www.MegaLab.it

da **Gianciro** » sab gen 19, 2013 9:38 am

Salve, avrei un problema che si è venuto a creare quando ho provato ad installare un programma per vedere film in streaming (il sito era Uploaded.net) da quel momentosono cominciati i problemi perché ogni tanto mi si aprono pagine pubblicitarie inerenti ( dopo aver fatto una scansione con SUPEAntiSpyware sembra svanito il problema ma non ci giurerei) a quello che visito ma non richieste, per esempio se paro una pagina sullo sport mi si apre una pubblicità per es su Mediaset premium sport e simili. Leggendo il forum ho letto che altri hanno scansionato il Pc con HijackThis allora anche io lo scaricato e fatto fare una scansione, naturalmente come giustamente dite nel forum non ho toccato ne cancellato niente, ma ho salvato il file log che mi piacerebbe farvi vedere per capire se veramente il mio Pc e infetto. Grazie in anticipo per le eventuali aiuti.

P.s. Anti virus in mio possesso e Avest, sistema operativo windows 7- 64 bit e ho anche SUPERAntiSpyware.

ecco la scansione con HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:14:56, on 19/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Chiavetta Internet\Chiavetta Internet.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gianciro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}: NameServer = 213.230.130.222 213.230.129.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Gianciro\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Gianciro\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14282 bytes

da **crazy.cat** » sab gen 19, 2013 10:15 am

Poweroffer colpisce ancora
http://www.MegaLab.it/8144/come-rimuove ... i-computer
Segui le istruzioni dell'articolo.

Consiglio di cambiare superantispyware con malwarebytes. Molto più efficace.

da **hashcat** » sab gen 19, 2013 3:18 pm

Prima di tutto rimuovi PowerOffer (come suggerito da crazy.cat).

Oltre a qualche schifezza (nel log di HijackThis), le righe 017 riportano dei DNS malevoli che probabilmente sono i responsabili della comparsa degli annunci pubblicitari. Dunque effettua una nuova scansione con HijackThis e "fixa" i seguenti elementi:

Codice: Seleziona tutto: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25

Per completezza utilizza AdwCleaner per ripulire ulteriormente il pc da PUP e toolbar.
Infine effettua una scansione completa con Malwarebytes Anti-Malware, rimuovi tutte le (eventuali) minacce rilevate e postane il relativo log.

da **Gianciro** » sab gen 19, 2013 5:19 pm

Grazie inanzitutto per le risposte tempestive ed esaurienti. Ho fatto la nuova scanzione con HijackThis ecco il cosa esce adesso:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:09, on 19/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Chiavetta Internet\Chiavetta Internet.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gianciro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}: NameServer = 213.230.130.222 213.230.129.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13830 bytes

Poi ho fatto la scansione con AdwCleaner

# AdwCleaner v2.106 - Logfile creato il 19/01/2013 alle 17:16:23
# Aggiornamento 17/01/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Gianciro - GIANCIRO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Gianciro\Downloads\AdwCleaner.exe
# Opzioni [Cerca]

***** [Servizi] *****

***** [File / Cartelle] *****

Cartella Trovato : C:\Program Files (x86)\Iminent
Cartella Trovato : C:\ProgramData\Babylon
Cartella Trovato : C:\ProgramData\Tarma Installer
Cartella Trovato : C:\Users\Gianciro\AppData\Local\AddLyrics
Cartella Trovato : C:\Users\Gianciro\AppData\Local\Babylon
Cartella Trovato : C:\Users\Gianciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Cartella Trovato : C:\Users\Gianciro\AppData\Local\Wajam
Cartella Trovato : C:\Users\Gianciro\AppData\Roaming\Babylon
Cartella Trovato : C:\Users\Gianciro\AppData\Roaming\iWin
Cartella Trovato : C:\Users\Gianciro\AppData\Roaming\pdfforge

***** [Registro] *****

Chiave Trovata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Trovata : HKCU\Software\DataMngr
Chiave Trovata : HKCU\Software\Iminent
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Chiave Trovata : HKLM\Software\Babylon
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Trovata : HKLM\Software\Iminent
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Trovata : HKLM\SOFTWARE\DataMngr
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Chiave Trovata : HKLM\SOFTWARE\Tarma Installer
Chiave Trovata : HKU\S-1-5-21-2199137416-1882439281-775328710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Gianciro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [11825 octets] - [19/01/2013 17:04:49]
AdwCleaner[R2].txt - [11851 octets] - [19/01/2013 17:16:23]

########## EOF - C:\AdwCleaner[R2].txt - [11912 octets] ##########

poi con Malwarebytes Anti-malware

Malwarebytes Anti-Malware (Prova) 1.70.0.1100
http://www.malwarebytes.org

Versione database: v2013.01.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gianciro :: GIANCIRO-PC [amministratore]

Protezione: Attivata

19/01/2013 17:01:57
mbam-log-2013-01-19 (17-01-57).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 209548
Tempo impiegato: 3 minuti, 11 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

Grazie per l'aiuto.

da **crazy.cat** » sab gen 19, 2013 5:24 pm

Hai ancora un servizio da eliminare
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
e con malwarebytes hai fatto la scansione veloce e non quella completa.

da **hashcat** » sab gen 19, 2013 5:40 pm

Purtroppo vedo che i DNS non sono stati sostituiti, ti toccherà farlo manualmente.

