.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:atdmt.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:autoscout24.112.2o7.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:calumetphoto.122.2o7.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:casalemedia.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:dmtracker.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:doubleclick.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:eas8.emediate.eu
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:fastclick.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:fl01.ct2.comclick.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:invitemedia.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:mediaplex.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:revsci.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ru4.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:smartadserver.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:specificclick.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:statcounter.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:track.adform.net
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:track.effiliation.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:track.zalando.it
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:tradedoubler.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:tribalfusion.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:www.adtechus.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:www.googleadservices.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:xiti.com
   C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\cookies.sqlite:yieldmanager.net




[hashcat]

Scarica DDS, eseguilo e posta i due log che verranno generati.

P.S.: Ultimamente hai installato / rimosso programmi?

[hashcat]

Già che ci sei, effettua anche un controllo con FRST, avvialo, rispondi yes e premi scan.
Al termine della scansione verrà generato il file di log FRST.txt (che devi postare).

[scassaminchia]

innanzi tutto ti ringrazio molto


allora ecco ho fatto e posto, che ne pensi è grave?(c'è 1 file di testo che si chiama attach che non aggiunto devo?):

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by aaa at 21:44:19 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3819.2195 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acer\Acer VCM\Vc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\aaa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\aaa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MOONTOOL.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 139.191.1.151 139.191.1.146
TCP: Interfaces\{934EE9E6-2DA9-47B0-A3A8-68CAE5B28A49} : DhcpNameServer = 139.191.1.151 139.191.1.146
TCP: Interfaces\{A111ECFF-3868-4A0B-AE77-7E10E0E44FD8} : DhcpNameServer = 150.200.3.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aaa\AppData\Roaming\Mozilla\Firefox\Profiles\kmbaz13b.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aaa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\aaa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\aaa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys C:\Windows\system32\DRIVERS\NBVol.sys
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys C:\Windows\system32\DRIVERS\NBVolUp.sys
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys C:\Windows\system32\DRIVERS\avkmgr.sys
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys C:\Windows\system32\DRIVERS\vwififlt.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atiesrxx.exe
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-23 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-23 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-9-16 105120]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys C:\Windows\system32\DRIVERS\avgntflt.sys
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe C:\Windows\system32\CxAudMsg64.exe
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-19 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-2-25 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-19 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe [2012-5-24 36864]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-10-19 260640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-24 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys C:\Windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys C:\Windows\system32\drivers\AtihdW76.sys
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys C:\Windows\system32\DRIVERS\btath_bus.sys
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys C:\Windows\system32\DRIVERS\ETD.sys
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys C:\Windows\system32\DRIVERS\L1C62x64.sys
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys C:\Windows\system32\DRIVERS\usbfilter.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-23 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-24 250288]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys C:\Windows\system32\DRIVERS\btath_flt.sys
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys C:\Windows\system32\drivers\btath_a2dp.sys
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys C:\Windows\system32\drivers\btath_avdt.sys
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys C:\Windows\system32\DRIVERS\btath_hcrp.sys
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys C:\Windows\system32\DRIVERS\btath_lwflt.sys
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys C:\Windows\system32\DRIVERS\btath_rcp.sys
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys C:\Windows\system32\DRIVERS\btfilter.sys
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-23 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 114144]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys C:\Windows\system32\drivers\ccdcmbox64.sys
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys C:\Windows\system32\drivers\ccdcmbx64.sys
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys C:\Windows\system32\Drivers\RtsUStor.sys
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys C:\Windows\system32\DRIVERS\rtl8187.sys
S3 Samsung UPD Service2;Samsung UPD Service2;"C:\Windows\System32\SUPDSvc2.exe" C:\Windows\System32\SUPDSvc2.exe
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys C:\Windows\system32\drivers\TsUsbGD.sys
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe C:\Windows\system32\Wat\WatAdminSvc.exe
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-07 19:04:05 -------- d-----w- C:\Program Files\HitmanPro
2012-10-07 19:03:50 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-25 19:20:33 -------- d-----w- C:\Program Files\WinHTTrack
2012-09-17 19:41:18 -------- d-----w- C:\Users\aaa\AppData\Local\Diagnostics
2012-09-11 22:00:38 -------- d-----w- C:\Users\aaa\.thumbnails
2012-09-10 20:10:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-09-25 19:10:14 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 19:10:14 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-03 20:03:50 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 20:03:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-03 20:03:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-14 06:16:33 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:46:07,68 ===============
-------------------------------------------------------------------------------------------------------------------------------------------FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012
Ran by aaa at 08-10-2012 21:51:03
Running from C:\Users\aaa\Desktop
Service Pack 1 (X64) OS Language: Italian Standard
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-08 21:50 - 2012-10-08 21:50 - 01456397 ____A (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2012-10-08 21:43 - 2012-10-08 21:44 - 00607260 ____R (Swearware) C:\Users\aaa\Desktop\dds.com
2012-10-07 21:19 - 2012-10-07 21:19 - 00017860 ____A C:\Users\aaa\Desktop\HitmanPro_20121007_2119.log
2012-10-07 21:19 - 2012-10-07 21:19 - 00017860 ____A C:\Users\aaa\Desktop\HitmanPro_20121007_2118.log
2012-10-07 21:05 - 2012-10-07 21:05 - 00001903 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-10-07 21:04 - 2012-10-07 21:05 - 00000000 ____D C:\Program Files\HitmanPro
2012-10-07 21:03 - 2012-10-07 21:05 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-10-07 21:00 - 2012-10-07 21:00 - 08864168 ____A (SurfRight B.V.) C:\Users\aaa\Desktop\HitmanPro36_x64.exe
2012-09-29 19:11 - 2012-09-29 19:12 - 00000000 ____D C:\Users\aaa\Desktop\fotomie
2012-09-25 21:20 - 2012-09-25 21:20 - 00000000 ____D C:\Program Files\WinHTTrack
2012-09-16 20:50 - 2012-09-16 20:50 - 00002881 ____A C:\Users\aaa\Desktop\Powermicia - collegamento.lnk
2012-09-13 08:18 - 2012-09-13 08:18 - 00012145 ____A C:\Users\aaa\AppData\Local\recently-used.xbel
2012-09-12 00:00 - 2012-09-12 00:00 - 00000000 ____D C:\Users\aaa\.thumbnails