Premi la combinazione di tasti WIN+R e nel campo che appare impartisci il seguente comando:

Codice: Seleziona tutto: control.exe netconnections

Quindi segui quanto indicato in QUESTO articolo ed imposta come DNS i seguenti:

Server DNS preferito: 87.118.111.215
Server DNS alternativo: 80.79.54.55

P.S.: Sempre attraverso WIN+R impartendo i seguenti comandi puoi eliminare il servizio in questione:

Codice: Seleziona tutto: sc delete "SoftwareUpd"

poi

Codice: Seleziona tutto: DEL /F /Q "C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"

da **Gianciro** » sab gen 19, 2013 9:27 pm

Grazie per gli aiuti, ecco il nuovo scansione con Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:29:32, on 19/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Chiavetta Internet\Chiavetta Internet.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gianciro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}: NameServer = 213.230.130.222 213.230.129.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13943 bytes

Ecco la scansione completa con Malwarebytes Anti-Malware

Malwarebytes Anti-Malware (Prova) 1.70.0.1100
http://www.malwarebytes.org

Versione database: v2013.01.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gianciro :: GIANCIRO-PC [amministratore]

Protezione: Disattivata

19/01/2013 17:30:00
mbam-log-2013-01-19 (17-30-00).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 420609
Tempo impiegato: 50 minuti, 9 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

poi ho fatto tutto tranne

DEL /F /Q "C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"

mi dice file DEL non trovato.
Grazie.

da **hashcat** » dom gen 20, 2013 10:03 am

Visto che HijackThis non funziona correttamente con i sistemi a 64 Bit, usa DDS e OTL.

Istruzioni d'uso DDS:

Scarica DDS da qui
Disabilita temporaneamente tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare DDS
Rinomina DDS con un nome fantasioso
Avvialo facendo doppio click
Aspetta fino al completamento della scansione
Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
Salva il log DDS come DDS.txt sul Desktop ed includilo nel tuo prossimo messaggio
Salva il log Attach come Attach.txt sul Desktop ed includilo nel tuo prossimo messaggio
Se i log dovessero eccedere il numero massimo di caratteri consentiti per messaggio caricali su Pastebin

E un log di OTL:

Scarica OTL da qui
Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
Rinomina OTL con un nome fantasioso
Avviare OTL mediante doppio click
Quando apparirà la schermata di OTL regolare le impostazioni come segue:
Cliccare su Run Scan per avviare la scansione
Non utilizzare il computer durante l'esecuzione di OTL
Al termine della scansione verranno generati due log e appariranno due finestre del Blocco Note
Salva il log OTL come OTL.txt sul Desktop ed includilo nel tuo prossimo messaggio
Salva il log Extra come Extra.txt sul Desktop ed includilo nel tuo prossimo messaggio
Se i log dovessero eccedere il numero massimo di caratteri consentiti per messaggio caricali su Pastebin

Buon lavoro.

[weponed]

da **hashcat** » dom gen 20, 2013 10:24 am

Mi sono accorto che hai utilizzato Adwcleaner in modalità cerca (senza pulizia), riutilizza il prodotto cliccando su "Delete" e posta il relativo log.

Immagine

Infine vorrei consultare un log di SystemLook:

Scarica SystemLook da qui
Avvia SystemLook
Inserisci il seguente script nella casella di testo (copia e incolla):

Codice: Seleziona tutto
:reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /sub :service SoftwareUpd :filefind SoftwareUpdService.exe ::env
Disattiva o termina tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare SystemLook
Clicca su
Aspetta finché non verrà generato un log e aperto con il Blocco Note
Dal menu del Blocco Note seleziona la voce Modifica >> Seleziona Tutto e successivamente Modifica >> Copia
Inserisci il contenuto copiato nel tuo prossimo messaggio

da **Gianciro** » dom gen 20, 2013 2:18 pm

Grazie per le risposte tempestive e accurate, ecco i resoconti delle scansioni:

1) ecco il file log ottenuto con la scansione con dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Gianciro at 12:15:48 on 2013-01-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3894.2399 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Tor\tor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: Interfaces\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E} : NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256} : NameServer = 176.31.229.24,176.31.229.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-12 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-12 370288]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-27 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-12 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-12 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-1 44808]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-19 398184]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-8-6 11576]
R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2012-2-17 2745870]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-27 2320920]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-16 227896]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Audio schermo Intel(R);C:\Windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-19 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-19 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 SoftwareUpd;Software Upd;C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2013-1-16 161280]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-27 225280]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-1-24 166704]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 ServUpdater;Serv Updater;C:\Users\Gianciro\AppData\Local\ServUpdater\ServiceUpd.exe [2013-1-18 156160]
.
=============== Created Last 30 ================
.
2013-01-19 16:00:39 -------- d-----w- C:\Users\Gianciro\AppData\Roaming\Malwarebytes
2013-01-19 16:00:32 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-19 16:00:29 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-19 16:00:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-19 08:08:32 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-18 15:53:09 -------- d-----w- C:\Users\Gianciro\AppData\Local\ServUpdater
2013-01-18 15:53:09 -------- d-----w- C:\Users\Gianciro\AppData\Local\PosService
2013-01-18 08:27:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-18 08:19:09 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F528977D-15D7-4A89-87E6-3EB8C5A73576}\mpengine.dll
2013-01-17 18:38:52 -------- d-----w- C:\ProgramData\RegRun
2013-01-17 18:38:38 -------- d-----w- C:\Program Files (x86)\UnHackMe
2013-01-16 13:58:23 -------- d-----w- C:\Users\Gianciro\AppData\Local\SoftwareUpdater
2013-01-16 13:58:23 -------- d-----w- C:\Program Files (x86)\MyPcCleaner
2013-01-16 13:50:55 -------- d-----w- C:\Users\Gianciro\AppData\Roaming\KC Softwares
2013-01-16 13:48:11 -------- d-----w- C:\Users\Gianciro\AppData\Roaming\FILEminimizerPictures
2013-01-16 13:43:50 -------- d-----w- C:\Users\Gianciro\AppData\Local\Programs
2013-01-09 08:07:45 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 08:07:45 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 08:07:01 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 08:07:00 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 08:06:58 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 08:06:58 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 08:06:43 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 08:06:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 08:06:42 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 08:06:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 08:06:25 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 08:06:23 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-21 17:21:41 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2013-01-19 07:49:26 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-19 07:49:26 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 12:15:59,68 ===============

1a) ecco il file log attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/01/2012 19:29:01
System Uptime: 20/01/2013 11:37:29 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1425
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 183,946 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2,112 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0,091 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP166: 13/01/2013 13:40:33 - Punto di controllo pianificato
RP167: 15/01/2013 11:30:37 - Windows Update
RP168: 17/01/2013 09:04:42 - Installed Java 7 Update 11
RP169: 17/01/2013 19:40:56 - RegRun Virus Scan
RP170: 17/01/2013 19:45:37 - RegRun Virus Scan
RP171: 18/01/2013 09:26:40 - Installed Java 7 Update 11
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5) - Italiano
Adobe Shockwave Player
Assistente per l'accesso a Windows Live
Atheros Driver Installation Program
avast! Free Antivirus
Bing Bar
BufferChm
CCleaner
Chiavetta Internet
Combined Community Codec Pack 2011-11-11
Copy
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Destinations
DeviceDiscovery
DJ_AIO_03_F2200_Software_Min
eMule
ESU for Microsoft Windows 7
F2200
Giochi WildTangent
Google Earth Plug-in
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
HP Games
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides
HP Wireless Assistant
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel® Matrix Storage Manager
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 17 (64-bit)
Java(TM) 6 Update 37
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware versione 1.70.0.1100
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
Microsoft .NET Framework 4 Client Profile ITA Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Norton Online Backup
Pacchetto di compatibilità per Office System 2007
PC CALCIO 2001
PDFCreator
PokerStars.it
Power2Go
PowerDirector
QLBCASL
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Samsung SCX-4300 Series
Samsung Universal Print Driver
Samsung Universal Scan Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop for HP Supplies
Skype Click to Call
Skype™ 6.0
SmartWebPrinting
SolutionCenter
Status
Strumento di caricamento di Windows Live
Super Granny
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VLC media player 2.0.1
WEBpatente 4.0
WebReg
WildTangent Games App
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinRAR 4.01 (64-bit)
Yahoo! Toolbar
.
==== End Of File ===========================

da **Gianciro** » dom gen 20, 2013 2:21 pm

ecco il file log ottenuto con OTL:

OTL logfile created on: 20/01/2013 12:17:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianciro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 61,05% Memory free
7,60 Gb Paging File | 5,97 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,15 Gb Total Space | 183,95 Gb Free Space | 64,51% Space Free | Partition Type: NTFS
Drive D: | 12,64 Gb Total Space | 2,11 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 93,54 Mb Free Space | 94,16% Space Free | Partition Type: FAT32
Drive G: | 28,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIANCIRO-PC | User Name: Gianciro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 11:49:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gianciro\Downloads\io-OTL.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2010/08/09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2013/01/19 08:49:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/14 17:52:34 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (SoftwareUpd)
SRV - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Disabled | Stopped] -- C:\Users\Gianciro\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programmi\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/01/03 22:50:28 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}
IE - HKCU\..\SearchScopes\{177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]

[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions
[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions\rmastri@liceomalpighi.bo.it

========== Chrome ==========

CHR - homepage: http://search.findeer.com
CHR - homepage: http://search.findeer.com