==================== 3 Months Modified Files ==================

2012-10-08 21:50 - 2012-10-08 21:50 - 01456397 ____A (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2012-10-08 21:50 - 2012-05-23 21:57 - 00001144 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-08 21:50 - 2012-05-23 21:57 - 00001140 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-08 21:44 - 2012-10-08 21:43 - 00607260 ____R (Swearware) C:\Users\aaa\Desktop\dds.com
2012-10-08 21:14 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-08 21:14 - 2009-07-14 06:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-08 21:09 - 2012-05-24 01:34 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-08 21:06 - 2012-08-19 15:29 - 00014214 ____A C:\Windows\setupact.log
2012-10-08 21:06 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-07 23:04 - 2012-02-25 16:58 - 01161947 ____A C:\Windows\WindowsUpdate.log
2012-10-07 22:06 - 2012-05-23 21:51 - 00001152 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2147323774-1480917982-579372765-1000UA.job
2012-10-07 21:19 - 2012-10-07 21:19 - 00017860 ____A C:\Users\aaa\Desktop\HitmanPro_20121007_2119.log
2012-10-07 21:19 - 2012-10-07 21:19 - 00017860 ____A C:\Users\aaa\Desktop\HitmanPro_20121007_2118.log
2012-10-07 21:06 - 2012-05-23 21:50 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2147323774-1480917982-579372765-1000Core.job
2012-10-07 21:05 - 2012-10-07 21:05 - 00001903 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-10-07 21:00 - 2012-10-07 21:00 - 08864168 ____A (SurfRight B.V.) C:\Users\aaa\Desktop\HitmanPro36_x64.exe
2012-10-07 11:45 - 2012-02-26 01:46 - 00739254 ____A C:\Windows\System32\perfh010.dat
2012-10-07 11:45 - 2012-02-26 01:46 - 00146294 ____A C:\Windows\System32\perfc010.dat
2012-10-07 11:45 - 2009-07-14 07:13 - 01653742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-06 16:32 - 2012-09-06 21:46 - 00002542 ____A C:\Windows\PFRO.log
2012-09-25 21:10 - 2012-05-24 01:34 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-25 21:10 - 2011-10-19 19:05 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-16 22:51 - 2012-05-27 01:54 - 00000955 ____A C:\Users\aaa\Desktop\Nuovo documento di testo.txt
2012-09-16 20:50 - 2012-09-16 20:50 - 00002881 ____A C:\Users\aaa\Desktop\Powermicia - collegamento.lnk
2012-09-13 08:18 - 2012-09-13 08:18 - 00012145 ____A C:\Users\aaa\AppData\Local\recently-used.xbel
2012-09-11 19:27 - 2009-07-14 07:08 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-08 22:42 - 2009-07-14 06:45 - 00415176 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-07 22:13 - 2012-06-02 19:20 - 01631856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-06 22:00 - 2012-09-06 22:00 - 14499558 ____A C:\Users\aaa\Desktop\Backtrack 5 - Crack WPA on a WPS AP using Reaver.mp4
2012-09-03 22:03 - 2012-09-03 22:04 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-03 22:03 - 2012-09-03 22:04 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-03 22:03 - 2012-09-03 22:04 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-03 22:03 - 2012-09-03 22:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-03 22:03 - 2012-09-03 22:04 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-03 22:03 - 2012-09-03 22:04 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-03 21:37 - 2012-08-23 19:17 - 00000173 ____A C:\Windows\EQ3D.ini
2012-08-21 23:27 - 2012-07-23 11:06 - 00001118 ____A C:\Users\aaa\Desktop\GIMP 2.lnk
2012-08-21 23:27 - 2012-05-24 00:35 - 00001516 ____A C:\Users\aaa\Desktop\Spegni.lnk
2012-08-21 23:27 - 2012-05-24 00:34 - 00001526 ____A C:\Users\aaa\Desktop\Riavvia.lnk
2012-08-19 15:55 - 2012-08-18 16:22 - 00001427 ____A C:\Users\aaa\Desktop\mediaworld negozi.txt
2012-08-19 15:29 - 2012-08-19 15:29 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 15:29 - 2012-05-23 10:12 - 00000382 ____A C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
2012-08-18 15:27 - 2012-08-18 15:27 - 00000817 ____A C:\Users\Public\Desktop\ProgDVB 6.lnk
2012-08-15 13:29 - 2012-08-09 07:21 - 00000072 ____A C:\Users\Public\LMDebug.log
2012-08-14 08:16 - 2012-05-23 04:14 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-08-14 08:16 - 2012-05-23 04:14 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-08-03 04:27 - 2012-09-07 22:02 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-25 10:41 - 2012-07-25 10:41 - 00003051 ____A C:\Users\aaa\Desktop\ABBYY FineReader.lnk
2012-07-18 20:15 - 2012-09-07 21:56 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3818.9 MB
Available physical RAM: 2146.78 MB
Total Pagefile: 7636 MB
Available Pagefile: 5537.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:144.98 GB) (Free:82.05 GB) NTFS
2 Drive d: () (Fixed) (Total:139.01 GB) (Free:52.39 GB) NTFS