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/21 18:12:34 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/06 23:13:04 | 000,000,094 | R--- | M] () - G:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\Malwarebytes
[2013/01/19 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 17:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/19 17:00:29 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/19 17:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/19 09:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\ServUpdater
[2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\PosService
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/18 09:27:20 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/17 19:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/01/17 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\Documents\RegRun2
[2013/01/17 19:38:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/01/17 19:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\SoftwareUpdater
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPcCleaner
[2013/01/16 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\KC Softwares
[2013/01/16 14:48:11 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\FILEminimizerPictures
[2013/01/16 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\Programs
[2013/01/09 09:10:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 09:10:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 09:10:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 09:10:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 09:10:35 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 09:10:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 09:10:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 09:10:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 09:10:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 09:10:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 09:10:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 09:10:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 09:10:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 09:10:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 09:10:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 09:10:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 09:10:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 09:10:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 09:10:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 09:10:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 09:07:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 09:06:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 09:06:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 09:06:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 09:06:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/12/21 18:21:51 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\Skype
[2012/12/21 18:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/21 18:21:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/12/21 18:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/21 18:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2013/01/20 12:16:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 11:45:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 11:45:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 11:40:11 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 11:38:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 11:37:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 11:37:37 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 17:00:34 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 16:44:35 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 16:44:35 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/01/19 16:44:35 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 16:44:35 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/01/19 16:44:35 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/19 11:25:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGianciro.job
[2013/01/19 08:49:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 08:49:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/17 19:46:52 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 15:12:58 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/09 12:21:51 | 000,439,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/01 11:31:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/01/19 17:00:34 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/17 19:41:40 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 14:48:41 | 000,000,906 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/09/02 19:28:30 | 000,172,737 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012/09/02 19:28:30 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\99QqwON2.lnk
[2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\869MMgqw.lnk
[2012/03/08 10:25:55 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/03/03 23:39:56 | 000,000,772 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/03 15:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Gianciro\AppData\Roaming\wklnhst.dat
[2012/01/24 19:08:36 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012/01/24 16:52:56 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012/01/24 09:41:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/01/14 21:36:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

da **Gianciro** » dom gen 20, 2013 2:22 pm

ecco il file log Extra:

OTL Extras logfile created on: 20/01/2013 12:17:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianciro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 61,05% Memory free
7,60 Gb Paging File | 5,97 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,15 Gb Total Space | 183,95 Gb Free Space | 64,51% Space Free | Partition Type: NTFS
Drive D: | 12,64 Gb Total Space | 2,11 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 93,54 Mb Free Space | 94,16% Space Free | Partition Type: FAT32
Drive G: | 28,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIANCIRO-PC | User Name: Gianciro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4444FCD5-4811-4702-8B21-E262AE75A298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AEBD86CE-52B0-4BF6-90B2-D645D873CF1A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0004605B-3374-4483-92A5-6646B7275C15}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{01CBEDE3-BFF0-4C80-B398-6EB550F9DE8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{09DBA2D0-82F9-46FE-95EA-D85D9F0832A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{24872D2D-47EE-4987-BD35-8C5667D4D83E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{28C3169D-7A4F-4FBC-811C-FD8022C7D72C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{39E070C0-6D03-418A-98EA-E7A3DBD94F07}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3D479D85-AF9A-4D25-AD33-F906FC25BB91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4D90A4D1-1F8B-4958-AC6F-27B1AA05DE33}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{4E3A7017-B283-48F9-A675-5905F8B1FC57}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{60278310-4C2D-49D0-A9A0-049622562106}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{67E9FCC3-5E13-4890-8287-B55E20B223C7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{79ECAC57-FB0D-4826-A0AC-5AA34824BD82}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{88397C88-123D-481B-891D-B088BE296A17}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8884CFFE-3437-40E9-BDD9-932F27F1F3DB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{8B28F4A8-B4B1-4F87-B533-62B75339363E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8DF82444-7420-4C1A-B262-722FE6E4AC44}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{933E8C17-3193-4BC4-B948-8C8AE4C7DEE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{99CD0A9E-4946-418F-BE9D-90751C61F4D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A2C75C9A-1813-4D3F-92F9-6A88C06057CC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A33A4F9F-77E7-4880-95F8-BDA3E7D37CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{AE7D4244-DFFC-4AED-A5FA-D5A69B62C4B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B4D67E32-D15D-4A72-B05D-C0053FC35D78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B63BD352-7C90-4F29-B79A-AB05D4F980F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BB769CB1-55DE-4BF5-9AAE-1EF25268BBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{BCF007ED-AD40-4521-843F-1CDCEA981E5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{BD5BB135-1528-4632-A459-38F4A2177FC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D580C680-BE04-4008-9D32-064594134719}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D612A2EF-5FB4-4D6C-BF01-724588DAE247}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{DE83791E-EFF8-4653-96DF-81E52FD43259}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E77C1D3D-5134-422B-97A4-37B5FAFFD3BB}" = protocol=58 | dir=in | app=system |
"{EEF65FF3-B46E-49C8-9367-B06FFC1C3E69}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{096A58D6-5678-44E4-BF89-30AC2225A062}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{45207FF3-8BF2-4E90-971C-56F8EF48ADF2}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{D864484B-8F47-4E8F-8E71-FB3016078440}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{85AE7557-E87F-4B33-8365-37EDB0A02374}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{8F388BB6-1E82-4893-8473-6C78A3F1111D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B337D103-C02C-4DDF-982A-C2A85AE88A1F}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B558182-7C97-4C21-B67F-36AED6C841AC}" = PC CALCIO 2001
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A079056-B42D-49C2-903C-8DC125E2BC32}" = Windows Live Movie Maker
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B802669-7722-4F83-8054-930832188033}" = Raccolta foto di Windows Live
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Italiano
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D35F2948-56D5-43C2-8524-8893AED0469C}_is1" = WEBpatente 4.0
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"Chiavetta Internet" = Chiavetta Internet
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"EasyBits Magic Desktop" = Magic Desktop
"eMule" = eMule
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"PokerStars.it" = PokerStars.it
"Samsung SCX-4300 Series" = Samsung SCX-4300 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = Giochi WildTangent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WTA-eb3274b1-5206-4be6-9047-507547fbd3da" = Super Granny
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/09/2012 15:01:10 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 06/09/2012 02:12:25 | Computer Name = Gianciro-PC | Source = ESENT | ID = 455
Description = Windows (3440) Windows: Errore -1811 durante l'apertura del file di
registro C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00043.log.

Error - 06/09/2012 02:12:25 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 06/09/2012 02:12:25 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 06/09/2012 02:12:25 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 06/09/2012 02:12:26 | Computer Name = Gianciro-PC | Source = Windows Search Service | ID = 7010
Description =

[ Hewlett-Packard Events ]
Error - 10/04/2012 02:59:57 | Computer Name = Gianciro-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/08/2012 13:24:31 | Computer Name = Gianciro-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/08/2012 13:24:31 | Computer Name = Gianciro-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 19/01/2013 18:44:51 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Windows Search non è stato avviato per il seguente errore:
%%1053

Error - 19/01/2013 18:44:59 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Windows Search.

Error - 19/01/2013 18:44:59 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Windows Search non è stato avviato per il seguente errore:
%%1053

Error - 19/01/2013 18:44:59 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Windows Search.

Error - 19/01/2013 18:44:59 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Windows Search non è stato avviato per il seguente errore:
%%1053

Error - 19/01/2013 18:45:00 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Windows Search.

Error - 19/01/2013 18:45:00 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Windows Search non è stato avviato per il seguente errore:
%%1053

Error - 20/01/2013 06:38:00 | Computer Name = Gianciro-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio DgiVecp non è stato avviato per il seguente errore: %%2

Error - 20/01/2013 06:42:48 | Computer Name = Gianciro-PC | Source = Server | ID = 2505
Description = Il server non ha potuto effettuare il binding del trasporto \Device\NetBT_Tcpip_{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}
perché un altro computer sulla rete ha lo stesso nome. Impossibile avviare il server.

Error - 20/01/2013 06:43:15 | Computer Name = Gianciro-PC | Source = Server | ID = 2505
Description = Il server non ha potuto effettuare il binding del trasporto \Device\NetBT_Tcpip_{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}
perché un altro computer sulla rete ha lo stesso nome. Impossibile avviare il server.

< End of report >

da **Gianciro** » dom gen 20, 2013 2:24 pm

ecco il file log con la scansione con AdwCleaner:

# AdwCleaner v2.106 - Logfile creato il 20/01/2013 alle 12:30:16
# Aggiornamento 17/01/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Gianciro - GIANCIRO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Gianciro\Downloads\AdwCleaner.exe
# Opzioni [Elimina]

***** [Servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\Users\Gianciro\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [Registro] *****

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Gianciro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [11825 octets] - [19/01/2013 17:04:49]
AdwCleaner[R2].txt - [11886 octets] - [19/01/2013 17:16:23]
AdwCleaner[R3].txt - [11947 octets] - [19/01/2013 23:41:35]
AdwCleaner[S1].txt - [12097 octets] - [19/01/2013 23:42:38]
AdwCleaner[S2].txt - [1090 octets] - [20/01/2013 12:30:16]

########## EOF - C:\AdwCleaner[S2].txt - [1150 octets] ##########

Infine ecco il file log con la scansione con systemLock:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:33 on 20/01/2013 by Gianciro
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}]
"UseZeroBroadcast"= 0x0000000000 (0)
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"NameServer"="176.31.229.24,176.31.229.25"
"Domain"=""
"RegistrationEnabled"= 0x0000000001 (1)
"RegisterAdapterName"= 0x0000000000 (0)
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"= 0x0000000000 (0)
"LeaseObtainedTime"= 0x0000000000 (0)
"T1"= 0x0000000000 (0)
"T2"= 0x0000000000 (0)
"LeaseTerminatesTime"= 0x0000000000 (0)
"AddressType"= 0x0000000000 (0)
"IsServerNapAware"= 0x0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}]
"NameServer"="176.31.229.24,176.31.229.25"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}]
"UseZeroBroadcast"= 0x0000000000 (0)
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"NameServer"="176.31.229.24,176.31.229.25"
"Domain"=""
"RegistrationEnabled"= 0x0000000001 (1)
"RegisterAdapterName"= 0x0000000000 (0)
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"= 0x0000000000 (0)
"LeaseObtainedTime"= 0x0000000000 (0)
"T1"= 0x0000000000 (0)
"T2"= 0x0000000000 (0)
"LeaseTerminatesTime"= 0x0000000000 (0)
"AddressType"= 0x0000000000 (0)
"IsServerNapAware"= 0x0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}]
"UseZeroBroadcast"= 0x0000000000 (0)
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"NameServer"="176.31.229.24,176.31.229.25"
"Domain"=""
"RegistrationEnabled"= 0x0000000001 (1)
"RegisterAdapterName"= 0x0000000000 (0)
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"= 0x0000000000 (0)
"LeaseObtainedTime"= 0x0000000000 (0)
"T1"= 0x0000000000 (0)
"T2"= 0x0000000000 (0)
"LeaseTerminatesTime"= 0x0000000000 (0)
"AddressType"= 0x0000000000 (0)
"IsServerNapAware"= 0x0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F29DEA42-A2D1-4ED9-8C30-AE9F7F877D80}]
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"= 0x0000000000 (0)
"RegisterAdapterName"= 0x0000000000 (0)
"DhcpInterfaceOptions"=0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 c9 fb 50 (REG_BINARY)
"VPNInterface"= 0x0000000001 (1)