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 298 Gbytes 1024 Kbytes

Partitions of Disk 0:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Ripristino 14 Gb 1024 Kb
Partizione 2 Primario 100 Mb 14 Gb
Partizione 3 Primario 144 Gb 14 Gb
Partizione 0 Esteso 139 Gb 159 Gb
Partizione 4 Logico 139 Gb 159 Gb

==================================================================================

Disk: 0
Partizione 1
Tipo : 27
Nascosta: S
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partizione 14 Gb Integro Nascosto

=========================================================

Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partizione 100 Mb Integro Sistema (partition with boot components)

=========================================================

Disk: 0
Partizione 3
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partizione 144 Gb Integro Avvio

=========================================================

Disk: 0
Partizione 4
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partizione 139 Gb Integro

=========================================================

Last Boot: 2012-09-17 22:03

==================== End Of Log =============================

[scassaminchia]

ecco x es. adesso stò navignado con firefox, tutto rallentato, cpu che và tra i 30 e gli 80%

[hashcat]

Cercherò di dare un'occhiata al log il prima possibile, nel frattempo, posta il log attach.

[hashcat]

Dopo aver dato una veloce occhiata ai log, escluderei l'eventualità malware.
Detto ciò ti consiglio di rimuovere Spybot e sostituire Firefox con Palemoon (un browser basato su Firefox ma ottimizzato per offrire una maggiore velocità e leggerezza). Se non ti dovessi trovare bene con Palemoon, ti consiglio Comodo Dragon.

Fammi sapere se ci sono novità.

[scassaminchia]

e allora cosa può essere
di spybot ho il tea timer attivo, allora lo rimuoverò.
pensi si tratti proprio di firefox e di come interagisce con w7?
vorrei provare a fare prima uso solo dell'explorer integrato in W7 e vedere come và la cpu.
poi provo a mettere quello che mi hai detto

[scassaminchia]

allora veramente non ho messo i browser che mi hai suggerito ho solo usato chrome senza disinstallare nulla.
C'è sempre un comportamento anomalo con cpu che oscilla tra 20 e 70%, picchi da 100, così senza fare niente. A questo punto procedo a levare firefox e mettere proprio quel browser?
a dimenticavo: ho il windows defender attivo, la cui scansione non ha rilevato nulla

[scassaminchia]

come faccio a inserire un'immagine qui?

[hashcat]

Carichi l'immagine su Imageshack e posti il link per visionarla.