========== service ==========

SoftwareUpd
Software Upd
"Software Upd"
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: "C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

========== filefind ==========

Searching for "SoftwareUpdService.exe"
C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe --a---- 161280 bytes [13:58 16/01/2013] [16:52 14/06/2012] A9C682318E7C2E8DB5BCF8057FA1E468

========== Environment Variables ==========

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Gianciro\AppData\Roaming
asl.log=%asl.log%
CLASSPATH=%CLASSPATH%
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GIANCIRO-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=%configsetroot%
DFSTRACINGON=%DFSTRACINGON%
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Gianciro
LOCALAPPDATA=C:\Users\Gianciro\AppData\Local
LOGONSERVER=\\GIANCIRO-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=2502
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=%PROMPT%
PUBLIC=C:\Users\Public
QTJAVA=%QTJAVA%
SESSIONNAME=%SESSIONNAME%
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Gianciro\AppData\Local\Temp
TMP=C:\Users\Gianciro\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=%TRACE_FORMAT_SEARCH_PATH%
USERDOMAIN=Gianciro-PC
USERNAME=Gianciro
USERPROFILE=C:\Users\Gianciro
VBOX_INSTALL_PATH=%VBOX_INSTALL_PATH%
windir=C:\Windows

-= EOF =-

Spero di aver fatto tutto bene. Grazie.

da **hashcat** » dom gen 20, 2013 4:09 pm

Appena possibile do un'occhiata approfondita ai log che hai postato, nel frattempo scarica i seguenti script per reimpostare i DNS legittimi e rimuovere il servizio indesiderato:

dns_nameserver_fix.reg

e

softwareudp_cleaner.reg

Una volta scaricati esegui il primo, poi il secondo e riavvia il computer. Infine posta i log di OTL aggiornati.

[^]

da **Gianciro** » dom gen 20, 2013 9:19 pm

Ecco il file log di OTL:

OTL logfile created on: 20/01/2013 19:43:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianciro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 70,84% Memory free
7,60 Gb Paging File | 6,43 Gb Available in Paging File | 84,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,15 Gb Total Space | 181,90 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 12,64 Gb Total Space | 2,11 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 93,54 Mb Free Space | 94,16% Space Free | Partition Type: FAT32

Computer Name: GIANCIRO-PC | User Name: Gianciro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 11:49:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gianciro\Downloads\io-OTL.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2010/08/09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2013/01/19 08:49:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Disabled | Stopped] -- C:\Users\Gianciro\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programmi\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/01/03 22:50:28 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}
IE - HKCU\..\SearchScopes\{177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]

[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions
[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions\rmastri@liceomalpighi.bo.it

========== Chrome ==========

CHR - homepage: http://search.findeer.com
CHR - homepage: http://search.findeer.com

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\Malwarebytes
[2013/01/19 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 17:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/19 17:00:29 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/19 17:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/19 09:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\ServUpdater
[2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\PosService
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/18 09:27:20 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/17 19:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/01/17 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\Documents\RegRun2
[2013/01/17 19:38:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/01/17 19:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\SoftwareUpdater
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPcCleaner
[2013/01/16 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\KC Softwares
[2013/01/16 14:48:11 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\FILEminimizerPictures
[2013/01/16 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\Programs
[2013/01/09 09:10:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 09:10:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 09:10:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 09:10:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 09:10:35 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 09:10:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 09:10:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 09:10:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 09:10:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 09:10:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 09:10:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 09:10:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 09:10:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 09:10:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 09:10:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 09:10:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 09:10:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 09:10:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 09:10:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 09:10:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 09:07:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 09:06:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 09:06:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 09:06:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 09:06:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

========== Files - Modified Within 30 Days ==========

[2013/01/20 19:42:12 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 19:41:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 19:41:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 19:40:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 19:17:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 19:17:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 19:16:21 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/20 19:16:21 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/01/20 19:16:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/20 19:16:21 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/01/20 19:16:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/20 19:16:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 17:00:34 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 11:25:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGianciro.job
[2013/01/19 08:49:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/19 08:49:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/17 19:46:52 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 15:12:58 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/09 12:21:51 | 000,439,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/01 11:31:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/01/19 17:00:34 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/17 19:41:40 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 14:48:41 | 000,000,906 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/09/02 19:28:30 | 000,172,737 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012/09/02 19:28:30 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\99QqwON2.lnk
[2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\869MMgqw.lnk
[2012/03/08 10:25:55 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/03/03 23:39:56 | 000,000,772 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/03 15:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Gianciro\AppData\Roaming\wklnhst.dat
[2012/01/24 19:08:36 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012/01/24 16:52:56 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012/01/24 09:41:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/01/14 21:36:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edit by Andy94: per favore, quando inserisci un log in un messaggio qui nel forum, abbi l'accortezza di selezionarlo tutto e premere il tasto MEMO nell'interfaccia di inserimento messaggio. In questo modo, come richiesto dal regolamento, renderai la pagina meno difficoltosa da leggere e gestire, nascondendo i listati in blocchi apribili dai vari pulsanti Mostra.
Grazie per la collaborazione.

da **hashcat** » lun gen 21, 2013 4:13 pm

Rimane ancora qualche schifezza da pulire.

Come prima cosa scarica il fix servupdater_cleaner.reg ed eseguilo.
Disinstalla da Pannello di Controllo "Bing Bar" e fai un po' di pulizia con OTL.

Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
Avviare OTL mediante doppio click
Inserire il seguente script nella casella Custom Scans/Fixes di OTL e cliccare Run Fix

Codice: Seleziona tutto
:OTL [2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\ServUpdater [2013/01/18 16:53:09 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\PosService CHR - homepage: http://search.findeer.com CHR - homepage: http://search.findeer.com IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found O4 - HKLM..\Run: [] File not found O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe (PokerStars) O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun O33 - MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell - "" = AutoRun O33 - MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe [2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\99QqwON2.lnk [2012/04/11 10:44:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\869MMgqw.lnk :Files ipconfig /flushdns :Commands [CLEARALLRESTOREPOINTS] [EMPTYTEMP] [PURITY] [RESETHOSTS]
Il computer verrà riavviato.

Dunque posta il log generato utilizzando QUESTO strumento.

Infine desidererei poter consultare un log di HitmanPro e TDSSKiller.

HitmanPro:

Scarica HitmanPro da QUI ed eseguilo
Avvia una scansione completa
Se al termine della stessa vengono rilevate minacce, attiva la licenza di prova e rimuovile
Salva il log e postalo sul forum

TDSSKiller:

Scarica TDSSKiller da qui
Estrailo dall'archivio ZIP compresso
Rinominalo in modo casuale
Esegui TDSSKiller e clicca su "Change Parameters"
Seleziona tutte le caselle
Riavvia come richiesto lo strumento
Effettua una scansione cliccando su Start Scan
Al termine della scansione verrà mostrata una schermata con i rilevamenti
Seleziona l'opzione "Cure" per i rilevamenti "malicious" e l'opzione "Skip" per quelli "Suspicious"
Clicca su Next/Continue per applicare le azioni
Per portare a termine la disinfezione TDSSKiller potrebbe richiedere un riavvio del computer
Al termine della procedura posta il log di TDSSKiller che si trova in C:\

P.S.: Se anche questi ultimi log non evidenziano anomalie, possiamo passare alla fase finale.

[^]

da **Gianciro** » mar gen 22, 2013 4:17 pm

Grazie per l'aiuto ecco i tre file log spero di aver fatto tutto bene:

file log OTL

All processes killed
========== OTL ==========
C:\Users\Gianciro\AppData\Local\ServUpdater\settings folder moved successfully.
C:\Users\Gianciro\AppData\Local\ServUpdater folder moved successfully.
C:\Users\Gianciro\AppData\Local\PosService\settings folder moved successfully.
C:\Users\Gianciro\AppData\Local\PosService folder moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0\ deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C4046502-6524-4d87-896C-878F57D1FF07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4046502-6524-4d87-896C-878F57D1FF07}\ not found.
C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a6386aa-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d98df8c8-a429-11e1-9ebc-00269ee7fbc7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
C:\ProgramData\99QqwON2.lnk moved successfully.
C:\ProgramData\869MMgqw.lnk moved successfully.
========== FILES ==========
Invalid Switch: flushdns
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Gianciro
->Temp folder emptied: 314339 bytes
->Temporary Internet Files folder emptied: 235835535 bytes
->Java cache emptied: 7868 bytes
->Flash cache emptied: 8242799 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 546110 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50321 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01222013_143703

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

file log ottenuto con scansione HitmanPro:

HitmanPro 3.7.0.185
http://www.hitmanpro.com

Computer name . . . . : GIANCIRO-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Gianciro-PC\Gianciro
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2013-01-22 16:06:03
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 2

Objects scanned . . . : 1.795.776
Files scanned . . . . : 14.272
Remnants scanned . . : 310.002 files / 1.471.502 keys

Malware _____________________________________________________________________

C:\Users\Gianciro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -> Quarantined
Size . . . . . . . : 161.280 bytes
Age . . . . . . . : 6.0 days (2013-01-16 14:58:23)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 8B0582B3F4F00FA2CFDCAE6437E31017B812E88B51A2738CE80B85B1C2763560
Product . . . . . : SoftwareUpdService
Publisher . . . . : SoftwareUpdService
Description . . . : SoftwareUpdService
Version . . . . . : 1.0
Copyright . . . . : Copyright © SoftwareUpdService 2012
> Ikarus . . . . . . : Win32.SuspectCrc!IK
Fuzzy . . . . . . : 102.0

Repairs _____________________________________________________________________

hosts
C:\Windows\system32\drivers\etc\

da **crazy.cat** » mar gen 22, 2013 4:58 pm

Gianciro ha scritto:Grazie per l'aiuto ecco i tre file log spero di aver fatto tutto bene:

Tranne il tag memo per inserire i log.... [ciao]

da **hashcat** » mar gen 22, 2013 5:14 pm

Hai dimenticato di postare il log di TDSSKiller ma a questo punto credo non sia necessario.

Posta un log aggiornato di OTL. Se anche quest'ultimo risulterà pulito e il tuo computer non manifesta problemi (questo devi specificarlo tu), possiamo passare all'ultima fase della pulizia (aggiornamento / sostituzione dei software (potenzialmente) vulnerabili.

[^]

da **Gianciro** » mer gen 23, 2013 9:01 am

Il computer risponde bene non compaiono più pubblicità indesiderate, posto il file log aggiornato di OTL:

OTL logfile created on: 22/01/2013 17:38:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gianciro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 66,31% Memory free
7,60 Gb Paging File | 6,23 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,15 Gb Total Space | 184,01 Gb Free Space | 64,53% Space Free | Partition Type: NTFS
Drive D: | 12,64 Gb Total Space | 2,11 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 93,54 Mb Free Space | 94,16% Space Free | Partition Type: FAT32
Drive G: | 28,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GIANCIRO-PC | User Name: Gianciro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/22 11:01:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gianciro\Downloads\OTL.exe
PRC - [2013/01/21 17:49:47 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/08/28 04:58:52 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2010/08/09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2013/01/21 17:49:48 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/17 16:43:25 | 002,745,870 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 03:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programmi\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/01/03 22:50:28 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}
IE - HKCU\..\SearchScopes\{177BCA6D-4FDA-4CA7-B80F-21177C7E5E78}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{7EBF6D55-BEE1-4761-8597-4BB0822E2FBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/02 19:32:39 | 000,000,000 | ---D | M]

[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions
[2012/02/14 18:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gianciro\AppData\Roaming\mozilla\Extensions\rmastri@liceomalpighi.bo.it

========== Chrome ==========

CHR - homepage: http://search.findeer.com
CHR - homepage: http://search.findeer.com

O1 HOSTS File: ([2013/01/22 16:08:55 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37D0FBA1-09C6-48B6-A4ED-148A1FECF258}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD155B5C-B248-4F90-BCD0-0BB4FEB45B8E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B2F7EB-9A44-42EA-8EBF-7AB1789D4256}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/21 18:12:34 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/06 23:13:04 | 000,000,094 | R--- | M] () - G:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6386af-3c2f-11e1-9f23-00269ee7fbc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009/08/26 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\PokerStars
[2013/01/22 16:08:55 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/22 14:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/01/22 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/22 14:37:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 17:48:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/01/19 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\Malwarebytes
[2013/01/19 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 17:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/19 17:00:29 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/19 17:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/19 09:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/18 09:27:20 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/18 09:27:20 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/17 19:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/01/17 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\Documents\RegRun2
[2013/01/17 19:38:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/01/17 19:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\SoftwareUpdater
[2013/01/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPcCleaner
[2013/01/16 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\KC Softwares
[2013/01/16 14:48:11 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Roaming\FILEminimizerPictures
[2013/01/16 14:43:50 | 000,000,000 | ---D | C] -- C:\Users\Gianciro\AppData\Local\Programs
[2013/01/09 09:10:38 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 09:10:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 09:10:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 09:10:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 09:10:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 09:10:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 09:10:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 09:10:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 09:10:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 09:10:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 09:10:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 09:10:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 09:10:35 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 09:10:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 09:10:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 09:10:31 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 09:10:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 09:10:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 09:10:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 09:10:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 09:10:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 09:10:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 09:10:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 09:10:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 09:10:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 09:10:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 09:10:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 09:10:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 09:10:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 09:10:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 09:10:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 09:10:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 09:10:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 09:10:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 09:10:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 09:07:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 09:06:43 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 09:06:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 09:06:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 09:06:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

========== Files - Modified Within 30 Days ==========

[2013/01/22 17:40:11 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 17:36:32 | 008,648,537 | ---- | M] () -- C:\Users\Gianciro\Desktop\CatGiulietta_ITAINT.pdf
[2013/01/22 17:16:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 17:00:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 17:00:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 16:49:06 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 16:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/22 16:49:02 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 16:09:10 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/22 16:09:10 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/01/22 16:09:10 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/22 16:09:10 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/01/22 16:09:10 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/22 16:08:55 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/01/22 16:08:55 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/22 14:39:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/01/21 17:49:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/21 17:49:47 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/19 11:25:57 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGianciro.job
[2013/01/17 19:46:52 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 15:12:58 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/09 12:21:51 | 000,439,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/01 11:31:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/01/22 17:36:31 | 008,648,537 | ---- | C] () -- C:\Users\Gianciro\Desktop\CatGiulietta_ITAINT.pdf
[2013/01/17 19:41:40 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2013/01/16 14:48:41 | 000,000,906 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/09/02 19:28:30 | 000,172,737 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012/09/02 19:28:30 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2012/03/08 10:25:55 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/03/03 23:39:56 | 000,000,772 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/03 15:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Gianciro\AppData\Roaming\wklnhst.dat
[2012/01/24 19:08:36 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012/01/24 16:52:56 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012/01/24 09:41:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/01/14 21:36:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

www.MegaLab.it

Apertura pagine pubblicitarie indesiderate

Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Re: Apertura pagine pubblicitarie indesiderate

Chi c’è in linea